clang  15.0.0git
PutenvWithAutoChecker.cpp
Go to the documentation of this file.
1 //== PutenvWithAutoChecker.cpp --------------------------------- -*- C++ -*--=//
2 //
3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4 // See https://llvm.org/LICENSE.txt for license information.
5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6 //
7 //===----------------------------------------------------------------------===//
8 //
9 // This file defines PutenvWithAutoChecker which finds calls of ``putenv``
10 // function with automatic variable as the argument.
11 // https://wiki.sei.cmu.edu/confluence/x/6NYxBQ
12 //
13 //===----------------------------------------------------------------------===//
14 
15 #include "../AllocationState.h"
16 #include "clang/StaticAnalyzer/Checkers/BuiltinCheckerRegistration.h"
17 #include "clang/StaticAnalyzer/Core/BugReporter/BugType.h"
18 #include "clang/StaticAnalyzer/Core/Checker.h"
19 #include "clang/StaticAnalyzer/Core/CheckerManager.h"
20 #include "clang/StaticAnalyzer/Core/PathSensitive/CallDescription.h"
21 #include "clang/StaticAnalyzer/Core/PathSensitive/CallEvent.h"
22 #include "clang/StaticAnalyzer/Core/PathSensitive/CheckerContext.h"
23 #include "clang/StaticAnalyzer/Core/PathSensitive/MemRegion.h"
24 
25 using namespace clang;
26 using namespace ento;
27 
28 namespace {
29 class PutenvWithAutoChecker : public Checker<check::PostCall> {
30 private:
31  BugType BT{this, "'putenv' function should not be called with auto variables",
32  categories::SecurityError};
33  const CallDescription Putenv{"putenv", 1};
34 
35 public:
36  void checkPostCall(const CallEvent &Call, CheckerContext &C) const;
37 };
38 } // namespace
39 
40 void PutenvWithAutoChecker::checkPostCall(const CallEvent &Call,
41  CheckerContext &C) const {
42  if (!Putenv.matches(Call))
43  return;
44 
45  SVal ArgV = Call.getArgSVal(0);
46  const Expr *ArgExpr = Call.getArgExpr(0);
47  const MemSpaceRegion *MSR = ArgV.getAsRegion()->getMemorySpace();
48 
49  if (!isa<StackSpaceRegion>(MSR))
50  return;
51 
52  StringRef ErrorMsg = "The 'putenv' function should not be called with "
53  "arguments that have automatic storage";
54  ExplodedNode *N = C.generateErrorNode();
55  auto Report = std::make_unique<PathSensitiveBugReport>(BT, ErrorMsg, N);
56 
57  // Track the argument.
58  bugreporter::trackExpressionValue(Report->getErrorNode(), ArgExpr, *Report);
59 
60  C.emitReport(std::move(Report));
61 }
62 
63 void ento::registerPutenvWithAuto(CheckerManager &Mgr) {
64  Mgr.registerChecker<PutenvWithAutoChecker>();
65 }
66 
67 bool ento::shouldRegisterPutenvWithAuto(const CheckerManager &) { return true; }
CallDescription.h
AttributeLangSupport::C
@ C
Definition: SemaDeclAttr.cpp:55
clang::index::SymbolRole::Call
@ Call
CallEvent.h
BuiltinCheckerRegistration.h
clang::ento::categories::SecurityError
const char *const SecurityError
Definition: CommonBugCategories.cpp:24
CheckerManager.h
clang::ento::bugreporter::trackExpressionValue
bool trackExpressionValue(const ExplodedNode *N, const Expr *E, PathSensitiveBugReport &R, TrackingOptions Opts={})
Attempts to add visitors to track expression value back to its point of origin.
BugType.h
CheckerContext.h
Checker.h
clang
Definition: CalledOnceCheck.h:17
MemRegion.h
clang::Expr
This represents one expression.
Definition: Expr.h:109
Generated on Wed Jul 20 2022 15:26:00 for clang by   doxygen 1.8.17