[clang] [clang][analyzer] Add taintedness to argv (PR #178054)

[Balázs Benics via cfe-commits]

================
@@ -0,0 +1,40 @@
+// RUN: %clang_analyze_cc1 -analyzer-checker=optin.taint,core,security.ArrayBound -analyzer-config assume-controlled-environment=false -analyzer-output=text -verify %s
+
+// This file is for testing enhanced diagnostics produced by the GenericTaintChecker
+
+typedef __typeof(sizeof(int)) size_t;
+int system(const char *command);
+size_t strlen( const char* str );
+char * strncat ( char * destination, const char * source, size_t num );
+char * strncpy ( char * destination, const char * source, size_t num );
+
+// In an untrusted environment the cmd line arguments
+// are assumed to be tainted.
+int main(int argc, char * argv[]) {// expected-note {{Taint originated in 'argv'}}
+   if (argc < 1)// expected-note {{'argc' is >= 1}}
+                // expected-note at -1 {{Taking false branch}}
+     return 1;
+   char cmd[2048] = "/bin/cat ";
+   char filename[1024];
+   strncpy(filename, argv[1], sizeof(filename)-1); // expected-note {{Taint propagated to the 1st argument}}
----------------
steakhal wrote:

Got it, right!

https://github.com/llvm/llvm-project/pull/178054