[PATCH] D17447: Add check for CERT ENV33-C
Samuel Benzaquen via cfe-commits
cfe-commits at lists.llvm.org
Fri Feb 19 07:57:20 PST 2016
sbenza added inline comments.
================
Comment at: clang-tidy/cert/CommandProcessorCheck.cpp:22
@@ +21,3 @@
+ Finder->addMatcher(
+ callExpr(callee(functionDecl(anyOf(hasName("system"), hasName("popen"),
+ hasName("_popen")))
----------------
Should we check that it is calling ::system and not any function called system?
================
Comment at: clang-tidy/cert/CommandProcessorCheck.h:19
@@ +18,3 @@
+
+/// Execution of a command processor is can lead to security vulnerabilities,
+/// and is generally not required. Instead, prefer to launch executables
----------------
typo: is can
http://reviews.llvm.org/D17447
More information about the cfe-commits
mailing list