[PATCH] D71728: [analyzer] Add a syntactic security check for ObjC NSCoder API.
Artem Dergachev via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Thu Dec 19 14:30:54 PST 2019
NoQ created this revision.
NoQ added a reviewer: dcoughlin.
Herald added subscribers: cfe-commits, Charusso, dkrupp, donat.nagy, Szelethus, mikhail.ramalho, a.sidorin, szepet, baloghadamsoftware, xazax.hun.
Herald added a project: clang.
Method `-[NSCoder decodeValueOfObjCType:at:]` is not only deprecated but also a security hazard, hence a loud check.
Repository:
rC Clang
https://reviews.llvm.org/D71728
Files:
clang/include/clang/StaticAnalyzer/Checkers/Checkers.td
clang/lib/Driver/ToolChains/Clang.cpp
clang/lib/StaticAnalyzer/Checkers/CheckSecuritySyntaxOnly.cpp
clang/test/Analysis/security-syntax-checks-nscoder.m
clang/www/analyzer/available_checks.html
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D71728.234786.patch
Type: text/x-patch
Size: 7114 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20191219/b8c84348/attachment.bin>
More information about the cfe-commits
mailing list