r371342 - Move prop-sink branch to monorepo.
Author: boga95
Date: Sun Sep 8 12:23:43 2019
New Revision: 371342
URL: http://llvm.org/viewvc/llvm-project?rev=371342=rev
Log:
Move prop-sink branch to monorepo.
Modified:
cfe/trunk/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp
cfe/trunk/test/Analysis/taint-generic.c
Modified: cfe/trunk/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp
URL:
http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp?rev=371342=371341=371342=diff
==
--- cfe/trunk/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp (original)
+++ cfe/trunk/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp Sun Sep 8
12:23:43 2019
@@ -115,27 +115,44 @@ private:
static Optional getPointedToSVal(CheckerContext , const Expr *Arg);
/// Check for CWE-134: Uncontrolled Format String.
- static const char MsgUncontrolledFormatString[];
+ static constexpr llvm::StringLiteral MsgUncontrolledFormatString =
+ "Untrusted data is used as a format string "
+ "(CWE-134: Uncontrolled Format String)";
bool checkUncontrolledFormatString(const CallExpr *CE,
CheckerContext ) const;
/// Check for:
/// CERT/STR02-C. "Sanitize data passed to complex subsystems"
/// CWE-78, "Failure to Sanitize Data into an OS Command"
- static const char MsgSanitizeSystemArgs[];
+ static constexpr llvm::StringLiteral MsgSanitizeSystemArgs =
+ "Untrusted data is passed to a system call "
+ "(CERT/STR02-C. Sanitize data passed to complex subsystems)";
bool checkSystemCall(const CallExpr *CE, StringRef Name,
CheckerContext ) const;
/// Check if tainted data is used as a buffer size ins strn.. functions,
/// and allocators.
- static const char MsgTaintedBufferSize[];
+ static constexpr llvm::StringLiteral MsgTaintedBufferSize =
+ "Untrusted data is used to specify the buffer size "
+ "(CERT/STR31-C. Guarantee that storage for strings has sufficient space "
+ "for character data and the null terminator)";
bool checkTaintedBufferSize(const CallExpr *CE, const FunctionDecl *FDecl,
CheckerContext ) const;
+ /// Check if tainted data is used as a custom sink's parameter.
+ static constexpr llvm::StringLiteral MsgCustomSink =
+ "Untrusted data is passed to a user-defined sink";
+ bool checkCustomSinks(const CallExpr *CE, StringRef Name,
+CheckerContext ) const;
+
/// Generate a report if the expression is tainted or points to tainted data.
- bool generateReportIfTainted(const Expr *E, const char Msg[],
+ bool generateReportIfTainted(const Expr *E, StringRef Msg,
CheckerContext ) const;
+ struct TaintPropagationRule;
+ using NameRuleMap = llvm::StringMap;
+ using NameArgMap = llvm::StringMap;
+
/// A struct used to specify taint propagation rules for a function.
///
/// If any of the possible taint source arguments is tainted, all of the
@@ -175,7 +192,8 @@ private:
/// Get the propagation rule for a given function.
static TaintPropagationRule
-getTaintPropagationRule(const FunctionDecl *FDecl, StringRef Name,
+getTaintPropagationRule(const NameRuleMap ,
+const FunctionDecl *FDecl, StringRef Name,
CheckerContext );
void addSrcArg(unsigned A) { SrcArgs.push_back(A); }
@@ -211,9 +229,6 @@ private:
CheckerContext );
};
- using NameRuleMap = llvm::StringMap;
- using NameArgMap = llvm::StringMap;
-
/// Defines a map between the propagation function's name and
/// TaintPropagationRule.
NameRuleMap CustomPropagations;
@@ -228,18 +243,11 @@ private:
const unsigned GenericTaintChecker::ReturnValueIndex;
const unsigned GenericTaintChecker::InvalidArgIndex;
-const char GenericTaintChecker::MsgUncontrolledFormatString[] =
-"Untrusted data is used as a format string "
-"(CWE-134: Uncontrolled Format String)";
-
-const char GenericTaintChecker::MsgSanitizeSystemArgs[] =
-"Untrusted data is passed to a system call "
-"(CERT/STR02-C. Sanitize data passed to complex subsystems)";
-
-const char GenericTaintChecker::MsgTaintedBufferSize[] =
-"Untrusted data is used to specify the buffer size "
-"(CERT/STR31-C. Guarantee that storage for strings has sufficient space "
-"for character data and the null terminator)";
+// FIXME: these lines can be removed in C++17
+constexpr llvm::StringLiteral GenericTaintChecker::MsgUncontrolledFormatString;
+constexpr llvm::StringLiteral GenericTaintChecker::MsgSanitizeSystemArgs;
+constexpr llvm::StringLiteral GenericTaintChecker::MsgTaintedBufferSize;
+constexpr llvm::StringLiteral GenericTaintChecker::MsgCustomSink;
} // end of anonymous namespace
using TaintConfig = GenericTaintChecker::TaintConfiguration;
@@ -330,7 +338,8 @@
Re: r367193 - Buildbot fix for r367190
Looks good to me. Thanks for the fix.
Aaron Ballman ezt írta (időpont: 2019. júl. 29.,
H, 21:06):
> On Mon, Jul 29, 2019 at 3:03 PM Galina Kistanova via cfe-commits
> wrote:
> >
> > Hello Gabor ,
> >
> > It looks like this commit broke tests on couple builders:
> >
> >
> http://lab.llvm.org:8011/builders/llvm-clang-x86_64-expensive-checks-win/builds/18867/steps/test-check-all/logs/stdio
> >
> http://lab.llvm.org:8011/builders/llvm-clang-lld-x86_64-scei-ps4-windows10pro-fast
> > . . .
> >
> > Failing Tests (1):
> > Clang :: Analysis/taint-generic.c
> >
> >
> > Please have a look?
> > These builders were already red and did not send any notifications.
>
> I think Reid fixed this in r367249
> (http://llvm.org/viewvc/llvm-project?view=revision=367249).
>
> ~Aaron
>
> >
> > Thanks
> >
> > Galina
> >
> > On Sun, Jul 28, 2019 at 8:00 AM Gabor Borsik via cfe-commits <
> cfe-commits@lists.llvm.org> wrote:
> >>
> >> Author: boga95
> >> Date: Sun Jul 28 07:57:41 2019
> >> New Revision: 367193
> >>
> >> URL: http://llvm.org/viewvc/llvm-project?rev=367193=rev
> >> Log:
> >> Buildbot fix for r367190
> >>
> >> Modified:
> >> cfe/trunk/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp
> >>
> >> Modified: cfe/trunk/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp
> >> URL:
> http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp?rev=367193=367192=367193=diff
> >>
> ==
> >> --- cfe/trunk/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp
> (original)
> >> +++ cfe/trunk/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp Sun
> Jul 28 07:57:41 2019
> >> @@ -811,7 +811,7 @@ void ento::registerGenericTaintChecker(C
> >>llvm::Optional Config =
> >>getConfiguration(Mgr, Checker, Option, ConfigFile);
> >>if (Config)
> >> -Checker->parseConfiguration(Mgr, Option,
> std::move(Config).getValue());
> >> +Checker->parseConfiguration(Mgr, Option,
> std::move(Config.getValue()));
> >> }
> >>
> >> bool ento::shouldRegisterGenericTaintChecker(const LangOptions ) {
> >>
> >>
> >> ___
> >> cfe-commits mailing list
> >> cfe-commits@lists.llvm.org
> >> https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
> >
> > ___
> > cfe-commits mailing list
> > cfe-commits@lists.llvm.org
> > https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
>
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
r367193 - Buildbot fix for r367190
Author: boga95
Date: Sun Jul 28 07:57:41 2019
New Revision: 367193
URL: http://llvm.org/viewvc/llvm-project?rev=367193=rev
Log:
Buildbot fix for r367190
Modified:
cfe/trunk/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp
Modified: cfe/trunk/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp
URL:
http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp?rev=367193=367192=367193=diff
==
--- cfe/trunk/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp (original)
+++ cfe/trunk/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp Sun Jul 28
07:57:41 2019
@@ -811,7 +811,7 @@ void ento::registerGenericTaintChecker(C
llvm::Optional Config =
getConfiguration(Mgr, Checker, Option, ConfigFile);
if (Config)
-Checker->parseConfiguration(Mgr, Option, std::move(Config).getValue());
+Checker->parseConfiguration(Mgr, Option, std::move(Config.getValue()));
}
bool ento::shouldRegisterGenericTaintChecker(const LangOptions ) {
___
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
r367190 - [analyzer] Add yaml parser to GenericTaintChecker
Author: boga95
Date: Sun Jul 28 06:38:04 2019
New Revision: 367190
URL: http://llvm.org/viewvc/llvm-project?rev=367190=rev
Log:
[analyzer] Add yaml parser to GenericTaintChecker
While we implemented taint propagation rules for several
builtin/standard functions, there's a natural desire for users to add
such rules to custom functions.
A series of patches will implement an option that allows users to
annotate their functions with taint propagation rules through a YAML
file. This one adds parsing of the configuration file, which may be
specified in the commands line with the analyzer config:
alpha.security.taint.TaintPropagation:Config. The configuration may
contain propagation rules, filter functions (remove taint) and sink
functions (give a warning if it gets a tainted value).
I also added a new header for future checkers to conveniently read YAML
files as checker options.
Differential Revision: https://reviews.llvm.org/D59555
Added:
cfe/trunk/lib/StaticAnalyzer/Checkers/Yaml.h (with props)
cfe/trunk/test/Analysis/Inputs/taint-generic-config-ill-formed.yaml (with
props)
cfe/trunk/test/Analysis/Inputs/taint-generic-config-invalid-arg.yaml
(with props)
cfe/trunk/test/Analysis/Inputs/taint-generic-config.yaml (with props)
Modified:
cfe/trunk/include/clang/StaticAnalyzer/Checkers/Checkers.td
cfe/trunk/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp
cfe/trunk/test/Analysis/analyzer-config.c
cfe/trunk/test/Analysis/taint-generic.c
Modified: cfe/trunk/include/clang/StaticAnalyzer/Checkers/Checkers.td
URL:
http://llvm.org/viewvc/llvm-project/cfe/trunk/include/clang/StaticAnalyzer/Checkers/Checkers.td?rev=367190=367189=367190=diff
==
--- cfe/trunk/include/clang/StaticAnalyzer/Checkers/Checkers.td (original)
+++ cfe/trunk/include/clang/StaticAnalyzer/Checkers/Checkers.td Sun Jul 28
06:38:04 2019
@@ -799,6 +799,13 @@ let ParentPackage = Taint in {
def GenericTaintChecker : Checker<"TaintPropagation">,
HelpText<"Generate taint information used by other checkers">,
+ CheckerOptions<[
+CmdLineOption,
+ ]>,
Documentation;
} // end "alpha.security.taint"
Modified: cfe/trunk/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp
URL:
http://llvm.org/viewvc/llvm-project/cfe/trunk/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp?rev=367190=367189=367190=diff
==
--- cfe/trunk/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp (original)
+++ cfe/trunk/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp Sun Jul 28
06:38:04 2019
@@ -15,16 +15,18 @@
//===--===//
#include "Taint.h"
-#include "clang/StaticAnalyzer/Checkers/BuiltinCheckerRegistration.h"
+#include "Yaml.h"
#include "clang/AST/Attr.h"
#include "clang/Basic/Builtins.h"
+#include "clang/StaticAnalyzer/Checkers/BuiltinCheckerRegistration.h"
#include "clang/StaticAnalyzer/Core/BugReporter/BugType.h"
#include "clang/StaticAnalyzer/Core/Checker.h"
#include "clang/StaticAnalyzer/Core/CheckerManager.h"
#include "clang/StaticAnalyzer/Core/PathSensitive/CheckerContext.h"
#include "clang/StaticAnalyzer/Core/PathSensitive/ProgramStateTrait.h"
-#include
-#include
+#include "llvm/ADT/StringMap.h"
+#include "llvm/Support/YAMLTraits.h"
+#include
#include
using namespace clang;
@@ -44,14 +46,51 @@ public:
void checkPreStmt(const CallExpr *CE, CheckerContext ) const;
- void printState(raw_ostream , ProgramStateRef State,
- const char *NL, const char *Sep) const override;
+ void printState(raw_ostream , ProgramStateRef State, const char *NL,
+ const char *Sep) const override;
-private:
- static const unsigned InvalidArgIndex = UINT_MAX;
+ using ArgVector = SmallVector;
+ using SignedArgVector = SmallVector;
+
+ enum class VariadicType { None, Src, Dst };
+
+ /// Used to parse the configuration file.
+ struct TaintConfiguration {
+using NameArgsPair = std::pair;
+
+struct Propagation {
+ std::string Name;
+ ArgVector SrcArgs;
+ SignedArgVector DstArgs;
+ VariadicType VarType;
+ unsigned VarIndex;
+};
+
+std::vector Propagations;
+std::vector Filters;
+std::vector Sinks;
+
+TaintConfiguration() = default;
+TaintConfiguration(const TaintConfiguration &) = delete;
+TaintConfiguration(TaintConfiguration &&) = default;
+TaintConfiguration =(const TaintConfiguration &) = delete;
+TaintConfiguration =(TaintConfiguration &&) = default;
+ };
+
+ /// Convert SignedArgVector to ArgVector.
+ ArgVector convertToArgVector(CheckerManager , const std::string ,
+ SignedArgVector Args);
+
+ /// Parse the config.
+ void parseConfiguration(CheckerManager , const std::string ,
+ TaintConfiguration &);
+
+ static const
