[cfe-dev] Purpose of GenericTaintChecker

Jeremy ??? via cfe-dev cfe-dev at lists.llvm.org
Fri Jun 3 02:18:23 PDT 2016


I'm looking to build a static taint analyzer before I found that it is already available in GenericTaintChecker.

However, I'm unsure of how to go about doing that. What I'm trying to achieve is to check if any tainted variables has been passed into sensitive functions.

My assumption is that one have to write additional code for:
1. Adding taint to sources that are not defined in GenericTaintChecker through "addTaint"
2. Write additional checks in checkPostStmt to see if any tainted sources are passed into sensitive functions by performing string matches on function name and check if the parameters passed in are tainted through "isTainted"

I'm really confused about what was the idea of the GenericTaintChecker and how is it meant to be used. Is it supposed to be used with other checkers that we have to write ourselves?

Below are the sources that I've read from but still do not fully understand them
http://clang-developers.42468.n3.nabble.com/General-query-Alpha-security-checkers-and-taint-analysis-td4050858.html
http://clang-developers.42468.n3.nabble.com/Using-Alpha-taint-checker-in-Clang-static-analyzer-td4050851.html#a4050856
http://clang-developers.42468.n3.nabble.com/Adding-taint-sources-to-GenericTaintChecker-td4050972.html
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.llvm.org/pipermail/cfe-dev/attachments/20160603/2fdbbad8/attachment.html>


More information about the cfe-dev mailing list