clang  15.0.0git
TaintTesterChecker.cpp
Go to the documentation of this file.
1 //== TaintTesterChecker.cpp ----------------------------------- -*- C++ -*--=//
2 //
3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4 // See https://llvm.org/LICENSE.txt for license information.
5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6 //
7 //===----------------------------------------------------------------------===//
8 //
9 // This checker can be used for testing how taint data is propagated.
10 //
11 //===----------------------------------------------------------------------===//
12 
19 
20 using namespace clang;
21 using namespace ento;
22 using namespace taint;
23 
24 namespace {
25 class TaintTesterChecker : public Checker<check::PostStmt<Expr>> {
26  std::unique_ptr<BugType> BT =
27  std::make_unique<BugType>(this, "Tainted data", "General");
28 
29 public:
30  void checkPostStmt(const Expr *E, CheckerContext &C) const;
31 };
32 }
33 
34 void TaintTesterChecker::checkPostStmt(const Expr *E,
35  CheckerContext &C) const {
36  ProgramStateRef State = C.getState();
37  if (!State)
38  return;
39 
40  if (isTainted(State, E, C.getLocationContext())) {
41  if (ExplodedNode *N = C.generateNonFatalErrorNode()) {
42  auto report = std::make_unique<PathSensitiveBugReport>(*BT, "tainted", N);
43  report->addRange(E->getSourceRange());
44  C.emitReport(std::move(report));
45  }
46  }
47 }
48 
49 void ento::registerTaintTesterChecker(CheckerManager &mgr) {
50  mgr.registerChecker<TaintTesterChecker>();
51 }
52 
53 bool ento::shouldRegisterTaintTesterChecker(const CheckerManager &mgr) {
54  return true;
55 }
clang::Stmt::getSourceRange
SourceRange getSourceRange() const LLVM_READONLY
SourceLocation tokens are not useful in isolation - they are low level value objects created/interpre...
Definition: Stmt.cpp:324
clang::ento::ProgramStateRef
IntrusiveRefCntPtr< const ProgramState > ProgramStateRef
Definition: ProgramState_Fwd.h:37
AttributeLangSupport::C
@ C
Definition: SemaDeclAttr.cpp:55
clang::ento::taint::isTainted
bool isTainted(ProgramStateRef State, const Stmt *S, const LocationContext *LCtx, TaintTagType Kind=TaintTagGeneric)
Check if the statement has a tainted value in the given state.
BuiltinCheckerRegistration.h
CheckerManager.h
Taint.h
BugType.h
State
LineState State
Definition: UnwrappedLineFormatter.cpp:1126
CheckerContext.h
Checker.h
clang
Definition: CalledOnceCheck.h:17
clang::Expr
This represents one expression.
Definition: Expr.h:109