[PATCH] D59637: [analyzer] Use the custom propagation rules and sinks in GenericTaintChecker

Kristóf Umann via Phabricator via cfe-commits cfe-commits at lists.llvm.org
Wed Jul 31 01:24:00 PDT 2019

Szelethus added a comment.

In general, don't emit to stderr unless we either emit a warning/error about the incorrect configuration. As an experiment, what happens when you try to emit an error in the middle of the symbolic execution? You can retrieve a `DiagnosticsEngine` from any decl: `D->getASTContext().getDiagnostics()` (it's funny how you can retrieve almost all major manager objects if you try hard enough).

Comment at: clang/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp:136
+  /// Check if tainted data is used as a custom sink's parameter.
+  static const char MsgCustomSink[];
+  bool checkCustomSinks(const CallExpr *CE, StringRef Name,
How about `llvm::StringLiteral`?

Comment at: clang/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp:836
+                                           CheckerContext &C) const {
+  auto It = CustomSinks.find(Name);
+  if (It == CustomSinks.end())
Hmmm, how do we do with qualified names (`MyClass::generateTaint()`, `std::cin >>`)?



More information about the cfe-commits mailing list