This is an archive of the discontinued LLVM Phabricator instance.

Remove clang-tidy-vs plugin from clang-tools-extra
ClosedPublic

Authored by arphaman on Aug 27 2019, 10:51 AM.

Details

Summary

The clang-tidy-vs visual studio plugin in clang-tools-extra contains a
security vulnerability in the YamlDotNet package [1]. I posted to cfe-dev [2],
asking if there was anyone who was interested in updating the the plugin
to address the vulnerability. Reid mentioned that Zach (the original committer),
said that there's another plugin (Clang Power Tools) that provides clang-tidy support,
with additional extra features, so it would be ok to remove clang-tidy-vs.

This patch removes the plugin to address the security vulnerability, and adds
a section to the release notes that mentions that the plugin was removed, and
suggests to use Clang Power Tools.

[1]: https://nvd.nist.gov/vuln/detail/CVE-2018-1000210
[2]: http://lists.llvm.org/pipermail/cfe-dev/2019-August/063196.html

Diff Detail

Event Timeline

arphaman created this revision.Aug 27 2019, 10:51 AM
Herald added a project: Restricted Project. · View Herald TranscriptAug 27 2019, 10:51 AM
rnk accepted this revision.Aug 27 2019, 10:55 AM

lgtm

This revision is now accepted and ready to land.Aug 27 2019, 10:55 AM
This revision was automatically updated to reflect the committed changes.
Herald added a project: Restricted Project. · View Herald TranscriptAug 27 2019, 11:44 AM
clang-tools-extra/clang-tidy-vs/ClangTidy/source.extension.vsixmanifest