[PATCH] D91000: [clang-tidy] Add cert-msc24-c checker.
Fütő Gergely via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Sun Jan 9 09:56:21 PST 2022
futogergely added a comment.
In D91000#3225369 <https://reviews.llvm.org/D91000#3225369>, @balazske wrote:
> The functions `asctime` and `asctime_r` are discouraged according to CERT MSC33-C rule. These could be added to this check as well. There is a clang SA checker `SecuritySyntaxChecker` that contains other obsolete functions (and the whole check looks like it can be done in clang-tidy).
The inclusion of CERT MSC33-C rule seems to be straightforward: check for asctime and asctime_r, and suggest asctime_s if Annex K is available, otherwise suggest strftime.
security.insecureAPI: the following functions could be added to the checker: bcmp, bcopy, bzero, getpw, mktemp, vfork, and if arc4random is available: drand48, erand48, jrand48, lcong48, lrand48, mrand48, nrand48, random, rand_r.
I think for now it is enough to issue a warning of using these functions, and not suggest a replacement. Should we add an option to the checker to also check for these functions?
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D91000/new/
https://reviews.llvm.org/D91000
More information about the cfe-commits
mailing list