[cfe-dev] General query : Alpha security checkers and taint analysis
Artem Dergachev via cfe-dev
cfe-dev at lists.llvm.org
Fri Apr 1 10:01:39 PDT 2016
Source for pretty much everything is available. To see what code
corresponds to what checker, consult the Checkers.td file; for the
TaintPropagation checker, GenericTaintChecker.cpp is the correct code file.
With clang static analyzer, you don't need to (though you may) implement
taint propagation manually in every checker - the TaintPropagation
checker already does a pretty good job, just enable it and code parts
that it doesn't support out of the box.
The static analyzer works only with the source code in C/C++/Objective-C.
You should have no problem dumping all accesses to the tainted values,
similarly to TaintTester, though the current diagnostic engine isn't
very suitable for massive dumps of big data for further analysis - it
was designed to report small numbers of actual bug reports and provides
useful facilities for that.
More information about the cfe-dev