clang-tools 20.0.0git
CERTTidyModule.cpp
Go to the documentation of this file.
1//===--- CERTTidyModule.cpp - clang-tidy ----------------------------------===//
2//
3// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4// See https://llvm.org/LICENSE.txt for license information.
5// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6//
7//===----------------------------------------------------------------------===//
8
9#include "../ClangTidy.h"
10#include "../ClangTidyModule.h"
11#include "../ClangTidyModuleRegistry.h"
12#include "../bugprone/BadSignalToKillThreadCheck.h"
13#include "../bugprone/PointerArithmeticOnPolymorphicObjectCheck.h"
14#include "../bugprone/ReservedIdentifierCheck.h"
15#include "../bugprone/SignalHandlerCheck.h"
16#include "../bugprone/SignedCharMisuseCheck.h"
17#include "../bugprone/SizeofExpressionCheck.h"
18#include "../bugprone/SpuriouslyWakeUpFunctionsCheck.h"
19#include "../bugprone/SuspiciousMemoryComparisonCheck.h"
20#include "../bugprone/UnhandledSelfAssignmentCheck.h"
21#include "../bugprone/UnsafeFunctionsCheck.h"
22#include "../bugprone/UnusedReturnValueCheck.h"
23#include "../concurrency/ThreadCanceltypeAsynchronousCheck.h"
24#include "../google/UnnamedNamespaceInHeaderCheck.h"
25#include "../misc/NewDeleteOverloadsCheck.h"
26#include "../misc/NonCopyableObjects.h"
27#include "../misc/StaticAssertCheck.h"
28#include "../misc/ThrowByValueCatchByReferenceCheck.h"
29#include "../performance/MoveConstructorInitCheck.h"
30#include "../readability/EnumInitialValueCheck.h"
31#include "../readability/UppercaseLiteralSuffixCheck.h"
32#include "CommandProcessorCheck.h"
33#include "DefaultOperatorNewAlignmentCheck.h"
34#include "DontModifyStdNamespaceCheck.h"
35#include "FloatLoopCounter.h"
36#include "LimitedRandomnessCheck.h"
37#include "MutatingCopyCheck.h"
38#include "NonTrivialTypesLibcMemoryCallsCheck.h"
39#include "ProperlySeededRandomGeneratorCheck.h"
40#include "SetLongJmpCheck.h"
41#include "StaticObjectExceptionCheck.h"
42#include "StrToNumCheck.h"
43#include "ThrownExceptionTypeCheck.h"
44#include "VariadicFunctionDefCheck.h"
45
46namespace {
47
48// Checked functions for cert-err33-c.
49// The following functions are deliberately excluded because they can be called
50// with NULL argument and in this case the check is not applicable:
51// `mblen, mbrlen, mbrtowc, mbtowc, wctomb, wctomb_s`.
52// FIXME: The check can be improved to handle such cases.
53const llvm::StringRef CertErr33CCheckedFunctions = "^::aligned_alloc;"
54 "^::asctime_s;"
55 "^::at_quick_exit;"
56 "^::atexit;"
57 "^::bsearch;"
58 "^::bsearch_s;"
59 "^::btowc;"
60 "^::c16rtomb;"
61 "^::c32rtomb;"
62 "^::calloc;"
63 "^::clock;"
64 "^::cnd_broadcast;"
65 "^::cnd_init;"
66 "^::cnd_signal;"
67 "^::cnd_timedwait;"
68 "^::cnd_wait;"
69 "^::ctime_s;"
70 "^::fclose;"
71 "^::fflush;"
72 "^::fgetc;"
73 "^::fgetpos;"
74 "^::fgets;"
75 "^::fgetwc;"
76 "^::fopen;"
77 "^::fopen_s;"
78 "^::fprintf;"
79 "^::fprintf_s;"
80 "^::fputc;"
81 "^::fputs;"
82 "^::fputwc;"
83 "^::fputws;"
84 "^::fread;"
85 "^::freopen;"
86 "^::freopen_s;"
87 "^::fscanf;"
88 "^::fscanf_s;"
89 "^::fseek;"
90 "^::fsetpos;"
91 "^::ftell;"
92 "^::fwprintf;"
93 "^::fwprintf_s;"
94 "^::fwrite;"
95 "^::fwscanf;"
96 "^::fwscanf_s;"
97 "^::getc;"
98 "^::getchar;"
99 "^::getenv;"
100 "^::getenv_s;"
101 "^::gets_s;"
102 "^::getwc;"
103 "^::getwchar;"
104 "^::gmtime;"
105 "^::gmtime_s;"
106 "^::localtime;"
107 "^::localtime_s;"
108 "^::malloc;"
109 "^::mbrtoc16;"
110 "^::mbrtoc32;"
111 "^::mbsrtowcs;"
112 "^::mbsrtowcs_s;"
113 "^::mbstowcs;"
114 "^::mbstowcs_s;"
115 "^::memchr;"
116 "^::mktime;"
117 "^::mtx_init;"
118 "^::mtx_lock;"
119 "^::mtx_timedlock;"
120 "^::mtx_trylock;"
121 "^::mtx_unlock;"
122 "^::printf_s;"
123 "^::putc;"
124 "^::putwc;"
125 "^::raise;"
126 "^::realloc;"
127 "^::remove;"
128 "^::rename;"
129 "^::scanf;"
130 "^::scanf_s;"
131 "^::setlocale;"
132 "^::setvbuf;"
133 "^::signal;"
134 "^::snprintf;"
135 "^::snprintf_s;"
136 "^::sprintf;"
137 "^::sprintf_s;"
138 "^::sscanf;"
139 "^::sscanf_s;"
140 "^::strchr;"
141 "^::strerror_s;"
142 "^::strftime;"
143 "^::strpbrk;"
144 "^::strrchr;"
145 "^::strstr;"
146 "^::strtod;"
147 "^::strtof;"
148 "^::strtoimax;"
149 "^::strtok;"
150 "^::strtok_s;"
151 "^::strtol;"
152 "^::strtold;"
153 "^::strtoll;"
154 "^::strtoul;"
155 "^::strtoull;"
156 "^::strtoumax;"
157 "^::strxfrm;"
158 "^::swprintf;"
159 "^::swprintf_s;"
160 "^::swscanf;"
161 "^::swscanf_s;"
162 "^::thrd_create;"
163 "^::thrd_detach;"
164 "^::thrd_join;"
165 "^::thrd_sleep;"
166 "^::time;"
167 "^::timespec_get;"
168 "^::tmpfile;"
169 "^::tmpfile_s;"
170 "^::tmpnam;"
171 "^::tmpnam_s;"
172 "^::tss_create;"
173 "^::tss_get;"
174 "^::tss_set;"
175 "^::ungetc;"
176 "^::ungetwc;"
177 "^::vfprintf;"
178 "^::vfprintf_s;"
179 "^::vfscanf;"
180 "^::vfscanf_s;"
181 "^::vfwprintf;"
182 "^::vfwprintf_s;"
183 "^::vfwscanf;"
184 "^::vfwscanf_s;"
185 "^::vprintf_s;"
186 "^::vscanf;"
187 "^::vscanf_s;"
188 "^::vsnprintf;"
189 "^::vsnprintf_s;"
190 "^::vsprintf;"
191 "^::vsprintf_s;"
192 "^::vsscanf;"
193 "^::vsscanf_s;"
194 "^::vswprintf;"
195 "^::vswprintf_s;"
196 "^::vswscanf;"
197 "^::vswscanf_s;"
198 "^::vwprintf_s;"
199 "^::vwscanf;"
200 "^::vwscanf_s;"
201 "^::wcrtomb;"
202 "^::wcschr;"
203 "^::wcsftime;"
204 "^::wcspbrk;"
205 "^::wcsrchr;"
206 "^::wcsrtombs;"
207 "^::wcsrtombs_s;"
208 "^::wcsstr;"
209 "^::wcstod;"
210 "^::wcstof;"
211 "^::wcstoimax;"
212 "^::wcstok;"
213 "^::wcstok_s;"
214 "^::wcstol;"
215 "^::wcstold;"
216 "^::wcstoll;"
217 "^::wcstombs;"
218 "^::wcstombs_s;"
219 "^::wcstoul;"
220 "^::wcstoull;"
221 "^::wcstoumax;"
222 "^::wcsxfrm;"
223 "^::wctob;"
224 "^::wctrans;"
225 "^::wctype;"
226 "^::wmemchr;"
227 "^::wprintf_s;"
228 "^::wscanf;"
229 "^::wscanf_s;";
230
231} // namespace
232
233namespace clang::tidy {
234namespace cert {
235
236class CERTModule : public ClangTidyModule {
237public:
238 void addCheckFactories(ClangTidyCheckFactories &CheckFactories) override {
239 // C++ checkers
240 // CON
241 CheckFactories.registerCheck<bugprone::SpuriouslyWakeUpFunctionsCheck>(
242 "cert-con54-cpp");
243 // CTR
244 CheckFactories
245 .registerCheck<bugprone::PointerArithmeticOnPolymorphicObjectCheck>(
246 "cert-ctr56-cpp");
247 // DCL
248 CheckFactories.registerCheck<VariadicFunctionDefCheck>("cert-dcl50-cpp");
249 CheckFactories.registerCheck<bugprone::ReservedIdentifierCheck>(
250 "cert-dcl51-cpp");
251 CheckFactories.registerCheck<misc::NewDeleteOverloadsCheck>(
252 "cert-dcl54-cpp");
253 CheckFactories.registerCheck<DontModifyStdNamespaceCheck>(
254 "cert-dcl58-cpp");
255 CheckFactories.registerCheck<google::build::UnnamedNamespaceInHeaderCheck>(
256 "cert-dcl59-cpp");
257 // ERR
258 CheckFactories.registerCheck<misc::ThrowByValueCatchByReferenceCheck>(
259 "cert-err09-cpp");
260 CheckFactories.registerCheck<SetLongJmpCheck>("cert-err52-cpp");
261 CheckFactories.registerCheck<StaticObjectExceptionCheck>("cert-err58-cpp");
262 CheckFactories.registerCheck<ThrownExceptionTypeCheck>("cert-err60-cpp");
263 CheckFactories.registerCheck<misc::ThrowByValueCatchByReferenceCheck>(
264 "cert-err61-cpp");
265 // MEM
266 CheckFactories.registerCheck<DefaultOperatorNewAlignmentCheck>(
267 "cert-mem57-cpp");
268 // MSC
269 CheckFactories.registerCheck<LimitedRandomnessCheck>("cert-msc50-cpp");
270 CheckFactories.registerCheck<ProperlySeededRandomGeneratorCheck>(
271 "cert-msc51-cpp");
272 CheckFactories.registerCheck<bugprone::SignalHandlerCheck>(
273 "cert-msc54-cpp");
274 // OOP
275 CheckFactories.registerCheck<performance::MoveConstructorInitCheck>(
276 "cert-oop11-cpp");
277 CheckFactories.registerCheck<bugprone::UnhandledSelfAssignmentCheck>(
278 "cert-oop54-cpp");
279 CheckFactories.registerCheck<NonTrivialTypesLibcMemoryCallsCheck>(
280 "cert-oop57-cpp");
281 CheckFactories.registerCheck<MutatingCopyCheck>(
282 "cert-oop58-cpp");
283
284 // C checkers
285 // ARR
286 CheckFactories.registerCheck<bugprone::SizeofExpressionCheck>(
287 "cert-arr39-c");
288 // CON
289 CheckFactories.registerCheck<bugprone::SpuriouslyWakeUpFunctionsCheck>(
290 "cert-con36-c");
291 // DCL
292 CheckFactories.registerCheck<misc::StaticAssertCheck>("cert-dcl03-c");
293 CheckFactories.registerCheck<readability::UppercaseLiteralSuffixCheck>(
294 "cert-dcl16-c");
295 CheckFactories.registerCheck<bugprone::ReservedIdentifierCheck>(
296 "cert-dcl37-c");
297 // ENV
298 CheckFactories.registerCheck<CommandProcessorCheck>("cert-env33-c");
299 // ERR
300 CheckFactories.registerCheck<bugprone::UnusedReturnValueCheck>(
301 "cert-err33-c");
302 CheckFactories.registerCheck<StrToNumCheck>("cert-err34-c");
303 // EXP
304 CheckFactories.registerCheck<bugprone::SuspiciousMemoryComparisonCheck>(
305 "cert-exp42-c");
306 // FLP
307 CheckFactories.registerCheck<FloatLoopCounter>("cert-flp30-c");
308 CheckFactories.registerCheck<bugprone::SuspiciousMemoryComparisonCheck>(
309 "cert-flp37-c");
310 // FIO
311 CheckFactories.registerCheck<misc::NonCopyableObjectsCheck>("cert-fio38-c");
312 // INT
313 CheckFactories.registerCheck<readability::EnumInitialValueCheck>(
314 "cert-int09-c");
315 // MSC
316 CheckFactories.registerCheck<bugprone::UnsafeFunctionsCheck>(
317 "cert-msc24-c");
318 CheckFactories.registerCheck<LimitedRandomnessCheck>("cert-msc30-c");
319 CheckFactories.registerCheck<ProperlySeededRandomGeneratorCheck>(
320 "cert-msc32-c");
321 CheckFactories.registerCheck<bugprone::UnsafeFunctionsCheck>(
322 "cert-msc33-c");
323 // POS
324 CheckFactories.registerCheck<bugprone::BadSignalToKillThreadCheck>(
325 "cert-pos44-c");
326 CheckFactories
327 .registerCheck<concurrency::ThreadCanceltypeAsynchronousCheck>(
328 "cert-pos47-c");
329 // SIG
330 CheckFactories.registerCheck<bugprone::SignalHandlerCheck>("cert-sig30-c");
331 // STR
332 CheckFactories.registerCheck<bugprone::SignedCharMisuseCheck>(
333 "cert-str34-c");
334 }
335
336 ClangTidyOptions getModuleOptions() override {
337 ClangTidyOptions Options;
338 ClangTidyOptions::OptionMap &Opts = Options.CheckOptions;
339 Opts["cert-arr39-c.WarnOnSizeOfConstant"] = "false";
340 Opts["cert-arr39-c.WarnOnSizeOfIntegerExpression"] = "false";
341 Opts["cert-arr39-c.WarnOnSizeOfThis"] = "false";
342 Opts["cert-arr39-c.WarnOnSizeOfCompareToConstant"] = "false";
343 Opts["cert-arr39-c.WarnOnSizeOfPointer"] = "false";
344 Opts["cert-arr39-c.WarnOnSizeOfPointerToAggregate"] = "false";
345 Opts["cert-dcl16-c.NewSuffixes"] = "L;LL;LU;LLU";
346 Opts["cert-err33-c.CheckedFunctions"] = CertErr33CCheckedFunctions;
347 Opts["cert-err33-c.AllowCastToVoid"] = "true";
348 Opts["cert-oop54-cpp.WarnOnlyIfThisHasSuspiciousField"] = "false";
349 Opts["cert-str34-c.DiagnoseSignedUnsignedCharComparisons"] = "false";
350 return Options;
351 }
352};
353
354} // namespace cert
355
356// Register the MiscTidyModule using this statically initialized variable.
357static ClangTidyModuleRegistry::Add<cert::CERTModule>
358 X("cert-module",
359 "Adds lint checks corresponding to CERT secure coding guidelines.");
360
361// This anchor is used to force the linker to link in the generated object file
362// and thus register the CERTModule.
363volatile int CERTModuleAnchorSource = 0;
364
365} // namespace clang::tidy
X
int X
Definition: LSPBinderTests.cpp:26
clang::tidy::ClangTidyCheckFactories
A collection of ClangTidyCheckFactory instances.
Definition: ClangTidyModule.h:27
clang::tidy::ClangTidyCheckFactories::registerCheck
void registerCheck(llvm::StringRef CheckName)
Registers the CheckType with the name Name.
Definition: ClangTidyModule.h:58
clang::tidy::ClangTidyModule
A clang-tidy module groups a number of ClangTidyChecks and gives them a prefixed name.
Definition: ClangTidyModule.h:84
clang::tidy::bugprone::BadSignalToKillThreadCheck
Finds pthread_kill function calls when thread is terminated by SIGTERM signal.
Definition: BadSignalToKillThreadCheck.h:21
clang::tidy::bugprone::PointerArithmeticOnPolymorphicObjectCheck
Finds pointer arithmetic performed on classes that contain a virtual function.
Definition: PointerArithmeticOnPolymorphicObjectCheck.h:21
clang::tidy::bugprone::ReservedIdentifierCheck
Checks for usages of identifiers reserved for use by the implementation.
Definition: ReservedIdentifierCheck.h:31
clang::tidy::bugprone::SignalHandlerCheck
Checker for signal handler functions.
Definition: SignalHandlerCheck.h:23
clang::tidy::bugprone::SignedCharMisuseCheck
Finds those signed char -> integer conversions which might indicate a programming error.
Definition: SignedCharMisuseCheck.h:24
clang::tidy::bugprone::SizeofExpressionCheck
Find suspicious usages of sizeof expressions.
Definition: SizeofExpressionCheck.h:20
clang::tidy::bugprone::SpuriouslyWakeUpFunctionsCheck
Finds cnd_wait, cnd_timedwait, wait, wait_for, or wait_until function calls when the function is not ...
Definition: SpuriouslyWakeUpFunctionsCheck.h:23
clang::tidy::bugprone::SuspiciousMemoryComparisonCheck
Finds potentially incorrect calls to memcmp() based on properties of the arguments.
Definition: SuspiciousMemoryComparisonCheck.h:21
clang::tidy::bugprone::UnhandledSelfAssignmentCheck
Finds user-defined copy assignment operators which do not protect the code against self-assignment ei...
Definition: UnhandledSelfAssignmentCheck.h:22
clang::tidy::bugprone::UnsafeFunctionsCheck
Checks for functions that have safer, more secure replacements available, or are considered deprecate...
Definition: UnsafeFunctionsCheck.h:24
clang::tidy::bugprone::UnusedReturnValueCheck
Detects function calls where the return value is unused.
Definition: UnusedReturnValueCheck.h:21
clang::tidy::cert::CERTModule::addCheckFactories
void addCheckFactories(ClangTidyCheckFactories &CheckFactories) override
Implement this function in order to register all CheckFactories belonging to this module.
Definition: CERTTidyModule.cpp:238
clang::tidy::cert::CERTModule::getModuleOptions
ClangTidyOptions getModuleOptions() override
Gets default options for checks defined in this module.
Definition: CERTTidyModule.cpp:336
clang::tidy::cert::CommandProcessorCheck
Execution of a command processor can lead to security vulnerabilities, and is generally not required.
Definition: CommandProcessorCheck.h:23
clang::tidy::cert::DefaultOperatorNewAlignmentCheck
Checks if an object of type with extended alignment is allocated by using the default operator new.
Definition: DefaultOperatorNewAlignmentCheck.h:21
clang::tidy::cert::DontModifyStdNamespaceCheck
Modification of the std or posix namespace can result in undefined behavior.
Definition: DontModifyStdNamespaceCheck.h:21
clang::tidy::cert::FloatLoopCounter
This check diagnoses when the loop induction expression of a for loop has floating-point type.
Definition: FloatLoopCounter.h:22
clang::tidy::cert::LimitedRandomnessCheck
Pseudorandom number generators are not genuinely random.
Definition: LimitedRandomnessCheck.h:23
clang::tidy::cert::MutatingCopyCheck
Finds assignments to the copied object and its direct or indirect members in copy constructors and co...
Definition: MutatingCopyCheck.h:21
clang::tidy::cert::NonTrivialTypesLibcMemoryCallsCheck
Flags use of the C standard library functions 'memset', 'memcpy' and 'memcmp' and similar derivatives...
Definition: NonTrivialTypesLibcMemoryCallsCheck.h:21
clang::tidy::cert::SetLongJmpCheck
Guards against use of setjmp/longjmp in C++ code.
Definition: SetLongJmpCheck.h:20
clang::tidy::cert::StaticObjectExceptionCheck
Checks whether the constructor for a static or thread_local object will throw.
Definition: StaticObjectExceptionCheck.h:21
clang::tidy::cert::StrToNumCheck
Guards against use of string conversion functions that do not have reasonable error handling for conv...
Definition: StrToNumCheck.h:21
clang::tidy::cert::ThrownExceptionTypeCheck
Checks whether a thrown object is nothrow copy constructible.
Definition: ThrownExceptionTypeCheck.h:20
clang::tidy::cert::VariadicFunctionDefCheck
Guards against any C-style variadic function definitions (not declarations).
Definition: VariadicFunctionDefCheck.h:20
clang::tidy::concurrency::ThreadCanceltypeAsynchronousCheck
Finds pthread_setcanceltype function calls where a thread's cancellation type is set to asynchronous.
Definition: ThreadCanceltypeAsynchronousCheck.h:20
clang::tidy::misc::NonCopyableObjectsCheck
The check flags dereferences and non-pointer declarations of objects that are not meant to be passed ...
Definition: NonCopyableObjects.h:18
clang::tidy::misc::StaticAssertCheck
Replaces assert() with static_assert() if the condition is evaluatable at compile time.
Definition: StaticAssertCheck.h:23
clang::tidy::performance::MoveConstructorInitCheck
The check flags user-defined move constructors that have a ctor-initializer initializing a member or ...
Definition: MoveConstructorInitCheck.h:21
clang::tidy::readability::EnumInitialValueCheck
Enforces consistent style for enumerators' initialization, covering three styles: none,...
Definition: EnumInitialValueCheck.h:21
clang::tidy::readability::UppercaseLiteralSuffixCheck
Detects when the integral literal or floating point literal has non-uppercase suffix,...
Definition: UppercaseLiteralSuffixCheck.h:23
clang::tidy::CERTModuleAnchorSource
volatile int CERTModuleAnchorSource
Definition: CERTTidyModule.cpp:363
clang::tidy::ClangTidyOptions
Contains options for clang-tidy.
Definition: ClangTidyOptions.h:50
clang::tidy::ClangTidyOptions::CheckOptions
OptionMap CheckOptions
Key-value mapping used to store check-specific options.
Definition: ClangTidyOptions.h:130
clang::tidy::ClangTidyOptions::OptionMap
llvm::StringMap< ClangTidyValue > OptionMap
Definition: ClangTidyOptions.h:127
Generated on Fri Jul 18 2025 03:23:36 for clang-tools by doxygen 1.9.6