[clang-tools-extra] r285809 - Add a new clang-tidy check for cert-msc50-cpp (and cert-msc30-c) that corresponds to the CERT C++ secure coding rule: https://www.securecoding.cert.org/confluence/display/cplusplus/MSC50-CPP.+Do+not+use+std%3A%3Arand%28%29+for+generating+pseudorandom+numbers

Aaron Ballman via cfe-commits cfe-commits at lists.llvm.org
Wed Nov 2 07:16:36 PDT 2016 

Author: aaronballman
Date: Wed Nov  2 09:16:36 2016
New Revision: 285809

URL: http://llvm.org/viewvc/llvm-project?rev=285809&view=rev
Log:
Add a new clang-tidy check for cert-msc50-cpp (and cert-msc30-c) that corresponds to the CERT C++ secure coding rule: https://www.securecoding.cert.org/confluence/display/cplusplus/MSC50-CPP.+Do+not+use+std%3A%3Arand%28%29+for+generating+pseudorandom+numbers

Patch by Benedek Kiss

Added:
    clang-tools-extra/trunk/clang-tidy/cert/LimitedRandomnessCheck.cpp
    clang-tools-extra/trunk/clang-tidy/cert/LimitedRandomnessCheck.h
    clang-tools-extra/trunk/docs/clang-tidy/checks/cert-msc30-c.rst
    clang-tools-extra/trunk/docs/clang-tidy/checks/cert-msc50-cpp.rst
    clang-tools-extra/trunk/test/clang-tidy/cert-limited-randomness.c
    clang-tools-extra/trunk/test/clang-tidy/cert-limited-randomness.cpp
Modified:
    clang-tools-extra/trunk/clang-tidy/cert/CERTTidyModule.cpp
    clang-tools-extra/trunk/clang-tidy/cert/CMakeLists.txt
    clang-tools-extra/trunk/docs/clang-tidy/checks/list.rst

Modified: clang-tools-extra/trunk/clang-tidy/cert/CERTTidyModule.cpp
URL: http://llvm.org/viewvc/llvm-project/clang-tools-extra/trunk/clang-tidy/cert/CERTTidyModule.cpp?rev=285809&r1=285808&r2=285809&view=diff
==============================================================================
--- clang-tools-extra/trunk/clang-tidy/cert/CERTTidyModule.cpp (original)
+++ clang-tools-extra/trunk/clang-tidy/cert/CERTTidyModule.cpp Wed Nov  2 09:16:36 2016
@@ -18,6 +18,7 @@
 #include "../misc/ThrowByValueCatchByReferenceCheck.h"
 #include "CommandProcessorCheck.h"
 #include "FloatLoopCounter.h"
+#include "LimitedRandomnessCheck.h"
 #include "SetLongJmpCheck.h"
 #include "StaticObjectExceptionCheck.h"
 #include "StrToNumCheck.h"
@@ -53,6 +54,9 @@ public:
         "cert-err60-cpp");
     CheckFactories.registerCheck<misc::ThrowByValueCatchByReferenceCheck>(
         "cert-err61-cpp");
+    // MSC
+    CheckFactories.registerCheck<LimitedRandomnessCheck>(
+        "cert-msc50-cpp");
 
     // C checkers
     // DCL
@@ -70,6 +74,9 @@ public:
     // ERR
     CheckFactories.registerCheck<StrToNumCheck>(
         "cert-err34-c");
+    // MSC
+    CheckFactories.registerCheck<LimitedRandomnessCheck>(
+        "cert-msc30-c");
   }
   ClangTidyOptions getModuleOptions() override {
     ClangTidyOptions Options;

Modified: clang-tools-extra/trunk/clang-tidy/cert/CMakeLists.txt
URL: http://llvm.org/viewvc/llvm-project/clang-tools-extra/trunk/clang-tidy/cert/CMakeLists.txt?rev=285809&r1=285808&r2=285809&view=diff
==============================================================================
--- clang-tools-extra/trunk/clang-tidy/cert/CMakeLists.txt (original)
+++ clang-tools-extra/trunk/clang-tidy/cert/CMakeLists.txt Wed Nov  2 09:16:36 2016
@@ -4,6 +4,7 @@ add_clang_library(clangTidyCERTModule
   CERTTidyModule.cpp
   CommandProcessorCheck.cpp
   FloatLoopCounter.cpp
+  LimitedRandomnessCheck.cpp
   SetLongJmpCheck.cpp
   StaticObjectExceptionCheck.cpp
   StrToNumCheck.cpp

Added: clang-tools-extra/trunk/clang-tidy/cert/LimitedRandomnessCheck.cpp
URL: http://llvm.org/viewvc/llvm-project/clang-tools-extra/trunk/clang-tidy/cert/LimitedRandomnessCheck.cpp?rev=285809&view=auto
==============================================================================
--- clang-tools-extra/trunk/clang-tidy/cert/LimitedRandomnessCheck.cpp (added)
+++ clang-tools-extra/trunk/clang-tidy/cert/LimitedRandomnessCheck.cpp Wed Nov  2 09:16:36 2016
@@ -0,0 +1,40 @@
+//===--- LimitedRandomnessCheck.cpp - clang-tidy---------------------------===//
+//
+//                     The LLVM Compiler Infrastructure
+//
+// This file is distributed under the University of Illinois Open Source
+// License. See LICENSE.TXT for details.
+//
+//===----------------------------------------------------------------------===//
+
+#include "LimitedRandomnessCheck.h"
+#include "clang/AST/ASTContext.h"
+#include "clang/ASTMatchers/ASTMatchFinder.h"
+
+using namespace clang::ast_matchers;
+
+namespace clang {
+namespace tidy {
+namespace cert {
+
+void LimitedRandomnessCheck::registerMatchers(MatchFinder *Finder) {
+  Finder->addMatcher(callExpr(callee(functionDecl(namedDecl(hasName("::rand")),
+                                                  parameterCountIs(0))))
+                         .bind("randomGenerator"),
+                     this);
+}
+
+void LimitedRandomnessCheck::check(const MatchFinder::MatchResult &Result) {
+  std::string msg = "";
+  if (getLangOpts().CPlusPlus)
+    msg = "; use C++11 random library instead";
+
+  const auto *MatchedDecl = Result.Nodes.getNodeAs<CallExpr>("randomGenerator");
+  diag(MatchedDecl->getLocStart(),
+       "rand() has limited randomness" + msg);
+}
+
+} // namespace cert
+} // namespace tidy
+} // namespace clang
+

Added: clang-tools-extra/trunk/clang-tidy/cert/LimitedRandomnessCheck.h
URL: http://llvm.org/viewvc/llvm-project/clang-tools-extra/trunk/clang-tidy/cert/LimitedRandomnessCheck.h?rev=285809&view=auto
==============================================================================
--- clang-tools-extra/trunk/clang-tidy/cert/LimitedRandomnessCheck.h (added)
+++ clang-tools-extra/trunk/clang-tidy/cert/LimitedRandomnessCheck.h Wed Nov  2 09:16:36 2016
@@ -0,0 +1,38 @@
+//===--- LimitedRandomnessCheck.h - clang-tidy-------------------*- C++ -*-===//
+//
+//                     The LLVM Compiler Infrastructure
+//
+// This file is distributed under the University of Illinois Open Source
+// License. See LICENSE.TXT for details.
+//
+//===----------------------------------------------------------------------===//
+
+#ifndef LLVM_CLANG_TOOLS_EXTRA_CLANG_TIDY_CERT_LIMITED_RANDOMNESS_H
+#define LLVM_CLANG_TOOLS_EXTRA_CLANG_TIDY_CERT_LIMITED_RANDOMNESS_H
+
+#include "../ClangTidy.h"
+
+namespace clang {
+namespace tidy {
+namespace cert {
+
+/// Pseudorandom number generators are not genuinely random. The result of the
+/// std::rand() function makes no guarantees as to the quality of the random
+/// sequence produced.
+/// This check warns for the usage of std::rand() function.
+///
+/// For the user-facing documentation see:
+/// http://clang.llvm.org/extra/clang-tidy/checks/cert-msc50-cpp.html
+class LimitedRandomnessCheck : public ClangTidyCheck {
+public:
+  LimitedRandomnessCheck(StringRef Name, ClangTidyContext *Context)
+      : ClangTidyCheck(Name, Context) {}
+  void registerMatchers(ast_matchers::MatchFinder *Finder) override;
+  void check(const ast_matchers::MatchFinder::MatchResult &Result) override;
+};
+
+} // namespace cert
+} // namespace tidy
+} // namespace clang
+
+#endif // LLVM_CLANG_TOOLS_EXTRA_CLANG_TIDY_CERT_LIMITED_RANDOMNESS_H

Added: clang-tools-extra/trunk/docs/clang-tidy/checks/cert-msc30-c.rst
URL: http://llvm.org/viewvc/llvm-project/clang-tools-extra/trunk/docs/clang-tidy/checks/cert-msc30-c.rst?rev=285809&view=auto
==============================================================================
--- clang-tools-extra/trunk/docs/clang-tidy/checks/cert-msc30-c.rst (added)
+++ clang-tools-extra/trunk/docs/clang-tidy/checks/cert-msc30-c.rst Wed Nov  2 09:16:36 2016
@@ -0,0 +1,7 @@
+.. title:: clang-tidy - cert-msc30-c
+
+cert-msc30-c
+============
+
+The cert-msc30-c check is an alias, please see
+`cert-msc50-cpp <cert-msc50-cpp.html>`_ for more information.

Added: clang-tools-extra/trunk/docs/clang-tidy/checks/cert-msc50-cpp.rst
URL: http://llvm.org/viewvc/llvm-project/clang-tools-extra/trunk/docs/clang-tidy/checks/cert-msc50-cpp.rst?rev=285809&view=auto
==============================================================================
--- clang-tools-extra/trunk/docs/clang-tidy/checks/cert-msc50-cpp.rst (added)
+++ clang-tools-extra/trunk/docs/clang-tidy/checks/cert-msc50-cpp.rst Wed Nov  2 09:16:36 2016
@@ -0,0 +1,6 @@
+.. title:: clang-tidy - cert-msc50-cpp
+
+cert-msc50-cpp
+==============
+
+Pseudorandom number generators use mathematical algorithms to produce a sequence of numbers with good statistical properties, but the numbers produced are not genuinely random. The ``std::rand()`` function takes a seed (number), runs a mathematical operation on it and returns the result. By manipulating the seed the result can be predictible. This check warns for the usage of ``std::rand()``.

Modified: clang-tools-extra/trunk/docs/clang-tidy/checks/list.rst
URL: http://llvm.org/viewvc/llvm-project/clang-tools-extra/trunk/docs/clang-tidy/checks/list.rst?rev=285809&r1=285808&r2=285809&view=diff
==============================================================================
--- clang-tools-extra/trunk/docs/clang-tidy/checks/list.rst (original)
+++ clang-tools-extra/trunk/docs/clang-tidy/checks/list.rst Wed Nov  2 09:16:36 2016
@@ -18,6 +18,8 @@ Clang-Tidy Checks
    cert-err61-cpp (redirects to misc-throw-by-value-catch-by-reference) <cert-err61-cpp>
    cert-fio38-c (redirects to misc-non-copyable-objects) <cert-fio38-c>
    cert-flp30-c
+   cert-msc30-c (redirects to cert-limited-randomness) <cert-msc30-c>
+   cert-msc50-cpp
    cert-oop11-cpp (redirects to misc-move-constructor-init) <cert-oop11-cpp>
    cppcoreguidelines-interfaces-global-init
    cppcoreguidelines-pro-bounds-array-to-pointer-decay

Added: clang-tools-extra/trunk/test/clang-tidy/cert-limited-randomness.c
URL: http://llvm.org/viewvc/llvm-project/clang-tools-extra/trunk/test/clang-tidy/cert-limited-randomness.c?rev=285809&view=auto
==============================================================================
--- clang-tools-extra/trunk/test/clang-tidy/cert-limited-randomness.c (added)
+++ clang-tools-extra/trunk/test/clang-tidy/cert-limited-randomness.c Wed Nov  2 09:16:36 2016
@@ -0,0 +1,13 @@
+// RUN: %check_clang_tidy %s cert-msc30-c %t
+
+extern int rand(void);
+int nonrand();
+
+int cTest() {
+  int i = rand();
+  // CHECK-MESSAGES: :[[@LINE-1]]:11: warning: rand() has limited randomness [cert-msc30-c]
+
+  int k = nonrand();
+
+  return 0;
+}

Added: clang-tools-extra/trunk/test/clang-tidy/cert-limited-randomness.cpp
URL: http://llvm.org/viewvc/llvm-project/clang-tools-extra/trunk/test/clang-tidy/cert-limited-randomness.cpp?rev=285809&view=auto
==============================================================================
--- clang-tools-extra/trunk/test/clang-tidy/cert-limited-randomness.cpp (added)
+++ clang-tools-extra/trunk/test/clang-tidy/cert-limited-randomness.cpp Wed Nov  2 09:16:36 2016
@@ -0,0 +1,28 @@
+// RUN: %check_clang_tidy %s cert-msc50-cpp %t
+
+int rand();
+int rand(int);
+
+namespace std {
+using ::rand;
+}
+
+namespace nonstd {
+  int rand();
+}
+
+void testFunction1() {
+  int i = std::rand();
+  // CHECK-MESSAGES: :[[@LINE-1]]:11: warning: rand() has limited randomness; use C++11 random library instead [cert-msc50-cpp]
+
+  int j = ::rand();
+  // CHECK-MESSAGES: :[[@LINE-1]]:11: warning: rand() has limited randomness; use C++11 random library instead [cert-msc50-cpp]
+
+  int k = rand(i);
+
+  int l = nonstd::rand();
+
+  int m = rand();
+  // CHECK-MESSAGES: :[[@LINE-1]]:11: warning: rand() has limited randomness; use C++11 random library instead [cert-msc50-cpp]
+}
+

More information about the cfe-commits mailing list