clang  14.0.0git
PutenvWithAutoChecker.cpp
Go to the documentation of this file.
1 //== PutenvWithAutoChecker.cpp --------------------------------- -*- C++ -*--=//
2 //
3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4 // See https://llvm.org/LICENSE.txt for license information.
5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6 //
7 //===----------------------------------------------------------------------===//
8 //
9 // This file defines PutenvWithAutoChecker which finds calls of ``putenv``
10 // function with automatic variable as the argument.
11 // https://wiki.sei.cmu.edu/confluence/x/6NYxBQ
12 //
13 //===----------------------------------------------------------------------===//
14 
15 #include "../AllocationState.h"
16 #include "clang/StaticAnalyzer/Checkers/BuiltinCheckerRegistration.h"
17 #include "clang/StaticAnalyzer/Core/BugReporter/BugType.h"
18 #include "clang/StaticAnalyzer/Core/Checker.h"
19 #include "clang/StaticAnalyzer/Core/CheckerManager.h"
20 #include "clang/StaticAnalyzer/Core/PathSensitive/CallEvent.h"
21 #include "clang/StaticAnalyzer/Core/PathSensitive/CheckerContext.h"
22 #include "clang/StaticAnalyzer/Core/PathSensitive/MemRegion.h"
23 
24 using namespace clang;
25 using namespace ento;
26 
27 namespace {
28 class PutenvWithAutoChecker : public Checker<check::PostCall> {
29 private:
30  BugType BT{this, "'putenv' function should not be called with auto variables",
31  categories::SecurityError};
32  const CallDescription Putenv{"putenv", 1};
33 
34 public:
35  void checkPostCall(const CallEvent &Call, CheckerContext &C) const;
36 };
37 } // namespace
38 
39 void PutenvWithAutoChecker::checkPostCall(const CallEvent &Call,
40  CheckerContext &C) const {
41  if (!Call.isCalled(Putenv))
42  return;
43 
44  SVal ArgV = Call.getArgSVal(0);
45  const Expr *ArgExpr = Call.getArgExpr(0);
46  const MemSpaceRegion *MSR = ArgV.getAsRegion()->getMemorySpace();
47 
48  if (!isa<StackSpaceRegion>(MSR))
49  return;
50 
51  StringRef ErrorMsg = "The 'putenv' function should not be called with "
52  "arguments that have automatic storage";
53  ExplodedNode *N = C.generateErrorNode();
54  auto Report = std::make_unique<PathSensitiveBugReport>(BT, ErrorMsg, N);
55 
56  // Track the argument.
57  bugreporter::trackExpressionValue(Report->getErrorNode(), ArgExpr, *Report);
58 
59  C.emitReport(std::move(Report));
60 }
61 
62 void ento::registerPutenvWithAuto(CheckerManager &Mgr) {
63  Mgr.registerChecker<PutenvWithAutoChecker>();
64 }
65 
66 bool ento::shouldRegisterPutenvWithAuto(const CheckerManager &) { return true; }
AttributeLangSupport::C
@ C
Definition: SemaDeclAttr.cpp:54
clang::index::SymbolRole::Call
@ Call
CallEvent.h
BuiltinCheckerRegistration.h
clang::ento::categories::SecurityError
const char *const SecurityError
Definition: CommonBugCategories.cpp:24
CheckerManager.h
clang::ento::bugreporter::trackExpressionValue
bool trackExpressionValue(const ExplodedNode *N, const Expr *E, PathSensitiveBugReport &R, TrackingOptions Opts={})
Attempts to add visitors to track expression value back to its point of origin.
BugType.h
CheckerContext.h
Checker.h
clang
Definition: CalledOnceCheck.h:17
MemRegion.h
clang::Expr
This represents one expression.
Definition: Expr.h:109
Generated on Sat Oct 16 2021 11:41:12 for clang by   doxygen 1.8.17