Page MenuHomePhabricator

[analyzer] CERT STR rule checkers: STR51-CPP
Needs RevisionPublic

Authored by Charusso on May 24 2020, 9:53 PM.

Details

Summary

This patch introduces a new experimental checker:
alpha.security.cert.str.51cpp

This checker is implemented based on the following rule:
https://wiki.sei.cmu.edu/confluence/x/E3s-BQ

It warns on possible std::string construction from a nullptr.

Diff Detail

Event Timeline

Charusso created this revision.May 24 2020, 9:53 PM
Charusso marked an inline comment as done.
Charusso added inline comments.
clang/lib/StaticAnalyzer/Checkers/cert/StrChecker.cpp
749

We do not really try to model the construction and whether the members are nullable (dataflow, fixed-point, ugh!) so that this assumption is needed to relax this checker. It is still somewhat noisy.

clang/include/clang/StaticAnalyzer/Core/PathSensitive/CheckerContext.h
67

I support the idea that MemRegionManager should be directly accessible from CheckerContext but I would create a separate micro-patch for that. With a unit test, of course.

clang/lib/StaticAnalyzer/Checkers/cert/StrChecker.cpp
97

I do not see this function used (even defined) anywhere. Not even EvalCDM which the comment refers to.

749

OK, let us make something clear at the beginning: do we look for constructor arguments that may be null or are null? I would think the latter one is more useful, and then we should not disclose arguments.

baloghadamsoftware requested changes to this revision.Tue, Jun 30, 5:09 AM
This revision now requires changes to proceed.Tue, Jun 30, 5:09 AM