[PATCH] D35068: Detect usages of unsafe I/O functions
Roman Lebedev via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Thu Jul 6 10:10:45 PDT 2017
lebedev.ri added a comment.
This does not do anything more than traversing the AST, shouldn't this be a clang-tidy check?
Also, i suspect CERT-MSC24-C <https://www.securecoding.cert.org/confluence/display/c/MSC24-C.+Do+not+use+deprecated+or+obsolescent+functions> might be relevant
================
Comment at: lib/StaticAnalyzer/Checkers/CheckSecuritySyntaxOnly.cpp:607
+ << Name << "'";
+ out2 << "Using '" << Name << "' is depracated as it does not "
+ "provide bounding of the memory buffer or security "
----------------
depr*e*cated
https://reviews.llvm.org/D35068
More information about the cfe-commits
mailing list