[clang-tools-extra] 0f1a952 - [clang-tidy] Rename `cert-env33-c` to `bugprone-command-processor` (#160275)

via cfe-commits cfe-commits at lists.llvm.org
Thu Sep 25 09:55:04 PDT 2025 

Author: mitchell
Date: 2025-09-25T19:55:00+03:00
New Revision: 0f1a952399b874246b48f787431efbd5364cb74d

URL: https://github.com/llvm/llvm-project/commit/0f1a952399b874246b48f787431efbd5364cb74d
DIFF: https://github.com/llvm/llvm-project/commit/0f1a952399b874246b48f787431efbd5364cb74d.diff

LOG: [clang-tidy] Rename `cert-env33-c` to `bugprone-command-processor` (#160275)

Moves `cert-env33-c` check into `bugprone` module and gives it a clearer
name: `bugprone-command-processor`

This is part of the cleanup described in
https://github.com/llvm/llvm-project/issues/157287.
Closes https://github.com/llvm/llvm-project/issues/157288

Added: 
    clang-tools-extra/clang-tidy/bugprone/CommandProcessorCheck.cpp
    clang-tools-extra/clang-tidy/bugprone/CommandProcessorCheck.h
    clang-tools-extra/docs/clang-tidy/checks/bugprone/command-processor.rst
    clang-tools-extra/test/clang-tidy/checkers/bugprone/command-processor.c

Modified: 
    clang-tools-extra/clang-tidy/bugprone/BugproneTidyModule.cpp
    clang-tools-extra/clang-tidy/bugprone/CMakeLists.txt
    clang-tools-extra/clang-tidy/cert/CERTTidyModule.cpp
    clang-tools-extra/clang-tidy/cert/CMakeLists.txt
    clang-tools-extra/docs/ReleaseNotes.rst
    clang-tools-extra/docs/clang-tidy/checks/cert/env33-c.rst
    clang-tools-extra/docs/clang-tidy/checks/list.rst

Removed: 
    clang-tools-extra/clang-tidy/cert/CommandProcessorCheck.cpp
    clang-tools-extra/clang-tidy/cert/CommandProcessorCheck.h
    clang-tools-extra/test/clang-tidy/checkers/cert/env33-c.c


################################################################################
diff  --git a/clang-tools-extra/clang-tidy/bugprone/BugproneTidyModule.cpp b/clang-tools-extra/clang-tidy/bugprone/BugproneTidyModule.cpp
index 8baa8f6b35d4c..e6115f67656bc 100644
--- a/clang-tools-extra/clang-tidy/bugprone/BugproneTidyModule.cpp
+++ b/clang-tools-extra/clang-tidy/bugprone/BugproneTidyModule.cpp
@@ -19,6 +19,7 @@
 #include "CapturingThisInMemberVariableCheck.h"
 #include "CastingThroughVoidCheck.h"
 #include "ChainedComparisonCheck.h"
+#include "CommandProcessorCheck.h"
 #include "ComparePointerToMemberVirtualFunctionCheck.h"
 #include "CopyConstructorInitCheck.h"
 #include "CrtpConstructorAccessibilityCheck.h"
@@ -130,6 +131,8 @@ class BugproneModule : public ClangTidyModule {
         "bugprone-casting-through-void");
     CheckFactories.registerCheck<ChainedComparisonCheck>(
         "bugprone-chained-comparison");
+    CheckFactories.registerCheck<CommandProcessorCheck>(
+        "bugprone-command-processor");
     CheckFactories.registerCheck<ComparePointerToMemberVirtualFunctionCheck>(
         "bugprone-compare-pointer-to-member-virtual-function");
     CheckFactories.registerCheck<CopyConstructorInitCheck>(

diff  --git a/clang-tools-extra/clang-tidy/bugprone/CMakeLists.txt b/clang-tools-extra/clang-tidy/bugprone/CMakeLists.txt
index b0dbe84a16cd4..c8943e5b22ef8 100644
--- a/clang-tools-extra/clang-tidy/bugprone/CMakeLists.txt
+++ b/clang-tools-extra/clang-tidy/bugprone/CMakeLists.txt
@@ -15,6 +15,7 @@ add_clang_library(clangTidyBugproneModule STATIC
   CapturingThisInMemberVariableCheck.cpp
   CastingThroughVoidCheck.cpp
   ChainedComparisonCheck.cpp
+  CommandProcessorCheck.cpp
   ComparePointerToMemberVirtualFunctionCheck.cpp
   CopyConstructorInitCheck.cpp
   CrtpConstructorAccessibilityCheck.cpp

diff  --git a/clang-tools-extra/clang-tidy/cert/CommandProcessorCheck.cpp b/clang-tools-extra/clang-tidy/bugprone/CommandProcessorCheck.cpp
similarity index 95%
rename from clang-tools-extra/clang-tidy/cert/CommandProcessorCheck.cpp
rename to clang-tools-extra/clang-tidy/bugprone/CommandProcessorCheck.cpp
index d87396f5189b1..a09c1a931cdb5 100644
--- a/clang-tools-extra/clang-tidy/cert/CommandProcessorCheck.cpp
+++ b/clang-tools-extra/clang-tidy/bugprone/CommandProcessorCheck.cpp
@@ -11,7 +11,7 @@
 
 using namespace clang::ast_matchers;
 
-namespace clang::tidy::cert {
+namespace clang::tidy::bugprone {
 
 void CommandProcessorCheck::registerMatchers(MatchFinder *Finder) {
   Finder->addMatcher(
@@ -35,4 +35,4 @@ void CommandProcessorCheck::check(const MatchFinder::MatchResult &Result) {
   diag(E->getExprLoc(), "calling %0 uses a command processor") << Fn;
 }
 
-} // namespace clang::tidy::cert
+} // namespace clang::tidy::bugprone

diff  --git a/clang-tools-extra/clang-tidy/cert/CommandProcessorCheck.h b/clang-tools-extra/clang-tidy/bugprone/CommandProcessorCheck.h
similarity index 72%
rename from clang-tools-extra/clang-tidy/cert/CommandProcessorCheck.h
rename to clang-tools-extra/clang-tidy/bugprone/CommandProcessorCheck.h
index c2f8b39faaab1..bd4683410ae6f 100644
--- a/clang-tools-extra/clang-tidy/cert/CommandProcessorCheck.h
+++ b/clang-tools-extra/clang-tidy/bugprone/CommandProcessorCheck.h
@@ -6,12 +6,12 @@
 //
 //===----------------------------------------------------------------------===//
 
-#ifndef LLVM_CLANG_TOOLS_EXTRA_CLANG_TIDY_CERT_COMMAND_PROCESSOR_CHECK_H
-#define LLVM_CLANG_TOOLS_EXTRA_CLANG_TIDY_CERT_COMMAND_PROCESSOR_CHECK_H
+#ifndef LLVM_CLANG_TOOLS_EXTRA_CLANG_TIDY_BUGPRONE_COMMANDPROCESSORCHECK_H
+#define LLVM_CLANG_TOOLS_EXTRA_CLANG_TIDY_BUGPRONE_COMMANDPROCESSORCHECK_H
 
 #include "../ClangTidyCheck.h"
 
-namespace clang::tidy::cert {
+namespace clang::tidy::bugprone {
 
 /// Execution of a command processor can lead to security vulnerabilities,
 /// and is generally not required. Instead, prefer to launch executables
@@ -19,7 +19,7 @@ namespace clang::tidy::cert {
 /// actually launched.
 ///
 /// For the user-facing documentation see:
-/// https://clang.llvm.org/extra/clang-tidy/checks/cert/env33-c.html
+/// https://clang.llvm.org/extra/clang-tidy/checks/bugprone/command-processor.html
 class CommandProcessorCheck : public ClangTidyCheck {
 public:
   CommandProcessorCheck(StringRef Name, ClangTidyContext *Context)
@@ -28,6 +28,6 @@ class CommandProcessorCheck : public ClangTidyCheck {
   void check(const ast_matchers::MatchFinder::MatchResult &Result) override;
 };
 
-} // namespace clang::tidy::cert
+} // namespace clang::tidy::bugprone
 
-#endif // LLVM_CLANG_TOOLS_EXTRA_CLANG_TIDY_CERT_COMMAND_PROCESSOR_CHECK_H
+#endif // LLVM_CLANG_TOOLS_EXTRA_CLANG_TIDY_BUGPRONE_COMMANDPROCESSORCHECK_H

diff  --git a/clang-tools-extra/clang-tidy/cert/CERTTidyModule.cpp b/clang-tools-extra/clang-tidy/cert/CERTTidyModule.cpp
index 9ba62219afee9..c1ca2cec7a1eb 100644
--- a/clang-tools-extra/clang-tidy/cert/CERTTidyModule.cpp
+++ b/clang-tools-extra/clang-tidy/cert/CERTTidyModule.cpp
@@ -10,6 +10,7 @@
 #include "../ClangTidyModule.h"
 #include "../ClangTidyModuleRegistry.h"
 #include "../bugprone/BadSignalToKillThreadCheck.h"
+#include "../bugprone/CommandProcessorCheck.h"
 #include "../bugprone/PointerArithmeticOnPolymorphicObjectCheck.h"
 #include "../bugprone/ReservedIdentifierCheck.h"
 #include "../bugprone/SignalHandlerCheck.h"
@@ -33,7 +34,6 @@
 #include "../performance/MoveConstructorInitCheck.h"
 #include "../readability/EnumInitialValueCheck.h"
 #include "../readability/UppercaseLiteralSuffixCheck.h"
-#include "CommandProcessorCheck.h"
 #include "DefaultOperatorNewAlignmentCheck.h"
 #include "DontModifyStdNamespaceCheck.h"
 #include "FloatLoopCounter.h"
@@ -296,7 +296,8 @@ class CERTModule : public ClangTidyModule {
     CheckFactories.registerCheck<bugprone::ReservedIdentifierCheck>(
         "cert-dcl37-c");
     // ENV
-    CheckFactories.registerCheck<CommandProcessorCheck>("cert-env33-c");
+    CheckFactories.registerCheck<bugprone::CommandProcessorCheck>(
+        "cert-env33-c");
     // ERR
     CheckFactories.registerCheck<bugprone::UnusedReturnValueCheck>(
         "cert-err33-c");

diff  --git a/clang-tools-extra/clang-tidy/cert/CMakeLists.txt b/clang-tools-extra/clang-tidy/cert/CMakeLists.txt
index 4933763f03fb5..453d1d30921e9 100644
--- a/clang-tools-extra/clang-tidy/cert/CMakeLists.txt
+++ b/clang-tools-extra/clang-tidy/cert/CMakeLists.txt
@@ -5,7 +5,6 @@ set(LLVM_LINK_COMPONENTS
 
 add_clang_library(clangTidyCERTModule STATIC
   CERTTidyModule.cpp
-  CommandProcessorCheck.cpp
   DefaultOperatorNewAlignmentCheck.cpp
   DontModifyStdNamespaceCheck.cpp
   FloatLoopCounter.cpp

diff  --git a/clang-tools-extra/docs/ReleaseNotes.rst b/clang-tools-extra/docs/ReleaseNotes.rst
index d13f83079e591..f5563389d3106 100644
--- a/clang-tools-extra/docs/ReleaseNotes.rst
+++ b/clang-tools-extra/docs/ReleaseNotes.rst
@@ -211,6 +211,11 @@ New check aliases
   <clang-tidy/checks/modernize/avoid-variadic-functions>`
   keeping initial check as an alias to the new one.
 
+- Renamed :doc:`cert-env33-c <clang-tidy/checks/cert/env33-c>` to
+  :doc:`bugprone-command-processor
+  <clang-tidy/checks/bugprone/command-processor>`
+  keeping initial check as an alias to the new one.
+
 - Renamed :doc:`cert-err34-c <clang-tidy/checks/cert/err34-c>` to
   :doc:`bugprone-unchecked-string-to-number-conversion
   <clang-tidy/checks/bugprone/unchecked-string-to-number-conversion>`

diff  --git a/clang-tools-extra/docs/clang-tidy/checks/bugprone/command-processor.rst b/clang-tools-extra/docs/clang-tidy/checks/bugprone/command-processor.rst
new file mode 100644
index 0000000000000..cbffe7dddae04
--- /dev/null
+++ b/clang-tools-extra/docs/clang-tidy/checks/bugprone/command-processor.rst
@@ -0,0 +1,16 @@
+.. title:: clang-tidy - bugprone-command-processor
+
+bugprone-command-processor
+==========================
+
+Flags calls to ``system()``, ``popen()``, and ``_popen()``, which
+execute a command processor. It does not flag calls to ``system()`` with a null
+pointer argument, as such a call checks for the presence of a command processor
+but does not actually attempt to execute a command.
+
+References
+----------
+
+This check corresponds to the CERT C Coding Standard rule
+`ENV33-C. Do not call system()
+<https://www.securecoding.cert.org/confluence/display/c/ENV33-C.+Do+not+call+system()>`_.

diff  --git a/clang-tools-extra/docs/clang-tidy/checks/cert/env33-c.rst b/clang-tools-extra/docs/clang-tidy/checks/cert/env33-c.rst
index 9271c9ecccc00..751bccfaee8f2 100644
--- a/clang-tools-extra/docs/clang-tidy/checks/cert/env33-c.rst
+++ b/clang-tools-extra/docs/clang-tidy/checks/cert/env33-c.rst
@@ -3,10 +3,9 @@
 cert-env33-c
 ============
 
-This check flags calls to ``system()``, ``popen()``, and ``_popen()``, which
-execute a command processor. It does not flag calls to ``system()`` with a null
-pointer argument, as such a call checks for the presence of a command processor
-but does not actually attempt to execute a command.
+The `cert-env33-c` check is an alias, please see
+`bugprone-command-processor <../bugprone/command-processor.html>`_
+for more information.
 
 This check corresponds to the CERT C Coding Standard rule
 `ENV33-C. Do not call system()

diff  --git a/clang-tools-extra/docs/clang-tidy/checks/list.rst b/clang-tools-extra/docs/clang-tidy/checks/list.rst
index 472d509101cdb..e705958f9033f 100644
--- a/clang-tools-extra/docs/clang-tidy/checks/list.rst
+++ b/clang-tools-extra/docs/clang-tidy/checks/list.rst
@@ -87,6 +87,7 @@ Clang-Tidy Checks
    :doc:`bugprone-capturing-this-in-member-variable <bugprone/capturing-this-in-member-variable>`,
    :doc:`bugprone-casting-through-void <bugprone/casting-through-void>`,
    :doc:`bugprone-chained-comparison <bugprone/chained-comparison>`,
+   :doc:`bugprone-command-processor <bugprone/command-processor>`,
    :doc:`bugprone-compare-pointer-to-member-virtual-function <bugprone/compare-pointer-to-member-virtual-function>`,
    :doc:`bugprone-copy-constructor-init <bugprone/copy-constructor-init>`, "Yes"
    :doc:`bugprone-crtp-constructor-accessibility <bugprone/crtp-constructor-accessibility>`, "Yes"
@@ -173,7 +174,6 @@ Clang-Tidy Checks
    :doc:`bugprone-use-after-move <bugprone/use-after-move>`,
    :doc:`bugprone-virtual-near-miss <bugprone/virtual-near-miss>`, "Yes"
    :doc:`cert-dcl58-cpp <cert/dcl58-cpp>`,
-   :doc:`cert-env33-c <cert/env33-c>`,
    :doc:`cert-err33-c <cert/err33-c>`,
    :doc:`cert-err60-cpp <cert/err60-cpp>`,
    :doc:`cert-flp30-c <cert/flp30-c>`,
@@ -440,6 +440,7 @@ Check aliases
    :doc:`cert-dcl54-cpp <cert/dcl54-cpp>`, :doc:`misc-new-delete-overloads <misc/new-delete-overloads>`,
    :doc:`cert-dcl59-cpp <cert/dcl59-cpp>`, :doc:`google-build-namespaces <google/build-namespaces>`,
    :doc:`cert-err09-cpp <cert/err09-cpp>`, :doc:`misc-throw-by-value-catch-by-reference <misc/throw-by-value-catch-by-reference>`,
+   :doc:`cert-env33-c <cert/env33-c>`, :doc:`bugprone-command-processor <bugprone/command-processor>`,
    :doc:`cert-err34-c <cert/err34-c>`, :doc:`bugprone-unchecked-string-to-number-conversion <bugprone/unchecked-string-to-number-conversion>`,
    :doc:`cert-err52-cpp <cert/err52-cpp>`, :doc:`modernize-avoid-setjmp-longjmp <modernize/avoid-setjmp-longjmp>`,
    :doc:`cert-err58-cpp <cert/err58-cpp>`, :doc:`bugprone-throwing-static-initialization <bugprone/throwing-static-initialization>`,

diff  --git a/clang-tools-extra/test/clang-tidy/checkers/cert/env33-c.c b/clang-tools-extra/test/clang-tidy/checkers/bugprone/command-processor.c
similarity index 83%
rename from clang-tools-extra/test/clang-tidy/checkers/cert/env33-c.c
rename to clang-tools-extra/test/clang-tidy/checkers/bugprone/command-processor.c
index 5846b496242c5..e592b57c9fb29 100644
--- a/clang-tools-extra/test/clang-tidy/checkers/cert/env33-c.c
+++ b/clang-tools-extra/test/clang-tidy/checkers/bugprone/command-processor.c
@@ -1,4 +1,4 @@
-// RUN: %check_clang_tidy %s cert-env33-c %t
+// RUN: %check_clang_tidy %s bugprone-command-processor %t
 
 typedef struct FILE {} FILE;
 
@@ -11,7 +11,7 @@ void f(void) {
   system(0);
 
   system("test");
-  // CHECK-MESSAGES: :[[@LINE-1]]:3: warning: calling 'system' uses a command processor [cert-env33-c]
+  // CHECK-MESSAGES: :[[@LINE-1]]:3: warning: calling 'system' uses a command processor [bugprone-command-processor]
 
   popen("test", "test");
   // CHECK-MESSAGES: :[[@LINE-1]]:3: warning: calling 'popen' uses a command processor

More information about the cfe-commits mailing list