futogergely added a comment. In D91000#3225369 <https://reviews.llvm.org/D91000#3225369>, @balazske wrote:
> The functions `asctime` and `asctime_r` are discouraged according to CERT > MSC33-C rule. These could be added to this check as well. There is a clang SA > checker `SecuritySyntaxChecker` that contains other obsolete functions (and > the whole check looks like it can be done in clang-tidy). The inclusion of CERT MSC33-C rule seems to be straightforward: check for asctime and asctime_r, and suggest asctime_s if Annex K is available, otherwise suggest strftime. security.insecureAPI: the following functions could be added to the checker: bcmp, bcopy, bzero, getpw, mktemp, vfork, and if arc4random is available: drand48, erand48, jrand48, lcong48, lrand48, mrand48, nrand48, random, rand_r. I think for now it is enough to issue a warning of using these functions, and not suggest a replacement. Should we add an option to the checker to also check for these functions? CHANGES SINCE LAST ACTION https://reviews.llvm.org/D91000/new/ https://reviews.llvm.org/D91000 _______________________________________________ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
