r371342 - Move prop-sink branch to monorepo.
Author: boga95 Date: Sun Sep 8 12:23:43 2019 New Revision: 371342 URL: http://llvm.org/viewvc/llvm-project?rev=371342=rev Log: Move prop-sink branch to monorepo. Modified: cfe/trunk/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp cfe/trunk/test/Analysis/taint-generic.c Modified: cfe/trunk/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp?rev=371342=371341=371342=diff == --- cfe/trunk/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp (original) +++ cfe/trunk/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp Sun Sep 8 12:23:43 2019 @@ -115,27 +115,44 @@ private: static Optional getPointedToSVal(CheckerContext , const Expr *Arg); /// Check for CWE-134: Uncontrolled Format String. - static const char MsgUncontrolledFormatString[]; + static constexpr llvm::StringLiteral MsgUncontrolledFormatString = + "Untrusted data is used as a format string " + "(CWE-134: Uncontrolled Format String)"; bool checkUncontrolledFormatString(const CallExpr *CE, CheckerContext ) const; /// Check for: /// CERT/STR02-C. "Sanitize data passed to complex subsystems" /// CWE-78, "Failure to Sanitize Data into an OS Command" - static const char MsgSanitizeSystemArgs[]; + static constexpr llvm::StringLiteral MsgSanitizeSystemArgs = + "Untrusted data is passed to a system call " + "(CERT/STR02-C. Sanitize data passed to complex subsystems)"; bool checkSystemCall(const CallExpr *CE, StringRef Name, CheckerContext ) const; /// Check if tainted data is used as a buffer size ins strn.. functions, /// and allocators. - static const char MsgTaintedBufferSize[]; + static constexpr llvm::StringLiteral MsgTaintedBufferSize = + "Untrusted data is used to specify the buffer size " + "(CERT/STR31-C. Guarantee that storage for strings has sufficient space " + "for character data and the null terminator)"; bool checkTaintedBufferSize(const CallExpr *CE, const FunctionDecl *FDecl, CheckerContext ) const; + /// Check if tainted data is used as a custom sink's parameter. + static constexpr llvm::StringLiteral MsgCustomSink = + "Untrusted data is passed to a user-defined sink"; + bool checkCustomSinks(const CallExpr *CE, StringRef Name, +CheckerContext ) const; + /// Generate a report if the expression is tainted or points to tainted data. - bool generateReportIfTainted(const Expr *E, const char Msg[], + bool generateReportIfTainted(const Expr *E, StringRef Msg, CheckerContext ) const; + struct TaintPropagationRule; + using NameRuleMap = llvm::StringMap; + using NameArgMap = llvm::StringMap; + /// A struct used to specify taint propagation rules for a function. /// /// If any of the possible taint source arguments is tainted, all of the @@ -175,7 +192,8 @@ private: /// Get the propagation rule for a given function. static TaintPropagationRule -getTaintPropagationRule(const FunctionDecl *FDecl, StringRef Name, +getTaintPropagationRule(const NameRuleMap , +const FunctionDecl *FDecl, StringRef Name, CheckerContext ); void addSrcArg(unsigned A) { SrcArgs.push_back(A); } @@ -211,9 +229,6 @@ private: CheckerContext ); }; - using NameRuleMap = llvm::StringMap; - using NameArgMap = llvm::StringMap; - /// Defines a map between the propagation function's name and /// TaintPropagationRule. NameRuleMap CustomPropagations; @@ -228,18 +243,11 @@ private: const unsigned GenericTaintChecker::ReturnValueIndex; const unsigned GenericTaintChecker::InvalidArgIndex; -const char GenericTaintChecker::MsgUncontrolledFormatString[] = -"Untrusted data is used as a format string " -"(CWE-134: Uncontrolled Format String)"; - -const char GenericTaintChecker::MsgSanitizeSystemArgs[] = -"Untrusted data is passed to a system call " -"(CERT/STR02-C. Sanitize data passed to complex subsystems)"; - -const char GenericTaintChecker::MsgTaintedBufferSize[] = -"Untrusted data is used to specify the buffer size " -"(CERT/STR31-C. Guarantee that storage for strings has sufficient space " -"for character data and the null terminator)"; +// FIXME: these lines can be removed in C++17 +constexpr llvm::StringLiteral GenericTaintChecker::MsgUncontrolledFormatString; +constexpr llvm::StringLiteral GenericTaintChecker::MsgSanitizeSystemArgs; +constexpr llvm::StringLiteral GenericTaintChecker::MsgTaintedBufferSize; +constexpr llvm::StringLiteral GenericTaintChecker::MsgCustomSink; } // end of anonymous namespace using TaintConfig = GenericTaintChecker::TaintConfiguration; @@ -330,7 +338,8 @@
Re: r367193 - Buildbot fix for r367190
Looks good to me. Thanks for the fix. Aaron Ballman ezt írta (időpont: 2019. júl. 29., H, 21:06): > On Mon, Jul 29, 2019 at 3:03 PM Galina Kistanova via cfe-commits > wrote: > > > > Hello Gabor , > > > > It looks like this commit broke tests on couple builders: > > > > > http://lab.llvm.org:8011/builders/llvm-clang-x86_64-expensive-checks-win/builds/18867/steps/test-check-all/logs/stdio > > > http://lab.llvm.org:8011/builders/llvm-clang-lld-x86_64-scei-ps4-windows10pro-fast > > . . . > > > > Failing Tests (1): > > Clang :: Analysis/taint-generic.c > > > > > > Please have a look? > > These builders were already red and did not send any notifications. > > I think Reid fixed this in r367249 > (http://llvm.org/viewvc/llvm-project?view=revision=367249). > > ~Aaron > > > > > Thanks > > > > Galina > > > > On Sun, Jul 28, 2019 at 8:00 AM Gabor Borsik via cfe-commits < > cfe-commits@lists.llvm.org> wrote: > >> > >> Author: boga95 > >> Date: Sun Jul 28 07:57:41 2019 > >> New Revision: 367193 > >> > >> URL: http://llvm.org/viewvc/llvm-project?rev=367193=rev > >> Log: > >> Buildbot fix for r367190 > >> > >> Modified: > >> cfe/trunk/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp > >> > >> Modified: cfe/trunk/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp > >> URL: > http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp?rev=367193=367192=367193=diff > >> > == > >> --- cfe/trunk/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp > (original) > >> +++ cfe/trunk/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp Sun > Jul 28 07:57:41 2019 > >> @@ -811,7 +811,7 @@ void ento::registerGenericTaintChecker(C > >>llvm::Optional Config = > >>getConfiguration(Mgr, Checker, Option, ConfigFile); > >>if (Config) > >> -Checker->parseConfiguration(Mgr, Option, > std::move(Config).getValue()); > >> +Checker->parseConfiguration(Mgr, Option, > std::move(Config.getValue())); > >> } > >> > >> bool ento::shouldRegisterGenericTaintChecker(const LangOptions ) { > >> > >> > >> ___ > >> cfe-commits mailing list > >> cfe-commits@lists.llvm.org > >> https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits > > > > ___ > > cfe-commits mailing list > > cfe-commits@lists.llvm.org > > https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits > ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
r367193 - Buildbot fix for r367190
Author: boga95 Date: Sun Jul 28 07:57:41 2019 New Revision: 367193 URL: http://llvm.org/viewvc/llvm-project?rev=367193=rev Log: Buildbot fix for r367190 Modified: cfe/trunk/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp Modified: cfe/trunk/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp?rev=367193=367192=367193=diff == --- cfe/trunk/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp (original) +++ cfe/trunk/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp Sun Jul 28 07:57:41 2019 @@ -811,7 +811,7 @@ void ento::registerGenericTaintChecker(C llvm::Optional Config = getConfiguration(Mgr, Checker, Option, ConfigFile); if (Config) -Checker->parseConfiguration(Mgr, Option, std::move(Config).getValue()); +Checker->parseConfiguration(Mgr, Option, std::move(Config.getValue())); } bool ento::shouldRegisterGenericTaintChecker(const LangOptions ) { ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
r367190 - [analyzer] Add yaml parser to GenericTaintChecker
Author: boga95 Date: Sun Jul 28 06:38:04 2019 New Revision: 367190 URL: http://llvm.org/viewvc/llvm-project?rev=367190=rev Log: [analyzer] Add yaml parser to GenericTaintChecker While we implemented taint propagation rules for several builtin/standard functions, there's a natural desire for users to add such rules to custom functions. A series of patches will implement an option that allows users to annotate their functions with taint propagation rules through a YAML file. This one adds parsing of the configuration file, which may be specified in the commands line with the analyzer config: alpha.security.taint.TaintPropagation:Config. The configuration may contain propagation rules, filter functions (remove taint) and sink functions (give a warning if it gets a tainted value). I also added a new header for future checkers to conveniently read YAML files as checker options. Differential Revision: https://reviews.llvm.org/D59555 Added: cfe/trunk/lib/StaticAnalyzer/Checkers/Yaml.h (with props) cfe/trunk/test/Analysis/Inputs/taint-generic-config-ill-formed.yaml (with props) cfe/trunk/test/Analysis/Inputs/taint-generic-config-invalid-arg.yaml (with props) cfe/trunk/test/Analysis/Inputs/taint-generic-config.yaml (with props) Modified: cfe/trunk/include/clang/StaticAnalyzer/Checkers/Checkers.td cfe/trunk/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp cfe/trunk/test/Analysis/analyzer-config.c cfe/trunk/test/Analysis/taint-generic.c Modified: cfe/trunk/include/clang/StaticAnalyzer/Checkers/Checkers.td URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/include/clang/StaticAnalyzer/Checkers/Checkers.td?rev=367190=367189=367190=diff == --- cfe/trunk/include/clang/StaticAnalyzer/Checkers/Checkers.td (original) +++ cfe/trunk/include/clang/StaticAnalyzer/Checkers/Checkers.td Sun Jul 28 06:38:04 2019 @@ -799,6 +799,13 @@ let ParentPackage = Taint in { def GenericTaintChecker : Checker<"TaintPropagation">, HelpText<"Generate taint information used by other checkers">, + CheckerOptions<[ +CmdLineOption, + ]>, Documentation; } // end "alpha.security.taint" Modified: cfe/trunk/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp URL: http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp?rev=367190=367189=367190=diff == --- cfe/trunk/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp (original) +++ cfe/trunk/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp Sun Jul 28 06:38:04 2019 @@ -15,16 +15,18 @@ //===--===// #include "Taint.h" -#include "clang/StaticAnalyzer/Checkers/BuiltinCheckerRegistration.h" +#include "Yaml.h" #include "clang/AST/Attr.h" #include "clang/Basic/Builtins.h" +#include "clang/StaticAnalyzer/Checkers/BuiltinCheckerRegistration.h" #include "clang/StaticAnalyzer/Core/BugReporter/BugType.h" #include "clang/StaticAnalyzer/Core/Checker.h" #include "clang/StaticAnalyzer/Core/CheckerManager.h" #include "clang/StaticAnalyzer/Core/PathSensitive/CheckerContext.h" #include "clang/StaticAnalyzer/Core/PathSensitive/ProgramStateTrait.h" -#include -#include +#include "llvm/ADT/StringMap.h" +#include "llvm/Support/YAMLTraits.h" +#include #include using namespace clang; @@ -44,14 +46,51 @@ public: void checkPreStmt(const CallExpr *CE, CheckerContext ) const; - void printState(raw_ostream , ProgramStateRef State, - const char *NL, const char *Sep) const override; + void printState(raw_ostream , ProgramStateRef State, const char *NL, + const char *Sep) const override; -private: - static const unsigned InvalidArgIndex = UINT_MAX; + using ArgVector = SmallVector; + using SignedArgVector = SmallVector; + + enum class VariadicType { None, Src, Dst }; + + /// Used to parse the configuration file. + struct TaintConfiguration { +using NameArgsPair = std::pair; + +struct Propagation { + std::string Name; + ArgVector SrcArgs; + SignedArgVector DstArgs; + VariadicType VarType; + unsigned VarIndex; +}; + +std::vector Propagations; +std::vector Filters; +std::vector Sinks; + +TaintConfiguration() = default; +TaintConfiguration(const TaintConfiguration &) = delete; +TaintConfiguration(TaintConfiguration &&) = default; +TaintConfiguration =(const TaintConfiguration &) = delete; +TaintConfiguration =(TaintConfiguration &&) = default; + }; + + /// Convert SignedArgVector to ArgVector. + ArgVector convertToArgVector(CheckerManager , const std::string , + SignedArgVector Args); + + /// Parse the config. + void parseConfiguration(CheckerManager , const std::string , + TaintConfiguration &); + + static const