[clang] [clang][analyzer] Add taintedness to argv (PR #178054)
Daniel Krupp via cfe-commits
cfe-commits at lists.llvm.org
Fri Feb 20 06:31:24 PST 2026
================
@@ -1413,9 +1371,16 @@ For a more detailed description of configuration options, please see the
**Configuration**
-* `Config` Specifies the name of the YAML configuration file. The user can
+* ``Config`` Specifies the name of the YAML configuration file. The user can
define their own taint sources and sinks.
+* The if the analyzer option ``assume-controlled-environment`` is set to ``false``,
+ it is assumed that the command line arguments and the environment
+ variables of the program are attacker controlled.
+ In particular, the ``argv`` argument of the ``main`` function and
----------------
dkrupp wrote:
The taintedness of envp is not handled by this PR. envp is not in the POSIX standard.
Taintedness of the environment variables are handled though when they are accessed through getenv().
https://github.com/llvm/llvm-project/pull/178054
More information about the cfe-commits
mailing list