[clang] f82fb06 - [analyzer] Moving TaintPropagation checker out of alpha (#67352)
via cfe-commits
cfe-commits at lists.llvm.org
Thu Sep 26 05:00:16 PDT 2024
Author: Daniel Krupp
Date: 2024-09-26T14:00:13+02:00
New Revision: f82fb06cd1276bd358315e45cd3f4312b1319314
URL: https://github.com/llvm/llvm-project/commit/f82fb06cd1276bd358315e45cd3f4312b1319314
DIFF: https://github.com/llvm/llvm-project/commit/f82fb06cd1276bd358315e45cd3f4312b1319314.diff
LOG: [analyzer] Moving TaintPropagation checker out of alpha (#67352)
This commit moves the **alpha.security.taint.TaintPropagation** and
**alpha.security.taint.GenericTaint** checkers to the **optin.taint**
optional package.
These checkers were stabilized and improved by recent commits thus
they are ready for production use.
Added:
Modified:
clang/docs/analyzer/checkers.rst
clang/docs/analyzer/user-docs/TaintAnalysisConfiguration.rst
clang/include/clang/StaticAnalyzer/Checkers/Checkers.td
clang/test/Analysis/analyzer-config.c
clang/test/Analysis/assume-controlled-environment.c
clang/test/Analysis/bool-assignment.c
clang/test/Analysis/cxx-method-names.cpp
clang/test/Analysis/debug-exprinspection-istainted.c
clang/test/Analysis/diagnostics/Inputs/expected-sarif/sarif-diagnostics-taint-test.c.sarif
clang/test/Analysis/diagnostics/Inputs/expected-sarif/sarif-multi-diagnostic-test.c.sarif
clang/test/Analysis/diagnostics/sarif-diagnostics-taint-test.c
clang/test/Analysis/diagnostics/sarif-multi-diagnostic-test.c
clang/test/Analysis/fread.c
clang/test/Analysis/global-region-invalidation-errno.c
clang/test/Analysis/global-region-invalidation.c
clang/test/Analysis/malloc.c
clang/test/Analysis/malloc.cpp
clang/test/Analysis/out-of-bounds-diagnostics.c
clang/test/Analysis/out-of-bounds-notes.c
clang/test/Analysis/redefined_system.c
clang/test/Analysis/string.c
clang/test/Analysis/taint-checker-callback-order-has-definition.c
clang/test/Analysis/taint-checker-callback-order-without-definition.c
clang/test/Analysis/taint-diagnostic-visitor.c
clang/test/Analysis/taint-dumps.c
clang/test/Analysis/taint-generic.c
clang/test/Analysis/taint-generic.cpp
clang/test/Analysis/taint-tester.c
clang/test/Analysis/taint-tester.cpp
clang/test/Analysis/taint-tester.m
clang/utils/analyzer/SATestBuild.py
Removed:
################################################################################
diff --git a/clang/docs/analyzer/checkers.rst b/clang/docs/analyzer/checkers.rst
index c124fefc786114..47c6fc680deb1b 100644
--- a/clang/docs/analyzer/checkers.rst
+++ b/clang/docs/analyzer/checkers.rst
@@ -1008,6 +1008,241 @@ optin.portability.UnixAPI
"""""""""""""""""""""""""
Finds implementation-defined behavior in UNIX/Posix functions.
+
+optin.taint
+^^^^^^^^^^^
+
+Checkers implementing
+`taint analysis <https://en.wikipedia.org/wiki/Taint_checking>`_.
+
+.. _optin-taint-GenericTaint:
+
+optin.taint.GenericTaint (C, C++)
+"""""""""""""""""""""""""""""""""
+
+Taint analysis identifies potential security vulnerabilities where the
+attacker can inject malicious data to the program to execute an attack
+(privilege escalation, command injection, SQL injection etc.).
+
+The malicious data is injected at the taint source (e.g. ``getenv()`` call)
+which is then propagated through function calls and being used as arguments of
+sensitive operations, also called as taint sinks (e.g. ``system()`` call).
+
+One can defend against this type of vulnerability by always checking and
+sanitizing the potentially malicious, untrusted user input.
+
+The goal of the checker is to discover and show to the user these potential
+taint source-sink pairs and the propagation call chain.
+
+The most notable examples of taint sources are:
+
+ - data from network
+ - files or standard input
+ - environment variables
+ - data from databases
+
+Let us examine a practical example of a Command Injection attack.
+
+.. code-block:: c
+
+ // Command Injection Vulnerability Example
+ int main(int argc, char** argv) {
+ char cmd[2048] = "/bin/cat ";
+ char filename[1024];
+ printf("Filename:");
+ scanf (" %1023[^\n]", filename); // The attacker can inject a shell escape here
+ strcat(cmd, filename);
+ system(cmd); // Warning: Untrusted data is passed to a system call
+ }
+
+The program prints the content of any user specified file.
+Unfortunately the attacker can execute arbitrary commands
+with shell escapes. For example with the following input the `ls` command is also
+executed after the contents of `/etc/shadow` is printed.
+`Input: /etc/shadow ; ls /`
+
+The analysis implemented in this checker points out this problem.
+
+One can protect against such attack by for example checking if the provided
+input refers to a valid file and removing any invalid user input.
+
+.. code-block:: c
+
+ // No vulnerability anymore, but we still get the warning
+ void sanitizeFileName(char* filename){
+ if (access(filename,F_OK)){// Verifying user input
+ printf("File does not exist\n");
+ filename[0]='\0';
+ }
+ }
+ int main(int argc, char** argv) {
+ char cmd[2048] = "/bin/cat ";
+ char filename[1024];
+ printf("Filename:");
+ scanf (" %1023[^\n]", filename); // The attacker can inject a shell escape here
+ sanitizeFileName(filename);// filename is safe after this point
+ if (!filename[0])
+ return -1;
+ strcat(cmd, filename);
+ system(cmd); // Superfluous Warning: Untrusted data is passed to a system call
+ }
+
+Unfortunately, the checker cannot discover automatically that the programmer
+have performed data sanitation, so it still emits the warning.
+
+One can get rid of this superfluous warning by telling by specifying the
+sanitation functions in the taint configuration file (see
+:doc:`user-docs/TaintAnalysisConfiguration`).
+
+.. code-block:: YAML
+
+ Filters:
+ - Name: sanitizeFileName
+ Args: [0]
+
+The clang invocation to pass the configuration file location:
+
+.. code-block:: bash
+
+ clang --analyze -Xclang -analyzer-config -Xclang optin.taint.TaintPropagation:Config=`pwd`/taint_config.yml ...
+
+If you are validating your inputs instead of sanitizing them, or don't want to
+mention each sanitizing function in our configuration,
+you can use a more generic approach.
+
+Introduce a generic no-op `csa_mark_sanitized(..)` function to
+tell the Clang Static Analyzer
+that the variable is safe to be used on that analysis path.
+
+.. code-block:: c
+
+ // Marking sanitized variables safe.
+ // No vulnerability anymore, no warning.
+
+ // User csa_mark_sanitize function is for the analyzer only
+ #ifdef __clang_analyzer__
+ void csa_mark_sanitized(const void *);
+ #endif
+
+ int main(int argc, char** argv) {
+ char cmd[2048] = "/bin/cat ";
+ char filename[1024];
+ printf("Filename:");
+ scanf (" %1023[^\n]", filename);
+ if (access(filename,F_OK)){// Verifying user input
+ printf("File does not exist\n");
+ return -1;
+ }
+ #ifdef __clang_analyzer__
+ csa_mark_sanitized(filename); // Indicating to CSA that filename variable is safe to be used after this point
+ #endif
+ strcat(cmd, filename);
+ system(cmd); // No warning
+ }
+
+Similarly to the previous example, you need to
+define a `Filter` function in a `YAML` configuration file
+and add the `csa_mark_sanitized` function.
+
+.. code-block:: YAML
+
+ Filters:
+ - Name: csa_mark_sanitized
+ Args: [0]
+
+Then calling `csa_mark_sanitized(X)` will tell the analyzer that `X` is safe to
+be used after this point, because its contents are verified. It is the
+responsibility of the programmer to ensure that this verification was indeed
+correct. Please note that `csa_mark_sanitized` function is only declared and
+used during Clang Static Analysis and skipped in (production) builds.
+
+Further examples of injection vulnerabilities this checker can find.
+
+.. code-block:: c
+
+ void test() {
+ char x = getchar(); // 'x' marked as tainted
+ system(&x); // warn: untrusted data is passed to a system call
+ }
+
+ // note: compiler internally checks if the second param to
+ // sprintf is a string literal or not.
+ // Use -Wno-format-security to suppress compiler warning.
+ void test() {
+ char s[10], buf[10];
+ fscanf(stdin, "%s", s); // 's' marked as tainted
+
+ sprintf(buf, s); // warn: untrusted data used as a format string
+ }
+
+There are built-in sources, propagations and sinks even if no external taint
+configuration is provided.
+
+Default sources:
+ ``_IO_getc``, ``fdopen``, ``fopen``, ``freopen``, ``get_current_dir_name``,
+ ``getch``, ``getchar``, ``getchar_unlocked``, ``getwd``, ``getcwd``,
+ ``getgroups``, ``gethostname``, ``getlogin``, ``getlogin_r``, ``getnameinfo``,
+ ``gets``, ``gets_s``, ``getseuserbyname``, ``readlink``, ``readlinkat``,
+ ``scanf``, ``scanf_s``, ``socket``, ``wgetch``
+
+Default propagations rules:
+ ``atoi``, ``atol``, ``atoll``, ``basename``, ``dirname``, ``fgetc``,
+ ``fgetln``, ``fgets``, ``fnmatch``, ``fread``, ``fscanf``, ``fscanf_s``,
+ ``index``, ``inflate``, ``isalnum``, ``isalpha``, ``isascii``, ``isblank``,
+ ``iscntrl``, ``isdigit``, ``isgraph``, ``islower``, ``isprint``, ``ispunct``,
+ ``isspace``, ``isupper``, ``isxdigit``, ``memchr``, ``memrchr``, ``sscanf``,
+ ``getc``, ``getc_unlocked``, ``getdelim``, ``getline``, ``getw``, ``memcmp``,
+ ``memcpy``, ``memmem``, ``memmove``, ``mbtowc``, ``pread``, ``qsort``,
+ ``qsort_r``, ``rawmemchr``, ``read``, ``recv``, ``recvfrom``, ``rindex``,
+ ``strcasestr``, ``strchr``, ``strchrnul``, ``strcasecmp``, ``strcmp``,
+ ``strcspn``, ``strncasecmp``, ``strncmp``, ``strndup``,
+ ``strndupa``, ``strpbrk``, ``strrchr``, ``strsep``, ``strspn``,
+ ``strstr``, ``strtol``, ``strtoll``, ``strtoul``, ``strtoull``, ``tolower``,
+ ``toupper``, ``ttyname``, ``ttyname_r``, ``wctomb``, ``wcwidth``
+
+Default sinks:
+ ``printf``, ``setproctitle``, ``system``, ``popen``, ``execl``, ``execle``,
+ ``execlp``, ``execv``, ``execvp``, ``execvP``, ``execve``, ``dlopen``
+
+Please note that there are no built-in filter functions.
+
+One can configure their own taint sources, sinks, and propagation rules by
+providing a configuration file via checker option
+``optin.taint.TaintPropagation:Config``. The configuration file is in
+`YAML <http://llvm.org/docs/YamlIO.html#introduction-to-yaml>`_ format. The
+taint-related options defined in the config file extend but do not override the
+built-in sources, rules, sinks. The format of the external taint configuration
+file is not stable, and could change without any notice even in a non-backward
+compatible way.
+
+For a more detailed description of configuration options, please see the
+:doc:`user-docs/TaintAnalysisConfiguration`. For an example see
+:ref:`clangsa-taint-configuration-example`.
+
+**Configuration**
+
+* `Config` Specifies the name of the YAML configuration file. The user can
+ define their own taint sources and sinks.
+
+**Related Guidelines**
+
+* `CWE Data Neutralization Issues
+ <https://cwe.mitre.org/data/definitions/137.html>`_
+* `SEI Cert STR02-C. Sanitize data passed to complex subsystems
+ <https://wiki.sei.cmu.edu/confluence/display/c/STR02-C.+Sanitize+data+passed+to+complex+subsystems>`_
+* `SEI Cert ENV33-C. Do not call system()
+ <https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?pageId=87152177>`_
+* `ENV03-C. Sanitize the environment when invoking external programs
+ <https://wiki.sei.cmu.edu/confluence/display/c/ENV03-C.+Sanitize+the+environment+when+invoking+external+programs>`_
+
+**Limitations**
+
+* The taintedness property is not propagated through function calls which are
+ unknown (or too complex) to the analyzer, unless there is a specific
+ propagation rule built-in to the checker or given in the YAML configuration
+ file. This causes potential true positive findings to be lost.
+
+
.. _optin-taint-TaintedAlloc:
optin.taint.TaintedAlloc (C, C++)
@@ -1026,7 +1261,7 @@ covers the SEI Cert coding standard rule `INT04-C
You can silence this warning either by bound checking the ``size`` parameter, or
by explicitly marking the ``size`` parameter as sanitized. See the
-:ref:`alpha-security-taint-GenericTaint` checker for an example.
+:ref:`optin-taint-GenericTaint` checker for an example.
.. code-block:: c
@@ -2976,7 +3211,7 @@ Warn about buffer overflows (newer checker).
buf[0][-1] = 1; // warn
}
- // note: requires alpha.security.taint check turned on.
+ // note: requires optin.taint check turned on.
void test() {
char s[] = "abc";
int x = getchar();
@@ -3009,239 +3244,6 @@ alpha.security.cert
SEI CERT checkers which tries to find errors based on their `C coding rules <https://wiki.sei.cmu.edu/confluence/display/c/2+Rules>`_.
-alpha.security.taint
-^^^^^^^^^^^^^^^^^^^^
-
-Checkers implementing
-`taint analysis <https://en.wikipedia.org/wiki/Taint_checking>`_.
-
-.. _alpha-security-taint-GenericTaint:
-
-alpha.security.taint.GenericTaint (C, C++)
-""""""""""""""""""""""""""""""""""""""""""
-
-Taint analysis identifies potential security vulnerabilities where the
-attacker can inject malicious data to the program to execute an attack
-(privilege escalation, command injection, SQL injection etc.).
-
-The malicious data is injected at the taint source (e.g. ``getenv()`` call)
-which is then propagated through function calls and being used as arguments of
-sensitive operations, also called as taint sinks (e.g. ``system()`` call).
-
-One can defend against this type of vulnerability by always checking and
-sanitizing the potentially malicious, untrusted user input.
-
-The goal of the checker is to discover and show to the user these potential
-taint source-sink pairs and the propagation call chain.
-
-The most notable examples of taint sources are:
-
- - data from network
- - files or standard input
- - environment variables
- - data from databases
-
-Let us examine a practical example of a Command Injection attack.
-
-.. code-block:: c
-
- // Command Injection Vulnerability Example
- int main(int argc, char** argv) {
- char cmd[2048] = "/bin/cat ";
- char filename[1024];
- printf("Filename:");
- scanf (" %1023[^\n]", filename); // The attacker can inject a shell escape here
- strcat(cmd, filename);
- system(cmd); // Warning: Untrusted data is passed to a system call
- }
-
-The program prints the content of any user specified file.
-Unfortunately the attacker can execute arbitrary commands
-with shell escapes. For example with the following input the `ls` command is also
-executed after the contents of `/etc/shadow` is printed.
-`Input: /etc/shadow ; ls /`
-
-The analysis implemented in this checker points out this problem.
-
-One can protect against such attack by for example checking if the provided
-input refers to a valid file and removing any invalid user input.
-
-.. code-block:: c
-
- // No vulnerability anymore, but we still get the warning
- void sanitizeFileName(char* filename){
- if (access(filename,F_OK)){// Verifying user input
- printf("File does not exist\n");
- filename[0]='\0';
- }
- }
- int main(int argc, char** argv) {
- char cmd[2048] = "/bin/cat ";
- char filename[1024];
- printf("Filename:");
- scanf (" %1023[^\n]", filename); // The attacker can inject a shell escape here
- sanitizeFileName(filename);// filename is safe after this point
- if (!filename[0])
- return -1;
- strcat(cmd, filename);
- system(cmd); // Superfluous Warning: Untrusted data is passed to a system call
- }
-
-Unfortunately, the checker cannot discover automatically that the programmer
-have performed data sanitation, so it still emits the warning.
-
-One can get rid of this superfluous warning by telling by specifying the
-sanitation functions in the taint configuration file (see
-:doc:`user-docs/TaintAnalysisConfiguration`).
-
-.. code-block:: YAML
-
- Filters:
- - Name: sanitizeFileName
- Args: [0]
-
-The clang invocation to pass the configuration file location:
-
-.. code-block:: bash
-
- clang --analyze -Xclang -analyzer-config -Xclang alpha.security.taint.TaintPropagation:Config=`pwd`/taint_config.yml ...
-
-If you are validating your inputs instead of sanitizing them, or don't want to
-mention each sanitizing function in our configuration,
-you can use a more generic approach.
-
-Introduce a generic no-op `csa_mark_sanitized(..)` function to
-tell the Clang Static Analyzer
-that the variable is safe to be used on that analysis path.
-
-.. code-block:: c
-
- // Marking sanitized variables safe.
- // No vulnerability anymore, no warning.
-
- // User csa_mark_sanitize function is for the analyzer only
- #ifdef __clang_analyzer__
- void csa_mark_sanitized(const void *);
- #endif
-
- int main(int argc, char** argv) {
- char cmd[2048] = "/bin/cat ";
- char filename[1024];
- printf("Filename:");
- scanf (" %1023[^\n]", filename);
- if (access(filename,F_OK)){// Verifying user input
- printf("File does not exist\n");
- return -1;
- }
- #ifdef __clang_analyzer__
- csa_mark_sanitized(filename); // Indicating to CSA that filename variable is safe to be used after this point
- #endif
- strcat(cmd, filename);
- system(cmd); // No warning
- }
-
-Similarly to the previous example, you need to
-define a `Filter` function in a `YAML` configuration file
-and add the `csa_mark_sanitized` function.
-
-.. code-block:: YAML
-
- Filters:
- - Name: csa_mark_sanitized
- Args: [0]
-
-Then calling `csa_mark_sanitized(X)` will tell the analyzer that `X` is safe to
-be used after this point, because its contents are verified. It is the
-responsibility of the programmer to ensure that this verification was indeed
-correct. Please note that `csa_mark_sanitized` function is only declared and
-used during Clang Static Analysis and skipped in (production) builds.
-
-Further examples of injection vulnerabilities this checker can find.
-
-.. code-block:: c
-
- void test() {
- char x = getchar(); // 'x' marked as tainted
- system(&x); // warn: untrusted data is passed to a system call
- }
-
- // note: compiler internally checks if the second param to
- // sprintf is a string literal or not.
- // Use -Wno-format-security to suppress compiler warning.
- void test() {
- char s[10], buf[10];
- fscanf(stdin, "%s", s); // 's' marked as tainted
-
- sprintf(buf, s); // warn: untrusted data used as a format string
- }
-
-There are built-in sources, propagations and sinks even if no external taint
-configuration is provided.
-
-Default sources:
- ``_IO_getc``, ``fdopen``, ``fopen``, ``freopen``, ``get_current_dir_name``,
- ``getch``, ``getchar``, ``getchar_unlocked``, ``getwd``, ``getcwd``,
- ``getgroups``, ``gethostname``, ``getlogin``, ``getlogin_r``, ``getnameinfo``,
- ``gets``, ``gets_s``, ``getseuserbyname``, ``readlink``, ``readlinkat``,
- ``scanf``, ``scanf_s``, ``socket``, ``wgetch``
-
-Default propagations rules:
- ``atoi``, ``atol``, ``atoll``, ``basename``, ``dirname``, ``fgetc``,
- ``fgetln``, ``fgets``, ``fnmatch``, ``fread``, ``fscanf``, ``fscanf_s``,
- ``index``, ``inflate``, ``isalnum``, ``isalpha``, ``isascii``, ``isblank``,
- ``iscntrl``, ``isdigit``, ``isgraph``, ``islower``, ``isprint``, ``ispunct``,
- ``isspace``, ``isupper``, ``isxdigit``, ``memchr``, ``memrchr``, ``sscanf``,
- ``getc``, ``getc_unlocked``, ``getdelim``, ``getline``, ``getw``, ``memcmp``,
- ``memcpy``, ``memmem``, ``memmove``, ``mbtowc``, ``pread``, ``qsort``,
- ``qsort_r``, ``rawmemchr``, ``read``, ``recv``, ``recvfrom``, ``rindex``,
- ``strcasestr``, ``strchr``, ``strchrnul``, ``strcasecmp``, ``strcmp``,
- ``strcspn``, ``strncasecmp``, ``strncmp``, ``strndup``,
- ``strndupa``, ``strpbrk``, ``strrchr``, ``strsep``, ``strspn``,
- ``strstr``, ``strtol``, ``strtoll``, ``strtoul``, ``strtoull``, ``tolower``,
- ``toupper``, ``ttyname``, ``ttyname_r``, ``wctomb``, ``wcwidth``
-
-Default sinks:
- ``printf``, ``setproctitle``, ``system``, ``popen``, ``execl``, ``execle``,
- ``execlp``, ``execv``, ``execvp``, ``execvP``, ``execve``, ``dlopen``
-
-Please note that there are no built-in filter functions.
-
-One can configure their own taint sources, sinks, and propagation rules by
-providing a configuration file via checker option
-``alpha.security.taint.TaintPropagation:Config``. The configuration file is in
-`YAML <http://llvm.org/docs/YamlIO.html#introduction-to-yaml>`_ format. The
-taint-related options defined in the config file extend but do not override the
-built-in sources, rules, sinks. The format of the external taint configuration
-file is not stable, and could change without any notice even in a non-backward
-compatible way.
-
-For a more detailed description of configuration options, please see the
-:doc:`user-docs/TaintAnalysisConfiguration`. For an example see
-:ref:`clangsa-taint-configuration-example`.
-
-**Configuration**
-
-* `Config` Specifies the name of the YAML configuration file. The user can
- define their own taint sources and sinks.
-
-**Related Guidelines**
-
-* `CWE Data Neutralization Issues
- <https://cwe.mitre.org/data/definitions/137.html>`_
-* `SEI Cert STR02-C. Sanitize data passed to complex subsystems
- <https://wiki.sei.cmu.edu/confluence/display/c/STR02-C.+Sanitize+data+passed+to+complex+subsystems>`_
-* `SEI Cert ENV33-C. Do not call system()
- <https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?pageId=87152177>`_
-* `ENV03-C. Sanitize the environment when invoking external programs
- <https://wiki.sei.cmu.edu/confluence/display/c/ENV03-C.+Sanitize+the+environment+when+invoking+external+programs>`_
-
-**Limitations**
-
-* The taintedness property is not propagated through function calls which are
- unknown (or too complex) to the analyzer, unless there is a specific
- propagation rule built-in to the checker or given in the YAML configuration
- file. This causes potential true positive findings to be lost.
-
alpha.unix
^^^^^^^^^^
diff --git a/clang/docs/analyzer/user-docs/TaintAnalysisConfiguration.rst b/clang/docs/analyzer/user-docs/TaintAnalysisConfiguration.rst
index 67e71d558f2cef..4849a553cb2ce9 100644
--- a/clang/docs/analyzer/user-docs/TaintAnalysisConfiguration.rst
+++ b/clang/docs/analyzer/user-docs/TaintAnalysisConfiguration.rst
@@ -4,10 +4,10 @@ Taint Analysis Configuration
The Clang Static Analyzer uses taint analysis to detect injection vulnerability related issues in code.
The backbone of taint analysis in the Clang SA is the ``TaintPropagation`` modeling checker.
-The reports are emitted via the :ref:`alpha-security-taint-GenericTaint` checker.
+The reports are emitted via the :ref:`optin-taint-GenericTaint` checker.
The ``TaintPropagation`` checker has a default taint-related configuration.
The built-in default settings are defined in code, and they are always in effect.
-The checker also provides a configuration interface for extending the default settings via the ``alpha.security.taint.TaintPropagation:Config`` checker config parameter
+The checker also provides a configuration interface for extending the default settings via the ``optin.taint.TaintPropagation:Config`` checker config parameter
by providing a configuration file to the in `YAML <http://llvm.org/docs/YamlIO.html#introduction-to-yaml>`_ format.
This documentation describes the syntax of the configuration file and gives the informal semantics of the configuration options.
diff --git a/clang/include/clang/StaticAnalyzer/Checkers/Checkers.td b/clang/include/clang/StaticAnalyzer/Checkers/Checkers.td
index 585246547b3dce..7da0d0a87e8c0c 100644
--- a/clang/include/clang/StaticAnalyzer/Checkers/Checkers.td
+++ b/clang/include/clang/StaticAnalyzer/Checkers/Checkers.td
@@ -74,7 +74,6 @@ def Performance : Package<"performance">, ParentPackage<OptIn>;
def Security : Package <"security">;
def InsecureAPI : Package<"insecureAPI">, ParentPackage<Security>;
def SecurityAlpha : Package<"security">, ParentPackage<Alpha>;
-def Taint : Package<"taint">, ParentPackage<SecurityAlpha>;
def CERT : Package<"cert">, ParentPackage<Security>;
def ENV : Package<"env">, ParentPackage<CERT>;
@@ -1049,30 +1048,6 @@ def ReturnPointerRangeChecker : Checker<"ReturnPtrRange">,
} // end "alpha.security"
-//===----------------------------------------------------------------------===//
-// Taint checkers.
-//===----------------------------------------------------------------------===//
-
-let ParentPackage = Taint in {
-
-def TaintPropagationChecker : Checker<"TaintPropagation">, // Modelling checker
- HelpText<"Generate taint information used by other checkers">,
- CheckerOptions<[
- CmdLineOption<String,
- "Config",
- "Specifies the name of the configuration file.",
- "",
- InAlpha>,
- ]>,
- Documentation<NotDocumented>,
- Hidden;
-
-def GenericTaintChecker : Checker<"GenericTaint">,
- HelpText<"Reports potential injection vulnerabilities">,
- Dependencies<[TaintPropagationChecker]>,
- Documentation<HasDocumentation>;
-
-} // end "alpha.security.taint"
//===----------------------------------------------------------------------===//
// Mac OS X, Cocoa, and Core Foundation checkers.
@@ -1704,6 +1679,24 @@ def UnixAPIPortabilityChecker : Checker<"UnixAPI">,
let ParentPackage = TaintOptIn in {
+def TaintPropagationChecker : Checker<"TaintPropagation">, // Modelling checker
+ HelpText<"Generate taint information used by other checkers">,
+ CheckerOptions<[
+ CmdLineOption<String,
+ "Config",
+ "Specifies the name of the configuration file.",
+ "",
+ Released>
+ ]>,
+ Documentation<NotDocumented>,
+ Hidden;
+
+def GenericTaintChecker : Checker<"GenericTaint">,
+ HelpText<"Reports potential injection vulnerabilities">,
+ Dependencies<[TaintPropagationChecker]>,
+ Documentation<HasDocumentation>;
+
+
def TaintedAllocChecker: Checker<"TaintedAlloc">,
HelpText<"Check for memory allocations, where the size parameter "
"might be a tainted (attacker controlled) value.">,
diff --git a/clang/test/Analysis/analyzer-config.c b/clang/test/Analysis/analyzer-config.c
index 8eb869bac46f8f..47594e8317bc79 100644
--- a/clang/test/Analysis/analyzer-config.c
+++ b/clang/test/Analysis/analyzer-config.c
@@ -9,7 +9,6 @@
// CHECK-NEXT: alpha.clone.CloneChecker:ReportNormalClones = true
// CHECK-NEXT: alpha.cplusplus.STLAlgorithmModeling:AggressiveStdFindModeling = false
// CHECK-NEXT: alpha.osx.cocoa.DirectIvarAssignment:AnnotatedFunctions = false
-// CHECK-NEXT: alpha.security.taint.TaintPropagation:Config = ""
// CHECK-NEXT: apply-fixits = false
// CHECK-NEXT: assume-controlled-environment = false
// CHECK-NEXT: avoid-suppressing-null-argument-paths = false
@@ -111,6 +110,7 @@
// CHECK-NEXT: optin.cplusplus.VirtualCall:ShowFixIts = false
// CHECK-NEXT: optin.osx.cocoa.localizability.NonLocalizedStringChecker:AggressiveReport = false
// CHECK-NEXT: optin.performance.Padding:AllowedPad = 24
+// CHECK-NEXT: optin.taint.TaintPropagation:Config = ""
// CHECK-NEXT: osx.NumberObjectConversion:Pedantic = false
// CHECK-NEXT: osx.cocoa.RetainCount:TrackNSCFStartParam = false
// CHECK-NEXT: prune-paths = true
diff --git a/clang/test/Analysis/assume-controlled-environment.c b/clang/test/Analysis/assume-controlled-environment.c
index fce1a1e7bae330..4f663502f8657b 100644
--- a/clang/test/Analysis/assume-controlled-environment.c
+++ b/clang/test/Analysis/assume-controlled-environment.c
@@ -1,12 +1,12 @@
// RUN: %clang_analyze_cc1 -verify=untrusted-env %s \
// RUN: -analyzer-checker=core \
-// RUN: -analyzer-checker=alpha.security.taint \
+// RUN: -analyzer-checker=optin.taint \
// RUN: -analyzer-checker=debug.TaintTest
// RUN: %clang_analyze_cc1 -verify %s -DEXPECT_NO_WARNINGS \
// RUN: -analyzer-config assume-controlled-environment=true \
// RUN: -analyzer-checker=core \
-// RUN: -analyzer-checker=alpha.security.taint \
+// RUN: -analyzer-checker=optin.taint \
// RUN: -analyzer-checker=debug.TaintTest
diff --git a/clang/test/Analysis/bool-assignment.c b/clang/test/Analysis/bool-assignment.c
index c32bc8f9e8b14f..3a104cf627ffa0 100644
--- a/clang/test/Analysis/bool-assignment.c
+++ b/clang/test/Analysis/bool-assignment.c
@@ -1,5 +1,5 @@
-// RUN: %clang_analyze_cc1 -analyzer-checker=core,alpha.core.BoolAssignment,alpha.security.taint -verify -std=c99 -Dbool=_Bool %s
-// RUN: %clang_analyze_cc1 -analyzer-checker=core,alpha.core.BoolAssignment,alpha.security.taint -verify -x c++ %s
+// RUN: %clang_analyze_cc1 -analyzer-checker=core,alpha.core.BoolAssignment,optin.taint -verify -std=c99 -Dbool=_Bool %s
+// RUN: %clang_analyze_cc1 -analyzer-checker=core,alpha.core.BoolAssignment,optin.taint -verify -x c++ %s
// Test C++'s bool and C's _Bool.
// FIXME: We stopped warning on these when SValBuilder got smarter about
diff --git a/clang/test/Analysis/cxx-method-names.cpp b/clang/test/Analysis/cxx-method-names.cpp
index 22ec4db34796bc..5254d82bd90b20 100644
--- a/clang/test/Analysis/cxx-method-names.cpp
+++ b/clang/test/Analysis/cxx-method-names.cpp
@@ -1,4 +1,4 @@
-// RUN: %clang_analyze_cc1 -analyzer-checker=core,unix,osx,alpha.unix,alpha.security.taint -verify %s
+// RUN: %clang_analyze_cc1 -analyzer-checker=core,unix,osx,alpha.unix,optin.taint -verify %s
// expected-no-diagnostics
class Evil {
diff --git a/clang/test/Analysis/debug-exprinspection-istainted.c b/clang/test/Analysis/debug-exprinspection-istainted.c
index 8d1ebca930885d..b459f3a3e791b1 100644
--- a/clang/test/Analysis/debug-exprinspection-istainted.c
+++ b/clang/test/Analysis/debug-exprinspection-istainted.c
@@ -1,7 +1,7 @@
// RUN: %clang_analyze_cc1 -verify %s \
// RUN: -analyzer-checker=core \
// RUN: -analyzer-checker=debug.ExprInspection \
-// RUN: -analyzer-checker=alpha.security.taint
+// RUN: -analyzer-checker=optin.taint
int scanf(const char *restrict format, ...);
void clang_analyzer_isTainted(char);
diff --git a/clang/test/Analysis/diagnostics/Inputs/expected-sarif/sarif-diagnostics-taint-test.c.sarif b/clang/test/Analysis/diagnostics/Inputs/expected-sarif/sarif-diagnostics-taint-test.c.sarif
index 0ac96cacbed19f..0bded6f0925d1e 100644
--- a/clang/test/Analysis/diagnostics/Inputs/expected-sarif/sarif-diagnostics-taint-test.c.sarif
+++ b/clang/test/Analysis/diagnostics/Inputs/expected-sarif/sarif-diagnostics-taint-test.c.sarif
@@ -4,7 +4,7 @@
{
"artifacts": [
{
- "length": 434,
+ "length": 425,
"location": {
"index": 0,
},
diff --git a/clang/test/Analysis/diagnostics/Inputs/expected-sarif/sarif-multi-diagnostic-test.c.sarif b/clang/test/Analysis/diagnostics/Inputs/expected-sarif/sarif-multi-diagnostic-test.c.sarif
index ae49ad6604cb2a..7f9deea304832f 100644
--- a/clang/test/Analysis/diagnostics/Inputs/expected-sarif/sarif-multi-diagnostic-test.c.sarif
+++ b/clang/test/Analysis/diagnostics/Inputs/expected-sarif/sarif-multi-diagnostic-test.c.sarif
@@ -4,7 +4,7 @@
{
"artifacts": [
{
- "length": 1081,
+ "length": 1071,
"location": {
"index": 0,
},
diff --git a/clang/test/Analysis/diagnostics/sarif-diagnostics-taint-test.c b/clang/test/Analysis/diagnostics/sarif-diagnostics-taint-test.c
index b1042f9034d7d7..7a3ca61c4319ff 100644
--- a/clang/test/Analysis/diagnostics/sarif-diagnostics-taint-test.c
+++ b/clang/test/Analysis/diagnostics/sarif-diagnostics-taint-test.c
@@ -1,4 +1,4 @@
-// RUN: %clang_analyze_cc1 -analyzer-checker=alpha.security.taint,debug.TaintTest %s -verify -analyzer-output=sarif -o - | %normalize_sarif |
diff -U1 -b %S/Inputs/expected-sarif/sarif-diagnostics-taint-test.c.sarif -
+// RUN: %clang_analyze_cc1 -analyzer-checker=optin.taint,debug.TaintTest %s -verify -analyzer-output=sarif -o - | %normalize_sarif |
diff -U1 -b %S/Inputs/expected-sarif/sarif-diagnostics-taint-test.c.sarif -
#include "../Inputs/system-header-simulator.h"
int atoi(const char *nptr);
diff --git a/clang/test/Analysis/diagnostics/sarif-multi-diagnostic-test.c b/clang/test/Analysis/diagnostics/sarif-multi-diagnostic-test.c
index 61d19817407e27..eeafd178628b38 100644
--- a/clang/test/Analysis/diagnostics/sarif-multi-diagnostic-test.c
+++ b/clang/test/Analysis/diagnostics/sarif-multi-diagnostic-test.c
@@ -1,4 +1,4 @@
-// RUN: %clang_analyze_cc1 -analyzer-checker=core,alpha.security.taint,debug.TaintTest,unix.Malloc %s -verify -analyzer-output=sarif -o - | %normalize_sarif |
diff -U1 -b %S/Inputs/expected-sarif/sarif-multi-diagnostic-test.c.sarif -
+// RUN: %clang_analyze_cc1 -analyzer-checker=core,optin.taint,debug.TaintTest,unix.Malloc %s -verify -analyzer-output=sarif -o - | %normalize_sarif |
diff -U1 -b %S/Inputs/expected-sarif/sarif-multi-diagnostic-test.c.sarif -
#include "../Inputs/system-header-simulator.h"
#include "../Inputs/system-header-simulator-for-malloc.h"
#define ERR -1
@@ -43,4 +43,3 @@ int main(void) {
unicode();
return 0;
}
-
diff --git a/clang/test/Analysis/fread.c b/clang/test/Analysis/fread.c
index 5dc6c0c744093a..8dc998ea1e899d 100644
--- a/clang/test/Analysis/fread.c
+++ b/clang/test/Analysis/fread.c
@@ -1,6 +1,6 @@
// RUN: %clang_analyze_cc1 -verify %s \
// RUN: -triple x86_64-linux-gnu \
-// RUN: -analyzer-checker=core,unix.Stream,alpha.security.taint \
+// RUN: -analyzer-checker=core,unix.Stream,optin.taint \
// RUN: -analyzer-checker=debug.ExprInspection
#include "Inputs/system-header-simulator-for-simple-stream.h"
diff --git a/clang/test/Analysis/global-region-invalidation-errno.c b/clang/test/Analysis/global-region-invalidation-errno.c
index 9de10ad59095a2..868869b5d262f6 100644
--- a/clang/test/Analysis/global-region-invalidation-errno.c
+++ b/clang/test/Analysis/global-region-invalidation-errno.c
@@ -1,9 +1,9 @@
// RUN: %clang_analyze_cc1 -triple x86_64-apple-darwin10 -disable-free -verify %s \
-// RUN: -analyzer-checker=core,deadcode,alpha.security.taint \
+// RUN: -analyzer-checker=core,deadcode,optin.taint \
// RUN: -DERRNO_VAR
// RUN: %clang_analyze_cc1 -triple x86_64-apple-darwin10 -disable-free -verify %s \
-// RUN: -analyzer-checker=core,deadcode,alpha.security.taint \
+// RUN: -analyzer-checker=core,deadcode,optin.taint \
// RUN: -DERRNO_FUNC
// Note, we do need to include headers here, since the analyzer checks if the function declaration is located in a system header.
diff --git a/clang/test/Analysis/global-region-invalidation.c b/clang/test/Analysis/global-region-invalidation.c
index faca3baf11caf3..2f78467630ce63 100644
--- a/clang/test/Analysis/global-region-invalidation.c
+++ b/clang/test/Analysis/global-region-invalidation.c
@@ -1,5 +1,5 @@
// RUN: %clang_analyze_cc1 -triple x86_64-apple-darwin10 -disable-free -verify %s \
-// RUN: -analyzer-checker=core,deadcode,alpha.security.taint,debug.TaintTest,debug.ExprInspection
+// RUN: -analyzer-checker=core,deadcode,optin.taint,debug.TaintTest,debug.ExprInspection
void clang_analyzer_eval(int);
diff --git a/clang/test/Analysis/malloc.c b/clang/test/Analysis/malloc.c
index 9c7ca43bfbc5af..57f8561a74da66 100644
--- a/clang/test/Analysis/malloc.c
+++ b/clang/test/Analysis/malloc.c
@@ -4,7 +4,7 @@
// RUN: -analyzer-checker=alpha.core.CastSize \
// RUN: -analyzer-checker=unix \
// RUN: -analyzer-checker=debug.ExprInspection \
-// RUN: -analyzer-checker=alpha.security.taint.TaintPropagation \
+// RUN: -analyzer-checker=optin.taint.TaintPropagation \
// RUN: -analyzer-checker=optin.taint.TaintedAlloc
#include "Inputs/system-header-simulator.h"
diff --git a/clang/test/Analysis/malloc.cpp b/clang/test/Analysis/malloc.cpp
index 7af1b59e04a5a2..2bbfaf6640b795 100644
--- a/clang/test/Analysis/malloc.cpp
+++ b/clang/test/Analysis/malloc.cpp
@@ -4,7 +4,7 @@
// RUN: -analyzer-checker=alpha.core.CastSize \
// RUN: -analyzer-checker=unix.Malloc \
// RUN: -analyzer-checker=cplusplus.NewDelete \
-// RUN: -analyzer-checker=alpha.security.taint.TaintPropagation \
+// RUN: -analyzer-checker=optin.taint.TaintPropagation \
// RUN: -analyzer-checker=optin.taint.TaintedAlloc
// RUN: %clang_analyze_cc1 -w -verify %s \
@@ -14,7 +14,7 @@
// RUN: -analyzer-checker=alpha.core.CastSize \
// RUN: -analyzer-checker=unix.Malloc \
// RUN: -analyzer-checker=cplusplus.NewDelete \
-// RUN: -analyzer-checker=alpha.security.taint.TaintPropagation \
+// RUN: -analyzer-checker=optin.taint.TaintPropagation \
// RUN: -analyzer-checker=optin.taint.TaintedAlloc
// RUN: %clang_analyze_cc1 -w -verify %s -DTEST_INLINABLE_ALLOCATORS \
@@ -23,7 +23,7 @@
// RUN: -analyzer-checker=alpha.core.CastSize \
// RUN: -analyzer-checker=unix.Malloc \
// RUN: -analyzer-checker=cplusplus.NewDelete \
-// RUN: -analyzer-checker=alpha.security.taint.TaintPropagation \
+// RUN: -analyzer-checker=optin.taint.TaintPropagation \
// RUN: -analyzer-checker=optin.taint.TaintedAlloc
// RUN: %clang_analyze_cc1 -w -verify %s -DTEST_INLINABLE_ALLOCATORS \
@@ -33,7 +33,7 @@
// RUN: -analyzer-checker=alpha.core.CastSize \
// RUN: -analyzer-checker=unix.Malloc \
// RUN: -analyzer-checker=cplusplus.NewDelete \
-// RUN: -analyzer-checker=alpha.security.taint.TaintPropagation \
+// RUN: -analyzer-checker=optin.taint.TaintPropagation \
// RUN: -analyzer-checker=optin.taint.TaintedAlloc
#include "Inputs/system-header-simulator-cxx.h"
diff --git a/clang/test/Analysis/out-of-bounds-diagnostics.c b/clang/test/Analysis/out-of-bounds-diagnostics.c
index de70e483add1c0..8ecad7036c3314 100644
--- a/clang/test/Analysis/out-of-bounds-diagnostics.c
+++ b/clang/test/Analysis/out-of-bounds-diagnostics.c
@@ -1,5 +1,5 @@
// RUN: %clang_analyze_cc1 -Wno-array-bounds -analyzer-output=text \
-// RUN: -analyzer-checker=core,alpha.security.ArrayBoundV2,unix.Malloc,alpha.security.taint -verify %s
+// RUN: -analyzer-checker=core,alpha.security.ArrayBoundV2,unix.Malloc,optin.taint -verify %s
int TenElements[10];
diff --git a/clang/test/Analysis/out-of-bounds-notes.c b/clang/test/Analysis/out-of-bounds-notes.c
index c29b6f8ab111b4..391089b6a35d81 100644
--- a/clang/test/Analysis/out-of-bounds-notes.c
+++ b/clang/test/Analysis/out-of-bounds-notes.c
@@ -1,5 +1,5 @@
// RUN: %clang_analyze_cc1 -Wno-array-bounds -analyzer-output=text \
-// RUN: -analyzer-checker=core,alpha.security.ArrayBoundV2,unix.Malloc,alpha.security.taint -verify %s
+// RUN: -analyzer-checker=core,alpha.security.ArrayBoundV2,unix.Malloc,optin.taint -verify %s
int TenElements[10];
diff --git a/clang/test/Analysis/redefined_system.c b/clang/test/Analysis/redefined_system.c
index 0a55c36c6dd5b3..0998fb92d2cd2a 100644
--- a/clang/test/Analysis/redefined_system.c
+++ b/clang/test/Analysis/redefined_system.c
@@ -1,4 +1,4 @@
-// RUN: %clang_analyze_cc1 -analyzer-checker=osx,unix,core,alpha.security.taint -w -verify %s
+// RUN: %clang_analyze_cc1 -analyzer-checker=osx,unix,core,optin.taint -w -verify %s
// expected-no-diagnostics
// Make sure we don't crash when someone redefines a system function we reason about.
diff --git a/clang/test/Analysis/string.c b/clang/test/Analysis/string.c
index 85232624160c06..79b4877eedbd9c 100644
--- a/clang/test/Analysis/string.c
+++ b/clang/test/Analysis/string.c
@@ -25,7 +25,7 @@
// RUN: %clang_analyze_cc1 -verify %s -Wno-null-dereference \
// RUN: -DUSE_BUILTINS -DVARIANT \
// RUN: -analyzer-checker=core \
-// RUN: -analyzer-checker=alpha.security.taint \
+// RUN: -analyzer-checker=optin.taint \
// RUN: -analyzer-checker=unix.cstring \
// RUN: -analyzer-checker=unix.Malloc \
// RUN: -analyzer-checker=alpha.unix.cstring \
diff --git a/clang/test/Analysis/taint-checker-callback-order-has-definition.c b/clang/test/Analysis/taint-checker-callback-order-has-definition.c
index eaf96cc675f062..66c244c4cfda33 100644
--- a/clang/test/Analysis/taint-checker-callback-order-has-definition.c
+++ b/clang/test/Analysis/taint-checker-callback-order-has-definition.c
@@ -1,5 +1,5 @@
// RUN: %clang_analyze_cc1 %s \
-// RUN: -analyzer-checker=core,alpha.security.taint \
+// RUN: -analyzer-checker=core,optin.taint \
// RUN: -mllvm -debug-only=taint-checker \
// RUN: 2>&1 | FileCheck %s
diff --git a/clang/test/Analysis/taint-checker-callback-order-without-definition.c b/clang/test/Analysis/taint-checker-callback-order-without-definition.c
index 6de87f736926d3..5f8df871b304d7 100644
--- a/clang/test/Analysis/taint-checker-callback-order-without-definition.c
+++ b/clang/test/Analysis/taint-checker-callback-order-without-definition.c
@@ -1,5 +1,5 @@
// RUN: %clang_analyze_cc1 %s \
-// RUN: -analyzer-checker=core,alpha.security.taint \
+// RUN: -analyzer-checker=core,optin.taint \
// RUN: -mllvm -debug-only=taint-checker \
// RUN: 2>&1 | FileCheck %s
diff --git a/clang/test/Analysis/taint-diagnostic-visitor.c b/clang/test/Analysis/taint-diagnostic-visitor.c
index f51423646e8aec..526c04c3607775 100644
--- a/clang/test/Analysis/taint-diagnostic-visitor.c
+++ b/clang/test/Analysis/taint-diagnostic-visitor.c
@@ -1,4 +1,4 @@
-// RUN: %clang_cc1 -analyze -analyzer-checker=alpha.security.taint,core,alpha.security.ArrayBoundV2,optin.taint.TaintedAlloc -analyzer-output=text -verify %s
+// RUN: %clang_cc1 -analyze -analyzer-checker=optin.taint,core,alpha.security.ArrayBoundV2,optin.taint.TaintedAlloc -analyzer-output=text -verify %s
// This file is for testing enhanced diagnostics produced by the GenericTaintChecker
diff --git a/clang/test/Analysis/taint-dumps.c b/clang/test/Analysis/taint-dumps.c
index 37fb6c2f2adf7d..01bf0d7deff3ad 100644
--- a/clang/test/Analysis/taint-dumps.c
+++ b/clang/test/Analysis/taint-dumps.c
@@ -1,4 +1,4 @@
-// RUN: %clang_analyze_cc1 -analyzer-checker=alpha.security.taint\
+// RUN: %clang_analyze_cc1 -analyzer-checker=optin.taint\
// RUN: -analyzer-checker=debug.ExprInspection %s\
// RUN: 2>&1 | FileCheck %s
diff --git a/clang/test/Analysis/taint-generic.c b/clang/test/Analysis/taint-generic.c
index 1c139312734bca..a5cfdd9db11579 100644
--- a/clang/test/Analysis/taint-generic.c
+++ b/clang/test/Analysis/taint-generic.c
@@ -1,57 +1,57 @@
// RUN: %clang_analyze_cc1 -Wno-format-security -Wno-pointer-to-int-cast \
// RUN: -Wno-incompatible-library-redeclaration -verify %s \
-// RUN: -analyzer-checker=alpha.security.taint \
+// RUN: -analyzer-checker=optin.taint.GenericTaint \
// RUN: -analyzer-checker=core \
// RUN: -analyzer-checker=alpha.security.ArrayBoundV2 \
// RUN: -analyzer-checker=debug.ExprInspection \
// RUN: -analyzer-config \
-// RUN: alpha.security.taint.TaintPropagation:Config=%S/Inputs/taint-generic-config.yaml
+// RUN: optin.taint.TaintPropagation:Config=%S/Inputs/taint-generic-config.yaml
// RUN: %clang_analyze_cc1 -Wno-format-security -Wno-pointer-to-int-cast \
// RUN: -Wno-incompatible-library-redeclaration -verify %s \
// RUN: -DFILE_IS_STRUCT \
-// RUN: -analyzer-checker=alpha.security.taint \
+// RUN: -analyzer-checker=optin.taint.GenericTaint \
// RUN: -analyzer-checker=core \
// RUN: -analyzer-checker=alpha.security.ArrayBoundV2 \
// RUN: -analyzer-checker=debug.ExprInspection \
// RUN: -analyzer-config \
-// RUN: alpha.security.taint.TaintPropagation:Config=%S/Inputs/taint-generic-config.yaml
+// RUN: optin.taint.TaintPropagation:Config=%S/Inputs/taint-generic-config.yaml
// RUN: not %clang_analyze_cc1 -Wno-pointer-to-int-cast \
// RUN: -Wno-incompatible-library-redeclaration -verify %s \
-// RUN: -analyzer-checker=alpha.security.taint \
+// RUN: -analyzer-checker=optin.taint.GenericTaint \
// RUN: -analyzer-checker=debug.ExprInspection \
// RUN: -analyzer-config \
-// RUN: alpha.security.taint.TaintPropagation:Config=justguessit \
+// RUN: optin.taint.TaintPropagation:Config=justguessit \
// RUN: 2>&1 | FileCheck %s -check-prefix=CHECK-INVALID-FILE
// CHECK-INVALID-FILE: (frontend): invalid input for checker option
-// CHECK-INVALID-FILE-SAME: 'alpha.security.taint.TaintPropagation:Config',
+// CHECK-INVALID-FILE-SAME: 'optin.taint.TaintPropagation:Config',
// CHECK-INVALID-FILE-SAME: that expects a valid filename instead of
// CHECK-INVALID-FILE-SAME: 'justguessit'
// RUN: not %clang_analyze_cc1 -Wno-incompatible-library-redeclaration \
// RUN: -verify %s \
-// RUN: -analyzer-checker=alpha.security.taint \
+// RUN: -analyzer-checker=optin.taint.GenericTaint \
// RUN: -analyzer-checker=debug.ExprInspection \
// RUN: -analyzer-config \
-// RUN: alpha.security.taint.TaintPropagation:Config=%S/Inputs/taint-generic-config-ill-formed.yaml \
+// RUN: optin.taint.TaintPropagation:Config=%S/Inputs/taint-generic-config-ill-formed.yaml \
// RUN: 2>&1 | FileCheck -DMSG=%errc_EINVAL %s -check-prefix=CHECK-ILL-FORMED
// CHECK-ILL-FORMED: (frontend): invalid input for checker option
-// CHECK-ILL-FORMED-SAME: 'alpha.security.taint.TaintPropagation:Config',
+// CHECK-ILL-FORMED-SAME: 'optin.taint.TaintPropagation:Config',
// CHECK-ILL-FORMED-SAME: that expects a valid yaml file: [[MSG]]
// RUN: not %clang_analyze_cc1 -Wno-incompatible-library-redeclaration \
// RUN: -verify %s \
-// RUN: -analyzer-checker=alpha.security.taint \
+// RUN: -analyzer-checker=optin.taint.GenericTaint \
// RUN: -analyzer-checker=debug.ExprInspection \
// RUN: -analyzer-config \
-// RUN: alpha.security.taint.TaintPropagation:Config=%S/Inputs/taint-generic-config-invalid-arg.yaml \
+// RUN: optin.taint.TaintPropagation:Config=%S/Inputs/taint-generic-config-invalid-arg.yaml \
// RUN: 2>&1 | FileCheck %s -check-prefix=CHECK-INVALID-ARG
// CHECK-INVALID-ARG: (frontend): invalid input for checker option
-// CHECK-INVALID-ARG-SAME: 'alpha.security.taint.TaintPropagation:Config',
+// CHECK-INVALID-ARG-SAME: 'optin.taint.TaintPropagation:Config',
// CHECK-INVALID-ARG-SAME: that expects an argument number for propagation
// CHECK-INVALID-ARG-SAME: rules greater or equal to -1
diff --git a/clang/test/Analysis/taint-generic.cpp b/clang/test/Analysis/taint-generic.cpp
index 0aadef88c704cf..8092ac6f270b2a 100644
--- a/clang/test/Analysis/taint-generic.cpp
+++ b/clang/test/Analysis/taint-generic.cpp
@@ -1,4 +1,4 @@
-// RUN: %clang_analyze_cc1 -analyzer-checker=alpha.security.taint,core,alpha.security.ArrayBoundV2 -analyzer-config alpha.security.taint.TaintPropagation:Config=%S/Inputs/taint-generic-config.yaml -Wno-format-security -verify -std=c++11 %s
+// RUN: %clang_analyze_cc1 -analyzer-checker=optin.taint,core,alpha.security.ArrayBoundV2 -analyzer-config optin.taint.TaintPropagation:Config=%S/Inputs/taint-generic-config.yaml -Wno-format-security -verify -std=c++11 %s
#define BUFSIZE 10
int Buffer[BUFSIZE];
diff --git a/clang/test/Analysis/taint-tester.c b/clang/test/Analysis/taint-tester.c
index 302349fb662ddb..479a96c92ececd 100644
--- a/clang/test/Analysis/taint-tester.c
+++ b/clang/test/Analysis/taint-tester.c
@@ -1,4 +1,4 @@
-// RUN: %clang_analyze_cc1 -Wno-int-to-pointer-cast -analyzer-checker=alpha.security.taint,debug.TaintTest %s -verify
+// RUN: %clang_analyze_cc1 -Wno-int-to-pointer-cast -analyzer-checker=optin.taint,debug.TaintTest %s -verify
#include "Inputs/system-header-simulator.h"
diff --git a/clang/test/Analysis/taint-tester.cpp b/clang/test/Analysis/taint-tester.cpp
index 23a92cc56d248f..a419938906800f 100644
--- a/clang/test/Analysis/taint-tester.cpp
+++ b/clang/test/Analysis/taint-tester.cpp
@@ -1,4 +1,4 @@
-// RUN: %clang_analyze_cc1 -analyzer-checker=alpha.security.taint,debug.TaintTest %s -verify
+// RUN: %clang_analyze_cc1 -analyzer-checker=optin.taint,debug.TaintTest %s -verify
// expected-no-diagnostics
typedef struct _FILE FILE;
@@ -32,4 +32,3 @@ void testOpaqueClass(opaque *obj) {
char buf[20];
snprintf(buf, 20, "%p", obj); // don't crash trying to load *obj
}
-
diff --git a/clang/test/Analysis/taint-tester.m b/clang/test/Analysis/taint-tester.m
index 531c21b5faf88f..3358a7769e2571 100644
--- a/clang/test/Analysis/taint-tester.m
+++ b/clang/test/Analysis/taint-tester.m
@@ -1,4 +1,4 @@
-// RUN: %clang_analyze_cc1 -analyzer-checker=alpha.security.taint,debug.TaintTest %s -verify
+// RUN: %clang_analyze_cc1 -analyzer-checker=optin.taint,debug.TaintTest %s -verify
// expected-no-diagnostics
#import <stdarg.h>
@@ -14,8 +14,8 @@ void TestLog (NSString *format, ...) {
va_list ap;
va_start(ap, format);
NSString *string = @"AAA: ";
-
+
NSLogv([string stringByAppendingString:format], ap);
-
+
va_end(ap);
}
\ No newline at end of file
diff --git a/clang/utils/analyzer/SATestBuild.py b/clang/utils/analyzer/SATestBuild.py
index bc86ed8b64e0e9..66e1ab72985cd9 100644
--- a/clang/utils/analyzer/SATestBuild.py
+++ b/clang/utils/analyzer/SATestBuild.py
@@ -176,7 +176,7 @@ def stdout(message: str):
CHECKERS = ",".join(
[
"alpha.unix.SimpleStream",
- "alpha.security.taint",
+ "optin.taint",
"cplusplus.NewDeleteLeaks",
"core",
"cplusplus",
More information about the cfe-commits
mailing list