[PATCH] D17447: Add check for CERT ENV33-C

Aaron Ballman via cfe-commits cfe-commits at lists.llvm.org
Fri Feb 19 08:18:28 PST 2016


aaron.ballman added inline comments.

================
Comment at: clang-tidy/cert/CommandProcessorCheck.cpp:22
@@ +21,3 @@
+  Finder->addMatcher(
+      callExpr(callee(functionDecl(anyOf(hasName("system"), hasName("popen"),
+                                         hasName("_popen")))
----------------
sbenza wrote:
> Should we check that it is calling ::system and not any function called system?
Hmm, that's not a bad idea. Same for `popen` and `_popen()`.

================
Comment at: clang-tidy/cert/CommandProcessorCheck.h:19
@@ +18,3 @@
+
+/// Execution of a command processor is can lead to security vulnerabilities,
+/// and is generally not required. Instead, prefer to launch executables
----------------
sbenza wrote:
> typo: is can
Good catch.


http://reviews.llvm.org/D17447





More information about the cfe-commits mailing list