[clang] [analyzer] Fix taint sink rules for exec-like functions (PR #66358)
via cfe-commits
cfe-commits at lists.llvm.org
Thu Sep 21 07:12:38 PDT 2023
https://github.com/DonatNagyE approved this pull request.
Hmm, let's just merge this.
My only concern was that I felt that running a tainted executable is significantly more problematic than passing tainted command-line arguments to a trusted executable, but you're right that even a tainted command-line argument is still as risky as other things that we handle as taint sinks.
https://github.com/llvm/llvm-project/pull/66358
More information about the cfe-commits
mailing list