[PATCH] D144269: [Analyzer] Show "taint originated here" note of alpha.security.taint.TaintPropagation checker at the correct place
Balázs Benics via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Mon Feb 27 03:09:15 PST 2023
steakhal added a comment.
If we worry about having taint-related reports without a Note message explaining where the taint was introduced, we could just assert that in a `BugReportVisitor` at the `finalizeVisitor()` callback. I think such an assertion would make a lot of sense.
To achieve this, we could take the `R.getNotes()` and check if any of them refers to a specific one produced by the `NoteTag` callback for taint sources, let's say `TaintSourceTag` for that `PathDiagnosticNotePiece`.
void MyVisitor::finalizeVisitor(BugReporterContext &, const ExplodedNode *, PathSensitiveBugReport &R) {
assert(llvm::any_of(R.getNotes(),
[](const auto &Piece) { return Piece->getTag() == TaintSourceTag; }) &&
"Each taint report should have at least one taint-source");
}
With this assertion, we would gain confidence that the taint reports are complete, or at least they all have at least one taint source.
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D144269/new/
https://reviews.llvm.org/D144269
More information about the cfe-commits
mailing list