clang 22.0.0git
PutenvStackArrayChecker.cpp
Go to the documentation of this file.
1//== PutenvStackArrayChecker.cpp ------------------------------- -*- C++ -*--=//
2//
3// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4// See https://llvm.org/LICENSE.txt for license information.
5// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6//
7//===----------------------------------------------------------------------===//
8//
9// This file defines PutenvStackArrayChecker which finds calls of ``putenv``
10// function with automatic array variable as the argument.
11// https://wiki.sei.cmu.edu/confluence/x/6NYxBQ
12//
13//===----------------------------------------------------------------------===//
14
15#include "clang/StaticAnalyzer/Checkers/BuiltinCheckerRegistration.h"
16#include "clang/StaticAnalyzer/Core/BugReporter/BugType.h"
17#include "clang/StaticAnalyzer/Core/Checker.h"
18#include "clang/StaticAnalyzer/Core/CheckerManager.h"
19#include "clang/StaticAnalyzer/Core/PathSensitive/CallDescription.h"
20#include "clang/StaticAnalyzer/Core/PathSensitive/CallEvent.h"
21#include "clang/StaticAnalyzer/Core/PathSensitive/CheckerContext.h"
22#include "clang/StaticAnalyzer/Core/PathSensitive/MemRegion.h"
23
24using namespace clang;
25using namespace ento;
26
27namespace {
28class PutenvStackArrayChecker : public Checker<check::PostCall> {
29private:
30 BugType BT{this, "'putenv' called with stack-allocated string",
31 categories::SecurityError};
32 const CallDescription Putenv{CDM::CLibrary, {"putenv"}, 1};
33
34public:
35 void checkPostCall(const CallEvent &Call, CheckerContext &C) const;
36};
37} // namespace
38
39void PutenvStackArrayChecker::checkPostCall(const CallEvent &Call,
40 CheckerContext &C) const {
41 if (!Putenv.matches(Call))
42 return;
43
44 SVal ArgV = Call.getArgSVal(0);
45 const Expr *ArgExpr = Call.getArgExpr(0);
46
47 if (!ArgV.getAsRegion())
48 return;
49
50 const auto *SSR =
51 ArgV.getAsRegion()->getMemorySpaceAs<StackSpaceRegion>(C.getState());
52 if (!SSR)
53 return;
54 const auto *StackFrameFuncD =
55 dyn_cast_or_null<FunctionDecl>(SSR->getStackFrame()->getDecl());
56 if (StackFrameFuncD && StackFrameFuncD->isMain())
57 return;
58
59 StringRef ErrorMsg = "The 'putenv' function should not be called with "
60 "arrays that have automatic storage";
61 ExplodedNode *N = C.generateErrorNode();
62 auto Report = std::make_unique<PathSensitiveBugReport>(BT, ErrorMsg, N);
63
64 // Track the argument.
65 bugreporter::trackExpressionValue(Report->getErrorNode(), ArgExpr, *Report);
66
67 C.emitReport(std::move(Report));
68}
69
70void ento::registerPutenvStackArray(CheckerManager &Mgr) {
71 Mgr.registerChecker<PutenvStackArrayChecker>();
72}
73
74bool ento::shouldRegisterPutenvStackArray(const CheckerManager &) {
75 return true;
76}
clang::ento::CallDescription::matches
bool matches(const CallEvent &Call) const
Returns true if the CallEvent is a call to a function that matches the CallDescription.
Definition CallDescription.cpp:50
clang::ento::CallEvent
Represents an abstract call to a function or method along a particular path.
Definition CallEvent.h:153
clang::ento::CheckerManager::registerChecker
CHECKER * registerChecker(AT &&...Args)
Register a single-part checker (derived from Checker): construct its singleton instance,...
Definition CheckerManager.h:218
clang::ento::Checker
Simple checker classes that implement one frontend (i.e.
Definition Checker.h:553
clang::ento::MemRegion::getMemorySpaceAs
const MemSpace * getMemorySpaceAs(ProgramStateRef State) const
Definition MemRegion.h:143
clang::ento::SVal::getAsRegion
const MemRegion * getAsRegion() const
Definition SVals.cpp:119
clang::ento::bugreporter::trackExpressionValue
bool trackExpressionValue(const ExplodedNode *N, const Expr *E, PathSensitiveBugReport &R, TrackingOptions Opts={})
Attempts to add visitors to track expression value back to its point of origin.
Definition BugReporterVisitors.cpp:2641
clang
The JSON file list parser is used to communicate input to InstallAPI.
Definition CalledOnceCheck.h:17
Generated on for clang by doxygen 1.14.0