clang-tools  16.0.0git
CommandProcessorCheck.cpp
Go to the documentation of this file.
1 //===-- CommandProcessorCheck.cpp - clang-tidy ----------------------------===//
2 //
3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4 // See https://llvm.org/LICENSE.txt for license information.
5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6 //
7 //===----------------------------------------------------------------------===//
8 
10 #include "clang/AST/ASTContext.h"
11 #include "clang/ASTMatchers/ASTMatchFinder.h"
12 
13 using namespace clang::ast_matchers;
14 
15 namespace clang {
16 namespace tidy {
17 namespace cert {
18 
19 void CommandProcessorCheck::registerMatchers(MatchFinder *Finder) {
20  Finder->addMatcher(
21  callExpr(
22  callee(functionDecl(hasAnyName("::system", "::popen", "::_popen"))
23  .bind("func")),
24  // Do not diagnose when the call expression passes a null pointer
25  // constant to system(); that only checks for the presence of a
26  // command processor, which is not a security risk by itself.
27  unless(callExpr(callee(functionDecl(hasName("::system"))),
28  argumentCountIs(1),
29  hasArgument(0, nullPointerConstant()))))
30  .bind("expr"),
31  this);
32 }
33 
34 void CommandProcessorCheck::check(const MatchFinder::MatchResult &Result) {
35  const auto *Fn = Result.Nodes.getNodeAs<FunctionDecl>("func");
36  const auto *E = Result.Nodes.getNodeAs<CallExpr>("expr");
37 
38  diag(E->getExprLoc(), "calling %0 uses a command processor") << Fn;
39 }
40 
41 } // namespace cert
42 } // namespace tidy
43 } // namespace clang
E
const Expr * E
Definition: AvoidBindCheck.cpp:88
CommandProcessorCheck.h
clang::ast_matchers
Definition: AbseilMatcher.h:14
clang
===– Representation.cpp - ClangDoc Representation --------—*- C++ -*-===//
Definition: ApplyReplacements.h:27
clang::clangd::check
bool check(llvm::StringRef File, const ThreadsafeFS &TFS, const ClangdLSPServer::Options &Opts)
Definition: Check.cpp:418