[clang] 042c839 - [clang][analyzer]Add TaintPropagation:EnableDefaultConfig config parameter (#176185)

via cfe-commits cfe-commits at lists.llvm.org
Fri Jan 30 10:54:33 PST 2026 

Author: Daniel Krupp
Date: 2026-01-30T19:54:28+01:00
New Revision: 042c839873c7f67c1fc1eace4b34d4953b16b3a0

URL: https://github.com/llvm/llvm-project/commit/042c839873c7f67c1fc1eace4b34d4953b16b3a0
DIFF: https://github.com/llvm/llvm-project/commit/042c839873c7f67c1fc1eace4b34d4953b16b3a0.diff

LOG: [clang][analyzer]Add TaintPropagation:EnableDefaultConfig config parameter (#176185)

The new optin.taint.TaintPropagation:EnableDefaultConfig checker
configuration parameter makes it possible for the users to disable the
built-in taint configuration and use a full custom configuration
instead.

Added: 
    

Modified: 
    clang/docs/analyzer/checkers.rst
    clang/include/clang/StaticAnalyzer/Checkers/Checkers.td
    clang/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp
    clang/test/Analysis/analyzer-config.c

Removed: 
    


################################################################################
diff  --git a/clang/docs/analyzer/checkers.rst b/clang/docs/analyzer/checkers.rst
index f6c37656c9fe2..499b78895392b 100644
--- a/clang/docs/analyzer/checkers.rst
+++ b/clang/docs/analyzer/checkers.rst
@@ -1413,8 +1413,12 @@ For a more detailed description of configuration options, please see the
 
 **Configuration**
 
-* `Config`  Specifies the name of the YAML configuration file. The user can
-  define their own taint sources and sinks.
+* ``optin.taint.TaintPropagation:Config``  Specifies the name of the YAML
+  configuration file. The user can define their own taint sources and sinks.
+* ``optin.taint.TaintPropagation:EnableDefaultConfig`` If set to false,
+   the default source, sink and propagation rules are not loaded. This way,
+   advanced users can fully customize their taint configuration model.
+   Default: ``true``.
 
 **Related Guidelines**
 

diff  --git a/clang/include/clang/StaticAnalyzer/Checkers/Checkers.td b/clang/include/clang/StaticAnalyzer/Checkers/Checkers.td
index 6a409944849e6..3af694ceda1e3 100644
--- a/clang/include/clang/StaticAnalyzer/Checkers/Checkers.td
+++ b/clang/include/clang/StaticAnalyzer/Checkers/Checkers.td
@@ -1634,6 +1634,14 @@ def TaintPropagationChecker : Checker<"TaintPropagation">, // Modelling checker
                   "Config",
                   "Specifies the name of the configuration file.",
                   "",
+                  Released>,
+    CmdLineOption<Boolean,
+                  "EnableDefaultConfig",
+                  "If set to false, the default source, "
+                  "sink and propagation rules are not loaded."
+                  "This way, advanced users can fully customize "
+                  "their taint configuration model.",
+                  "true",
                   Released>
   ]>,
   Documentation<NotDocumented>,

diff  --git a/clang/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp b/clang/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp
index bea8f3f13ba21..6637d044a98af 100644
--- a/clang/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp
+++ b/clang/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp
@@ -801,14 +801,16 @@ void GenericTaintChecker::initTaintRules(CheckerContext &C) const {
     GlobalCRules.push_back(
         {{CDM::CLibrary, {"getenv"}}, TR::Source({{ReturnValueIndex}})});
   }
+  CheckerManager *Mgr = C.getAnalysisManager().getCheckerManager();
 
-  StaticTaintRules.emplace(std::make_move_iterator(GlobalCRules.begin()),
-                           std::make_move_iterator(GlobalCRules.end()));
+  StaticTaintRules = RuleLookupTy{};
+  if (Mgr->getAnalyzerOptions().getCheckerBooleanOption(this,
+                                                        "EnableDefaultConfig"))
+    StaticTaintRules.emplace(std::make_move_iterator(GlobalCRules.begin()),
+                             std::make_move_iterator(GlobalCRules.end()));
 
   // User-provided taint configuration.
-  CheckerManager *Mgr = C.getAnalysisManager().getCheckerManager();
-  assert(Mgr);
-  GenericTaintRuleParser ConfigParser{*Mgr};
+  const GenericTaintRuleParser ConfigParser{*Mgr};
   std::string Option{"Config"};
   StringRef ConfigFile =
       Mgr->getAnalyzerOptions().getCheckerStringOption(this, Option);

diff  --git a/clang/test/Analysis/analyzer-config.c b/clang/test/Analysis/analyzer-config.c
index 96b0c12821746..04dc8c24421bc 100644
--- a/clang/test/Analysis/analyzer-config.c
+++ b/clang/test/Analysis/analyzer-config.c
@@ -114,6 +114,7 @@
 // CHECK-NEXT: optin.osx.cocoa.localizability.NonLocalizedStringChecker:AggressiveReport = false
 // CHECK-NEXT: optin.performance.Padding:AllowedPad = 24
 // CHECK-NEXT: optin.taint.TaintPropagation:Config = ""
+// CHECK-NEXT: optin.taint.TaintPropagation:EnableDefaultConfig = true
 // CHECK-NEXT: osx.NumberObjectConversion:Pedantic = false
 // CHECK-NEXT: osx.cocoa.RetainCount:TrackNSCFStartParam = false
 // CHECK-NEXT: prune-paths = true

More information about the cfe-commits mailing list