[PATCH] D59555: [analyzer] Add yaml parser to GenericTaintChecker

Borsik Gábor via Phabricator via cfe-commits cfe-commits at lists.llvm.org
Tue Mar 19 12:29:49 PDT 2019


boga95 created this revision.
boga95 added reviewers: Szelethus, xazax.hun, dkrupp, NoQ.
Herald added subscribers: cfe-commits, Charusso, donat.nagy, mikhail.ramalho, a.sidorin, rnkovacs, szepet, baloghadamsoftware, whisperity.
Herald added a project: clang.

Parse the yaml configuration file and store it in static variables. The user can define taint propagation rules, custom sink, and filter functions. E.g:

  # A list of source/propagation function
  Propagations:
    # int x = mySource1(); // x is tainted
    - Name:     mySource1
      DstArgs:  [4294967294] # Index for return value
  
    # int x;
    # mySource2(&x); // x is tainted
    - Name:     mySource2
      DstArgs:  [0]
  
    # int x, y;
    # myScanf("%d %d", &x, &y); // x and y are tainted
    - Name:     myScanf
      VarType:  Dst
      VarIndex: 1
  
    # int x; // x is tainted
    # int y;
    # myPropagator(x, &y); // y is tainted
    - Name:     myPropagator
      SrcArgs:  [0]
      DstArgs:  [1]
  
    # const unsigned size = 100;
    # char buf[size];
    # int x, y;
    # int n = mySprintf(buf, size, "%d %d", x, y); // If size, x or y is tainted
    # // the return value and the buf will be tainted
    - Name:     mySnprintf
      SrcArgs:  [1]
      DstArgs:  [0, 4294967294]
      VarType:  Src
      VarIndex: 3
  
  # A list of filter functions
  Filters:
    # int x; // x is tainted
    # myFilter(&x); // x is not tainted anymore
    - Name: myFilter
      Args: [0]
  
  # A list of sink functions
  Sinks:
    # int x, y; // x and y are tainted
    # mySink(x, 0, 1); // It will warn
    # mySink(0, 1, y); // It will warn
    # mySink(0, x, 1); // It won't warn
    - Name: mySink
      Args: [0, 2]


Repository:
  rC Clang

https://reviews.llvm.org/D59555

Files:
  lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp

-------------- next part --------------
A non-text attachment was scrubbed...
Name: D59555.191369.patch
Type: text/x-patch
Size: 10683 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20190319/717a52bb/attachment.bin>


More information about the cfe-commits mailing list