[clang] [clang][analyzer] Add checker 'security.SetgidSetuidOrder' (PR #91445)
Balazs Benics via cfe-commits
cfe-commits at lists.llvm.org
Tue May 14 03:28:37 PDT 2024
=?utf-8?q?Balázs_Kéri?= <balazs.keri at ericsson.com>,
=?utf-8?q?Balázs_Kéri?= <balazs.keri at ericsson.com>,
=?utf-8?q?Balázs_Kéri?= <balazs.keri at ericsson.com>,
=?utf-8?q?Balázs_Kéri?= <balazs.keri at ericsson.com>,
=?utf-8?q?Balázs_Kéri?= <balazs.keri at ericsson.com>
Message-ID:
In-Reply-To: <llvm.org/llvm/llvm-project/pull/91445 at github.com>
================
@@ -30,23 +30,20 @@ enum SetPrivilegeFunctionKind { Irrelevant, Setuid, Setgid };
class SetgidSetuidOrderChecker
: public Checker<check::PostCall, check::DeadSymbols, eval::Assume> {
- const BugType BT_WrongRevocationOrder{
- this, "Possible wrong order of privilege revocation"};
+ const BugType BT{this, "Possible wrong order of privilege revocation"};
const CallDescription SetuidDesc{CDM::CLibrary, {"setuid"}, 1};
const CallDescription SetgidDesc{CDM::CLibrary, {"setgid"}, 1};
const CallDescription GetuidDesc{CDM::CLibrary, {"getuid"}, 0};
const CallDescription GetgidDesc{CDM::CLibrary, {"getgid"}, 0};
- CallDescriptionSet OtherSetPrivilegeDesc{
+ CallDescriptionSet const OtherSetPrivilegeDesc{
----------------
steakhal wrote:
I think in LLVM we usually use west-const.
```suggestion
const CallDescriptionSet OtherSetPrivilegeDesc{
```
https://github.com/llvm/llvm-project/pull/91445
More information about the cfe-commits
mailing list