Index: clang-tidy/android/AndroidTidyModule.cpp =================================================================== --- clang-tidy/android/AndroidTidyModule.cpp +++ clang-tidy/android/AndroidTidyModule.cpp @@ -10,7 +10,7 @@ #include "../ClangTidy.h" #include "../ClangTidyModule.h" #include "../ClangTidyModuleRegistry.h" -#include "FileOpenFlagCheck.h" +#include "CloexecOpenCheck.h" using namespace clang::ast_matchers; @@ -22,7 +22,7 @@ class AndroidModule : public ClangTidyModule { public: void addCheckFactories(ClangTidyCheckFactories &CheckFactories) override { - CheckFactories.registerCheck("android-file-open-flag"); + CheckFactories.registerCheck("android-cloexec-open"); } }; Index: clang-tidy/android/CMakeLists.txt =================================================================== --- clang-tidy/android/CMakeLists.txt +++ clang-tidy/android/CMakeLists.txt @@ -2,7 +2,7 @@ add_clang_library(clangTidyAndroidModule AndroidTidyModule.cpp - FileOpenFlagCheck.cpp + CloexecOpenCheck.cpp LINK_LIBS clangAST Index: clang-tidy/android/CloexecOpenCheck.h =================================================================== --- clang-tidy/android/CloexecOpenCheck.h +++ clang-tidy/android/CloexecOpenCheck.h @@ -1,4 +1,4 @@ -//===--- FileOpenFlagCheck.h - clang-tidy----------------------------------===// +//===--- CloexecOpenCheck.h - clang-tidy-----------------------------------===// // // The LLVM Compiler Infrastructure // @@ -7,8 +7,8 @@ // //===----------------------------------------------------------------------===// -#ifndef LLVM_CLANG_TOOLS_EXTRA_CLANG_TIDY_ANDROID_FILE_OPEN_FLAG_H -#define LLVM_CLANG_TOOLS_EXTRA_CLANG_TIDY_ANDROID_FILE_OPEN_FLAG_H +#ifndef LLVM_CLANG_TOOLS_EXTRA_CLANG_TIDY_ANDROID_CLOEXEC_OPEN_H +#define LLVM_CLANG_TOOLS_EXTRA_CLANG_TIDY_ANDROID_CLOEXEC_OPEN_H #include "../ClangTidy.h" @@ -25,9 +25,9 @@ /// /// Only the symbolic 'O_CLOEXEC' macro definition is checked, not the concrete /// value. -class FileOpenFlagCheck : public ClangTidyCheck { +class CloexecOpenCheck : public ClangTidyCheck { public: - FileOpenFlagCheck(StringRef Name, ClangTidyContext *Context) + CloexecOpenCheck(StringRef Name, ClangTidyContext *Context) : ClangTidyCheck(Name, Context) {} void registerMatchers(ast_matchers::MatchFinder *Finder) override; void check(const ast_matchers::MatchFinder::MatchResult &Result) override; @@ -37,4 +37,4 @@ } // namespace tidy } // namespace clang -#endif // LLVM_CLANG_TOOLS_EXTRA_CLANG_TIDY_ANDROID_FILE_OPEN_FLAG_H +#endif // LLVM_CLANG_TOOLS_EXTRA_CLANG_TIDY_ANDROID_CLOEXEC_OPEN_H Index: clang-tidy/android/CloexecOpenCheck.cpp =================================================================== --- clang-tidy/android/CloexecOpenCheck.cpp +++ clang-tidy/android/CloexecOpenCheck.cpp @@ -1,4 +1,4 @@ -//===--- FileOpenFlagCheck.cpp - clang-tidy--------------------------------===// +//===--- CloexecOpenCheck.cpp - clang-tidy---------------------------------===// // // The LLVM Compiler Infrastructure // @@ -7,7 +7,7 @@ // //===----------------------------------------------------------------------===// -#include "FileOpenFlagCheck.h" +#include "CloexecOpenCheck.h" #include "clang/AST/ASTContext.h" #include "clang/ASTMatchers/ASTMatchFinder.h" #include "clang/Lex/Lexer.h" @@ -47,7 +47,7 @@ } } // namespace -void FileOpenFlagCheck::registerMatchers(MatchFinder *Finder) { +void CloexecOpenCheck::registerMatchers(MatchFinder *Finder) { auto CharPointerType = hasType(pointerType(pointee(isAnyCharacter()))); Finder->addMatcher( @@ -69,7 +69,7 @@ this); } -void FileOpenFlagCheck::check(const MatchFinder::MatchResult &Result) { +void CloexecOpenCheck::check(const MatchFinder::MatchResult &Result) { const Expr *FlagArg = nullptr; if (const auto *OpenFnCall = Result.Nodes.getNodeAs("openFn")) FlagArg = OpenFnCall->getArg(1); Index: docs/ReleaseNotes.rst =================================================================== --- docs/ReleaseNotes.rst +++ docs/ReleaseNotes.rst @@ -57,8 +57,8 @@ Improvements to clang-tidy -------------------------- -- New `android-file-open-flag - `_ check +- New `android-cloexec-open + `_ check Checks if the required file flag ``O_CLOEXEC`` exists in ``open()``, ``open64()`` and ``openat()``. Index: docs/clang-tidy/checks/android-cloexec-open.rst =================================================================== --- docs/clang-tidy/checks/android-cloexec-open.rst +++ docs/clang-tidy/checks/android-cloexec-open.rst @@ -1,7 +1,7 @@ -.. title:: clang-tidy - android-file-open-flag +.. title:: clang-tidy - android-cloexec-open -android-file-open-flag -====================== +android-cloexec-open +==================== A common source of security bugs is code that opens a file without using the ``O_CLOEXEC`` flag. Without that flag, an opened sensitive file would remain Index: test/clang-tidy/android-cloexec-open.cpp =================================================================== --- test/clang-tidy/android-cloexec-open.cpp +++ test/clang-tidy/android-cloexec-open.cpp @@ -1,4 +1,4 @@ -// RUN: %check_clang_tidy %s android-file-open-flag %t +// RUN: %check_clang_tidy %s android-cloexec-open %t #define O_RDWR 1 #define O_EXCL 2 @@ -18,7 +18,7 @@ void a() { open("filename", O_RDWR); - // CHECK-MESSAGES: :[[@LINE-1]]:26: warning: 'open' should use O_CLOEXEC where possible [android-file-open-flag] + // CHECK-MESSAGES: :[[@LINE-1]]:26: warning: 'open' should use O_CLOEXEC where possible [android-cloexec-open] // CHECK-FIXES: O_RDWR | O_CLOEXEC TEMP_FAILURE_RETRY(open("filename", O_RDWR)); // CHECK-MESSAGES: :[[@LINE-1]]:45: warning: 'open' should use O_CLOEXEC where @@ -33,7 +33,7 @@ void b() { open64("filename", O_RDWR); - // CHECK-MESSAGES: :[[@LINE-1]]:28: warning: 'open64' should use O_CLOEXEC where possible [android-file-open-flag] + // CHECK-MESSAGES: :[[@LINE-1]]:28: warning: 'open64' should use O_CLOEXEC where possible [android-cloexec-open] // CHECK-FIXES: O_RDWR | O_CLOEXEC TEMP_FAILURE_RETRY(open64("filename", O_RDWR)); // CHECK-MESSAGES: :[[@LINE-1]]:47: warning: 'open64' should use O_CLOEXEC where @@ -48,7 +48,7 @@ void c() { openat(0, "filename", O_RDWR); - // CHECK-MESSAGES: :[[@LINE-1]]:31: warning: 'openat' should use O_CLOEXEC where possible [android-file-open-flag] + // CHECK-MESSAGES: :[[@LINE-1]]:31: warning: 'openat' should use O_CLOEXEC where possible [android-cloexec-open] // CHECK-FIXES: O_RDWR | O_CLOEXEC TEMP_FAILURE_RETRY(openat(0, "filename", O_RDWR)); // CHECK-MESSAGES: :[[@LINE-1]]:50: warning: 'openat' should use O_CLOEXEC where @@ -63,19 +63,19 @@ void f() { open("filename", 3); - // CHECK-MESSAGES: :[[@LINE-1]]:21: warning: 'open' should use O_CLOEXEC where possible [android-file-open-flag] + // CHECK-MESSAGES: :[[@LINE-1]]:21: warning: 'open' should use O_CLOEXEC where possible [android-cloexec-open] // CHECK-FIXES: 3 | O_CLOEXEC TEMP_FAILURE_RETRY(open("filename", 3)); // CHECK-MESSAGES: :[[@LINE-1]]:40: warning: 'open' should use O_CLOEXEC where // CHECK-FIXES: 3 | O_CLOEXEC open64("filename", 3); - // CHECK-MESSAGES: :[[@LINE-1]]:23: warning: 'open64' should use O_CLOEXEC where possible [android-file-open-flag] + // CHECK-MESSAGES: :[[@LINE-1]]:23: warning: 'open64' should use O_CLOEXEC where possible [android-cloexec-open] // CHECK-FIXES: 3 | O_CLOEXEC TEMP_FAILURE_RETRY(open64("filename", 3)); // CHECK-MESSAGES: :[[@LINE-1]]:42: warning: 'open64' should use O_CLOEXEC where // CHECK-FIXES: 3 | O_CLOEXEC openat(0, "filename", 3); - // CHECK-MESSAGES: :[[@LINE-1]]:26: warning: 'openat' should use O_CLOEXEC where possible [android-file-open-flag] + // CHECK-MESSAGES: :[[@LINE-1]]:26: warning: 'openat' should use O_CLOEXEC where possible [android-cloexec-open] // CHECK-FIXES: 3 | O_CLOEXEC TEMP_FAILURE_RETRY(openat(0, "filename", 3)); // CHECK-MESSAGES: :[[@LINE-1]]:45: warning: 'openat' should use O_CLOEXEC where