[PATCH] D59637: [analyzer] Use the custom propagation rules and sinks in GenericTaintChecker
Borsik Gábor via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Sun Sep 8 13:04:38 PDT 2019
boga95 closed this revision.
boga95 marked 10 inline comments as done.
boga95 added a comment.
Closed by 080ecafdd8b3e990e5ad19202d089c91c9c9b164 <https://reviews.llvm.org/rG080ecafdd8b3e990e5ad19202d089c91c9c9b164>.
================
Comment at: lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp:251
+const llvm::StringLiteral GenericTaintChecker::MsgCustomSink =
+ "Untrusted data is passed to a user defined sink";
+;
----------------
NoQ wrote:
> It should be "user-defined" because it's a single adjective.
>
> I recommend against using the word "sink" in user-facing messages because it's too jargony. Do we have a better word for this?
Currently, I don't have any better idea. I will think about it.
================
Comment at: lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp:118
/// Check for CWE-134: Uncontrolled Format String.
- static const char MsgUncontrolledFormatString[];
+ static constexpr llvm::StringLiteral MsgUncontrolledFormatString =
+ "Untrusted data is used as a format string "
----------------
steakhal wrote:
> Shouldn't we still need an out-of-class initializer part for each static constexpr class member variable?
> These would provide the memory locations for the declarations.
> ```
> constexpr llvm::StringLiteral GenericTaintChecker::MsgUncontrolledFormatString;
> constexpr llvm::StringLiteral GenericTaintChecker::MsgSanitizeSystemArgs;
> constexpr llvm::StringLiteral GenericTaintChecker::MsgTaintedBufferSize;
> constexpr llvm::StringLiteral GenericTaintChecker::MsgCustomSink;
> ```
Constexpr values cannot be initialized out of the class, that's why I moved them to here.
================
Comment at: lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp:191
static TaintPropagationRule
- getTaintPropagationRule(const FunctionDecl *FDecl, StringRef Name,
+ getTaintPropagationRule(const GenericTaintChecker *Checker,
+ const FunctionDecl *FDecl, StringRef Name,
----------------
steakhal wrote:
> Szelethus wrote:
> > How about only passing `CustomPropagations`?
> I would even consider to move this function out of the whole class. (Not only this function, but the others as well. Like isStdin, etc.)
> I think pure, free-functions (in an anonymous namespace) are easier to reason about.
I could do that in a separate patch if necessary.
================
Comment at: lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp:605
// Mark the given argument.
- assert(ArgNum < CE->getNumArgs());
State = State->add<TaintArgsOnPostVisit>(ArgNum);
----------------
Szelethus wrote:
> I get that there isn't much substance to this assert, but why remove it? We might as well populate the lines in between that and the branch.
I think there is no need for this. Maybe I can make the ArgNum const.
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D59637/new/
https://reviews.llvm.org/D59637
More information about the cfe-commits
mailing list