[cfe-commits] r128679 - in /cfe/trunk: lib/StaticAnalyzer/Checkers/CheckSecuritySyntaxOnly.cpp test/Analysis/security-synta
kremenek at apple.com
Fri Apr 8 16:27:25 PDT 2011
On Apr 6, 2011, at 9:06 PM, Lenny Maiorani wrote:
> Pax Team,
> In the case of strcpy() and strcat() (probably sprintf() too)... This check is not meant to be the be all, end all. This is part of the Security checker, specifically looking for security items which could be improved upon. The actual validation of the inputs to this function are checked in the CString checker. I am assuming that if the user has enabled the Security checker then the user is specifically desiring this kind of output.
I think you make a valid argument, but the reality is that the Security checker will only be useful if people actually use it. If it is too aggressive, then even security conscious people will never turn it on.
Should we perhaps forgo trying to put all this naive checks in CheckSecuritySyntaxOnly, and instead focus on trying to do the real validation? It seems to me for folks who want to outright ban the use of a certain function (which is at the level of what CheckSecuritySyntax only is doing) then perhaps we should add compiler support for banning family of functions from the command line.
More information about the cfe-commits