[cfe-dev] General query : Alpha security checkers and taint analysis

Artem Dergachev via cfe-dev cfe-dev at lists.llvm.org
Fri Apr 1 10:01:39 PDT 2016

Source for pretty much everything is available. To see what code 
corresponds to what checker, consult the Checkers.td file; for the 
TaintPropagation checker, GenericTaintChecker.cpp is the correct code file.

With clang static analyzer, you don't need to (though you may) implement 
taint propagation manually in every checker - the TaintPropagation 
checker already does a pretty good job, just enable it and code parts 
that it doesn't support out of the box.

The static analyzer works only with the source code in C/C++/Objective-C.

You should have no problem dumping all accesses to the tainted values, 
similarly to TaintTester, though the current diagnostic engine isn't 
very suitable for massive dumps of big data for further analysis - it 
was designed to report small numbers of actual bug reports and provides 
useful facilities for that.

More information about the cfe-dev mailing list