[PATCH] D71524: [analyzer] Support tainted objects in GenericTaintChecker
Balázs Benics via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Thu Sep 24 01:29:26 PDT 2020
steakhal added a comment.
In D71524#2284386 <https://reviews.llvm.org/D71524#2284386>, @Szelethus wrote:
> I figured you're still working on this, sorry! I'd really like to chat about my earlier comment D71524#1917251 <https://reviews.llvm.org/D71524#1917251>, as it kind of challenges the high level idea.
What about marking the `std::cin` object itself as tainted and any object created by `ifstream::ifstream(const char*)` or similar functions.
Then propagate taint via the extraction operator (`operator>>`) only if the stream was tainted.
This way we could reduce the false-positives of this crude heuristic. What do you think?
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D71524/new/
https://reviews.llvm.org/D71524
More information about the cfe-commits
mailing list