[PATCH] D144269: [Analyzer] Show "taint originated here" note of alpha.security.taint.TaintPropagation checker at the correct place
Daniel Krupp via Phabricator via cfe-commits
cfe-commits at lists.llvm.org
Wed Apr 5 06:27:51 PDT 2023
dkrupp updated this revision to Diff 511078.
dkrupp marked 21 inline comments as done.
dkrupp added a comment.
@steakhal thanks for your review. I tried to address all your concerns.
I added an extra test case too (multipleTaintSources(..)) which highlights the limitation of the current patch: If multiple tainted "variables" reach a sink, we only generate diagnostics for one of them. The main reason is that the isTainted() function returns a single tainted Symbolref instead of a vector of Symbolrefs if there are multiple instances.
I highlighted this in the test and the implementation.
I think this could be still an acceptable limitation for now, because as the user sanitizes one of the tainted variables, he will get a new diagnostics for the remaining one(s).
So I suggest to address this limitation in follow-up patche(s).
The implementation as is already greatly improves the understandability of the reports.
CHANGES SINCE LAST ACTION
https://reviews.llvm.org/D144269/new/
https://reviews.llvm.org/D144269
Files:
clang/include/clang/StaticAnalyzer/Checkers/Taint.h
clang/include/clang/StaticAnalyzer/Core/BugReporter/CommonBugCategories.h
clang/lib/StaticAnalyzer/Checkers/ArrayBoundCheckerV2.cpp
clang/lib/StaticAnalyzer/Checkers/DivZeroChecker.cpp
clang/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp
clang/lib/StaticAnalyzer/Checkers/Taint.cpp
clang/lib/StaticAnalyzer/Checkers/VLASizeChecker.cpp
clang/lib/StaticAnalyzer/Core/CommonBugCategories.cpp
clang/test/Analysis/taint-diagnostic-visitor.c
clang/test/Analysis/taint-tester.c
-------------- next part --------------
A non-text attachment was scrubbed...
Name: D144269.511078.patch
Type: text/x-patch
Size: 34864 bytes
Desc: not available
URL: <http://lists.llvm.org/pipermail/cfe-commits/attachments/20230405/60fb7b1d/attachment-0001.bin>
More information about the cfe-commits
mailing list