[cfe-dev] Adding taint sources to GenericTaintChecker
Ashwin Ganesh via cfe-dev
cfe-dev at lists.llvm.org
Fri Apr 8 22:19:35 PDT 2016
The taint sources already included are user input functions like
getchar,scanf,etc. My requirement is to mark a few function return values
as taint sources at the source level. For ex, in this case readval.
int readval()
{
return 10;
}
int a,b;
a = readval() // warning : tainted
b = a+1 //warning : tainted
Hence , I added this line *.Case("readval",
&GenericTaintChecker::postRetTaint)*to addSourcesPost function in
GenericTaintChecker.cpp and built clang again . But, variable 'a' isn't
getting tainted when I run *scan-build -enable-checker
alpha.security.taint.TaintPropagation,debug.TaintTest clang readval.c -o
rv *. Is there anything else I need to take care?
Regards
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20160409/7c46e9e1/attachment.html>
More information about the cfe-dev
mailing list