[PATCH] D59055: [analyzer] Prepare generic taint checker for new sources
Borsik Gábor via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Wed Mar 6 14:47:32 PST 2019
boga95 created this revision.
boga95 added reviewers: gerazo, xazax.hun, Szelethus, a_sidorin, dcoughlin, george.karpenkov, NoQ.
boga95 added a project: clang.
Herald added subscribers: cfe-commits, Charusso, dkrupp, donat.nagy, mikhail.ramalho, a.sidorin, rnkovacs, szepet, baloghadamsoftware, whisperity.
Previously the taint propagation rules and the taint sources were checked in different steps.
Taint propagation goes in two steps: addSourcesPre marked the tainted arguments and the return value, then the propagateFromPre set the tainted flag. After that addSourcesPost set the tainted flag for the source function's(scanf, socket, e.g) arguments or return value.
There is no reason why it should be that way. A source function can be interpreted as a propagation rule when no srcArg is defined.
I modified the TaintPropagationRule to support source functions and merged them with the propagation rules.
Repository:
rC Clang
https://reviews.llvm.org/D59055
Files:
lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D59055.189596.patch
Type: text/x-patch
Size: 12791 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20190306/4295e70e/attachment-0001.bin>
More information about the cfe-commits
mailing list