[clang] [analyzer] Modernize, improve and promote chroot checker (PR #117791)
via cfe-commits
cfe-commits at lists.llvm.org
Wed Nov 27 07:29:31 PST 2024
================
@@ -24,21 +26,30 @@
using namespace clang;
using namespace ento;
-namespace {
-
// enum value that represent the jail state
-enum Kind { NO_CHROOT, ROOT_CHANGED, JAIL_ENTERED };
+enum ChrootKind { NO_CHROOT, ROOT_CHANGED, ROOT_CHANGE_FAILED, JAIL_ENTERED };
-bool isRootChanged(intptr_t k) { return k == ROOT_CHANGED; }
-//bool isJailEntered(intptr_t k) { return k == JAIL_ENTERED; }
+// Track chroot state changes for success, failure, state change
+// and "jail"
+REGISTER_TRAIT_WITH_PROGRAMSTATE(ChrootState, ChrootKind)
+
+// Track the call expression to chroot for accurate
+// warning messages
+REGISTER_TRAIT_WITH_PROGRAMSTATE(ChrootCall, const Expr *)
----------------
vabridgers wrote:
The checker looks for unexpected usages of chdir() that follow an invocation of chroot(), so at the point of detecting an unexpected use of chdir() I want to produce an improved warning that includes a "note" about where chroot() was called. So I stored the Chroot expression with the intent of using it for the warning message. But your comments have got me thinking about simplifying all of this, so will look at doing that. If you have suggestions about simplest and best way, I'd be grateful to hear those. BTW, this pattern also exists in a different checker (cannot remember which one now).
https://github.com/llvm/llvm-project/pull/117791
More information about the cfe-commits
mailing list