Author: Daniel Krupp Date: 2024-09-26T14:00:13+02:00 New Revision: f82fb06cd1276bd358315e45cd3f4312b1319314
URL: https://github.com/llvm/llvm-project/commit/f82fb06cd1276bd358315e45cd3f4312b1319314 DIFF: https://github.com/llvm/llvm-project/commit/f82fb06cd1276bd358315e45cd3f4312b1319314.diff LOG: [analyzer] Moving TaintPropagation checker out of alpha (#67352) This commit moves the **alpha.security.taint.TaintPropagation** and **alpha.security.taint.GenericTaint** checkers to the **optin.taint** optional package. These checkers were stabilized and improved by recent commits thus they are ready for production use. Added: Modified: clang/docs/analyzer/checkers.rst clang/docs/analyzer/user-docs/TaintAnalysisConfiguration.rst clang/include/clang/StaticAnalyzer/Checkers/Checkers.td clang/test/Analysis/analyzer-config.c clang/test/Analysis/assume-controlled-environment.c clang/test/Analysis/bool-assignment.c clang/test/Analysis/cxx-method-names.cpp clang/test/Analysis/debug-exprinspection-istainted.c clang/test/Analysis/diagnostics/Inputs/expected-sarif/sarif-diagnostics-taint-test.c.sarif clang/test/Analysis/diagnostics/Inputs/expected-sarif/sarif-multi-diagnostic-test.c.sarif clang/test/Analysis/diagnostics/sarif-diagnostics-taint-test.c clang/test/Analysis/diagnostics/sarif-multi-diagnostic-test.c clang/test/Analysis/fread.c clang/test/Analysis/global-region-invalidation-errno.c clang/test/Analysis/global-region-invalidation.c clang/test/Analysis/malloc.c clang/test/Analysis/malloc.cpp clang/test/Analysis/out-of-bounds-diagnostics.c clang/test/Analysis/out-of-bounds-notes.c clang/test/Analysis/redefined_system.c clang/test/Analysis/string.c clang/test/Analysis/taint-checker-callback-order-has-definition.c clang/test/Analysis/taint-checker-callback-order-without-definition.c clang/test/Analysis/taint-diagnostic-visitor.c clang/test/Analysis/taint-dumps.c clang/test/Analysis/taint-generic.c clang/test/Analysis/taint-generic.cpp clang/test/Analysis/taint-tester.c clang/test/Analysis/taint-tester.cpp clang/test/Analysis/taint-tester.m clang/utils/analyzer/SATestBuild.py Removed: ################################################################################ diff --git a/clang/docs/analyzer/checkers.rst b/clang/docs/analyzer/checkers.rst index c124fefc786114..47c6fc680deb1b 100644 --- a/clang/docs/analyzer/checkers.rst +++ b/clang/docs/analyzer/checkers.rst @@ -1008,6 +1008,241 @@ optin.portability.UnixAPI """"""""""""""""""""""""" Finds implementation-defined behavior in UNIX/Posix functions. + +optin.taint +^^^^^^^^^^^ + +Checkers implementing +`taint analysis <https://en.wikipedia.org/wiki/Taint_checking>`_. + +.. _optin-taint-GenericTaint: + +optin.taint.GenericTaint (C, C++) +""""""""""""""""""""""""""""""""" + +Taint analysis identifies potential security vulnerabilities where the +attacker can inject malicious data to the program to execute an attack +(privilege escalation, command injection, SQL injection etc.). + +The malicious data is injected at the taint source (e.g. ``getenv()`` call) +which is then propagated through function calls and being used as arguments of +sensitive operations, also called as taint sinks (e.g. ``system()`` call). + +One can defend against this type of vulnerability by always checking and +sanitizing the potentially malicious, untrusted user input. + +The goal of the checker is to discover and show to the user these potential +taint source-sink pairs and the propagation call chain. + +The most notable examples of taint sources are: + + - data from network + - files or standard input + - environment variables + - data from databases + +Let us examine a practical example of a Command Injection attack. + +.. code-block:: c + + // Command Injection Vulnerability Example + int main(int argc, char** argv) { + char cmd[2048] = "/bin/cat "; + char filename[1024]; + printf("Filename:"); + scanf (" %1023[^\n]", filename); // The attacker can inject a shell escape here + strcat(cmd, filename); + system(cmd); // Warning: Untrusted data is passed to a system call + } + +The program prints the content of any user specified file. +Unfortunately the attacker can execute arbitrary commands +with shell escapes. For example with the following input the `ls` command is also +executed after the contents of `/etc/shadow` is printed. +`Input: /etc/shadow ; ls /` + +The analysis implemented in this checker points out this problem. + +One can protect against such attack by for example checking if the provided +input refers to a valid file and removing any invalid user input. + +.. code-block:: c + + // No vulnerability anymore, but we still get the warning + void sanitizeFileName(char* filename){ + if (access(filename,F_OK)){// Verifying user input + printf("File does not exist\n"); + filename[0]='\0'; + } + } + int main(int argc, char** argv) { + char cmd[2048] = "/bin/cat "; + char filename[1024]; + printf("Filename:"); + scanf (" %1023[^\n]", filename); // The attacker can inject a shell escape here + sanitizeFileName(filename);// filename is safe after this point + if (!filename[0]) + return -1; + strcat(cmd, filename); + system(cmd); // Superfluous Warning: Untrusted data is passed to a system call + } + +Unfortunately, the checker cannot discover automatically that the programmer +have performed data sanitation, so it still emits the warning. + +One can get rid of this superfluous warning by telling by specifying the +sanitation functions in the taint configuration file (see +:doc:`user-docs/TaintAnalysisConfiguration`). + +.. code-block:: YAML + + Filters: + - Name: sanitizeFileName + Args: [0] + +The clang invocation to pass the configuration file location: + +.. code-block:: bash + + clang --analyze -Xclang -analyzer-config -Xclang optin.taint.TaintPropagation:Config=`pwd`/taint_config.yml ... + +If you are validating your inputs instead of sanitizing them, or don't want to +mention each sanitizing function in our configuration, +you can use a more generic approach. + +Introduce a generic no-op `csa_mark_sanitized(..)` function to +tell the Clang Static Analyzer +that the variable is safe to be used on that analysis path. + +.. code-block:: c + + // Marking sanitized variables safe. + // No vulnerability anymore, no warning. + + // User csa_mark_sanitize function is for the analyzer only + #ifdef __clang_analyzer__ + void csa_mark_sanitized(const void *); + #endif + + int main(int argc, char** argv) { + char cmd[2048] = "/bin/cat "; + char filename[1024]; + printf("Filename:"); + scanf (" %1023[^\n]", filename); + if (access(filename,F_OK)){// Verifying user input + printf("File does not exist\n"); + return -1; + } + #ifdef __clang_analyzer__ + csa_mark_sanitized(filename); // Indicating to CSA that filename variable is safe to be used after this point + #endif + strcat(cmd, filename); + system(cmd); // No warning + } + +Similarly to the previous example, you need to +define a `Filter` function in a `YAML` configuration file +and add the `csa_mark_sanitized` function. + +.. code-block:: YAML + + Filters: + - Name: csa_mark_sanitized + Args: [0] + +Then calling `csa_mark_sanitized(X)` will tell the analyzer that `X` is safe to +be used after this point, because its contents are verified. It is the +responsibility of the programmer to ensure that this verification was indeed +correct. Please note that `csa_mark_sanitized` function is only declared and +used during Clang Static Analysis and skipped in (production) builds. + +Further examples of injection vulnerabilities this checker can find. + +.. code-block:: c + + void test() { + char x = getchar(); // 'x' marked as tainted + system(&x); // warn: untrusted data is passed to a system call + } + + // note: compiler internally checks if the second param to + // sprintf is a string literal or not. + // Use -Wno-format-security to suppress compiler warning. + void test() { + char s[10], buf[10]; + fscanf(stdin, "%s", s); // 's' marked as tainted + + sprintf(buf, s); // warn: untrusted data used as a format string + } + +There are built-in sources, propagations and sinks even if no external taint +configuration is provided. + +Default sources: + ``_IO_getc``, ``fdopen``, ``fopen``, ``freopen``, ``get_current_dir_name``, + ``getch``, ``getchar``, ``getchar_unlocked``, ``getwd``, ``getcwd``, + ``getgroups``, ``gethostname``, ``getlogin``, ``getlogin_r``, ``getnameinfo``, + ``gets``, ``gets_s``, ``getseuserbyname``, ``readlink``, ``readlinkat``, + ``scanf``, ``scanf_s``, ``socket``, ``wgetch`` + +Default propagations rules: + ``atoi``, ``atol``, ``atoll``, ``basename``, ``dirname``, ``fgetc``, + ``fgetln``, ``fgets``, ``fnmatch``, ``fread``, ``fscanf``, ``fscanf_s``, + ``index``, ``inflate``, ``isalnum``, ``isalpha``, ``isascii``, ``isblank``, + ``iscntrl``, ``isdigit``, ``isgraph``, ``islower``, ``isprint``, ``ispunct``, + ``isspace``, ``isupper``, ``isxdigit``, ``memchr``, ``memrchr``, ``sscanf``, + ``getc``, ``getc_unlocked``, ``getdelim``, ``getline``, ``getw``, ``memcmp``, + ``memcpy``, ``memmem``, ``memmove``, ``mbtowc``, ``pread``, ``qsort``, + ``qsort_r``, ``rawmemchr``, ``read``, ``recv``, ``recvfrom``, ``rindex``, + ``strcasestr``, ``strchr``, ``strchrnul``, ``strcasecmp``, ``strcmp``, + ``strcspn``, ``strncasecmp``, ``strncmp``, ``strndup``, + ``strndupa``, ``strpbrk``, ``strrchr``, ``strsep``, ``strspn``, + ``strstr``, ``strtol``, ``strtoll``, ``strtoul``, ``strtoull``, ``tolower``, + ``toupper``, ``ttyname``, ``ttyname_r``, ``wctomb``, ``wcwidth`` + +Default sinks: + ``printf``, ``setproctitle``, ``system``, ``popen``, ``execl``, ``execle``, + ``execlp``, ``execv``, ``execvp``, ``execvP``, ``execve``, ``dlopen`` + +Please note that there are no built-in filter functions. + +One can configure their own taint sources, sinks, and propagation rules by +providing a configuration file via checker option +``optin.taint.TaintPropagation:Config``. The configuration file is in +`YAML <http://llvm.org/docs/YamlIO.html#introduction-to-yaml>`_ format. The +taint-related options defined in the config file extend but do not override the +built-in sources, rules, sinks. The format of the external taint configuration +file is not stable, and could change without any notice even in a non-backward +compatible way. + +For a more detailed description of configuration options, please see the +:doc:`user-docs/TaintAnalysisConfiguration`. For an example see +:ref:`clangsa-taint-configuration-example`. + +**Configuration** + +* `Config` Specifies the name of the YAML configuration file. The user can + define their own taint sources and sinks. + +**Related Guidelines** + +* `CWE Data Neutralization Issues + <https://cwe.mitre.org/data/definitions/137.html>`_ +* `SEI Cert STR02-C. Sanitize data passed to complex subsystems + <https://wiki.sei.cmu.edu/confluence/display/c/STR02-C.+Sanitize+data+passed+to+complex+subsystems>`_ +* `SEI Cert ENV33-C. Do not call system() + <https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?pageId=87152177>`_ +* `ENV03-C. Sanitize the environment when invoking external programs + <https://wiki.sei.cmu.edu/confluence/display/c/ENV03-C.+Sanitize+the+environment+when+invoking+external+programs>`_ + +**Limitations** + +* The taintedness property is not propagated through function calls which are + unknown (or too complex) to the analyzer, unless there is a specific + propagation rule built-in to the checker or given in the YAML configuration + file. This causes potential true positive findings to be lost. + + .. _optin-taint-TaintedAlloc: optin.taint.TaintedAlloc (C, C++) @@ -1026,7 +1261,7 @@ covers the SEI Cert coding standard rule `INT04-C You can silence this warning either by bound checking the ``size`` parameter, or by explicitly marking the ``size`` parameter as sanitized. See the -:ref:`alpha-security-taint-GenericTaint` checker for an example. +:ref:`optin-taint-GenericTaint` checker for an example. .. code-block:: c @@ -2976,7 +3211,7 @@ Warn about buffer overflows (newer checker). buf[0][-1] = 1; // warn } - // note: requires alpha.security.taint check turned on. + // note: requires optin.taint check turned on. void test() { char s[] = "abc"; int x = getchar(); @@ -3009,239 +3244,6 @@ alpha.security.cert SEI CERT checkers which tries to find errors based on their `C coding rules <https://wiki.sei.cmu.edu/confluence/display/c/2+Rules>`_. -alpha.security.taint -^^^^^^^^^^^^^^^^^^^^ - -Checkers implementing -`taint analysis <https://en.wikipedia.org/wiki/Taint_checking>`_. - -.. _alpha-security-taint-GenericTaint: - -alpha.security.taint.GenericTaint (C, C++) -"""""""""""""""""""""""""""""""""""""""""" - -Taint analysis identifies potential security vulnerabilities where the -attacker can inject malicious data to the program to execute an attack -(privilege escalation, command injection, SQL injection etc.). - -The malicious data is injected at the taint source (e.g. ``getenv()`` call) -which is then propagated through function calls and being used as arguments of -sensitive operations, also called as taint sinks (e.g. ``system()`` call). - -One can defend against this type of vulnerability by always checking and -sanitizing the potentially malicious, untrusted user input. - -The goal of the checker is to discover and show to the user these potential -taint source-sink pairs and the propagation call chain. - -The most notable examples of taint sources are: - - - data from network - - files or standard input - - environment variables - - data from databases - -Let us examine a practical example of a Command Injection attack. - -.. code-block:: c - - // Command Injection Vulnerability Example - int main(int argc, char** argv) { - char cmd[2048] = "/bin/cat "; - char filename[1024]; - printf("Filename:"); - scanf (" %1023[^\n]", filename); // The attacker can inject a shell escape here - strcat(cmd, filename); - system(cmd); // Warning: Untrusted data is passed to a system call - } - -The program prints the content of any user specified file. -Unfortunately the attacker can execute arbitrary commands -with shell escapes. For example with the following input the `ls` command is also -executed after the contents of `/etc/shadow` is printed. -`Input: /etc/shadow ; ls /` - -The analysis implemented in this checker points out this problem. - -One can protect against such attack by for example checking if the provided -input refers to a valid file and removing any invalid user input. - -.. code-block:: c - - // No vulnerability anymore, but we still get the warning - void sanitizeFileName(char* filename){ - if (access(filename,F_OK)){// Verifying user input - printf("File does not exist\n"); - filename[0]='\0'; - } - } - int main(int argc, char** argv) { - char cmd[2048] = "/bin/cat "; - char filename[1024]; - printf("Filename:"); - scanf (" %1023[^\n]", filename); // The attacker can inject a shell escape here - sanitizeFileName(filename);// filename is safe after this point - if (!filename[0]) - return -1; - strcat(cmd, filename); - system(cmd); // Superfluous Warning: Untrusted data is passed to a system call - } - -Unfortunately, the checker cannot discover automatically that the programmer -have performed data sanitation, so it still emits the warning. - -One can get rid of this superfluous warning by telling by specifying the -sanitation functions in the taint configuration file (see -:doc:`user-docs/TaintAnalysisConfiguration`). - -.. code-block:: YAML - - Filters: - - Name: sanitizeFileName - Args: [0] - -The clang invocation to pass the configuration file location: - -.. code-block:: bash - - clang --analyze -Xclang -analyzer-config -Xclang alpha.security.taint.TaintPropagation:Config=`pwd`/taint_config.yml ... - -If you are validating your inputs instead of sanitizing them, or don't want to -mention each sanitizing function in our configuration, -you can use a more generic approach. - -Introduce a generic no-op `csa_mark_sanitized(..)` function to -tell the Clang Static Analyzer -that the variable is safe to be used on that analysis path. - -.. code-block:: c - - // Marking sanitized variables safe. - // No vulnerability anymore, no warning. - - // User csa_mark_sanitize function is for the analyzer only - #ifdef __clang_analyzer__ - void csa_mark_sanitized(const void *); - #endif - - int main(int argc, char** argv) { - char cmd[2048] = "/bin/cat "; - char filename[1024]; - printf("Filename:"); - scanf (" %1023[^\n]", filename); - if (access(filename,F_OK)){// Verifying user input - printf("File does not exist\n"); - return -1; - } - #ifdef __clang_analyzer__ - csa_mark_sanitized(filename); // Indicating to CSA that filename variable is safe to be used after this point - #endif - strcat(cmd, filename); - system(cmd); // No warning - } - -Similarly to the previous example, you need to -define a `Filter` function in a `YAML` configuration file -and add the `csa_mark_sanitized` function. - -.. code-block:: YAML - - Filters: - - Name: csa_mark_sanitized - Args: [0] - -Then calling `csa_mark_sanitized(X)` will tell the analyzer that `X` is safe to -be used after this point, because its contents are verified. It is the -responsibility of the programmer to ensure that this verification was indeed -correct. Please note that `csa_mark_sanitized` function is only declared and -used during Clang Static Analysis and skipped in (production) builds. - -Further examples of injection vulnerabilities this checker can find. - -.. code-block:: c - - void test() { - char x = getchar(); // 'x' marked as tainted - system(&x); // warn: untrusted data is passed to a system call - } - - // note: compiler internally checks if the second param to - // sprintf is a string literal or not. - // Use -Wno-format-security to suppress compiler warning. - void test() { - char s[10], buf[10]; - fscanf(stdin, "%s", s); // 's' marked as tainted - - sprintf(buf, s); // warn: untrusted data used as a format string - } - -There are built-in sources, propagations and sinks even if no external taint -configuration is provided. - -Default sources: - ``_IO_getc``, ``fdopen``, ``fopen``, ``freopen``, ``get_current_dir_name``, - ``getch``, ``getchar``, ``getchar_unlocked``, ``getwd``, ``getcwd``, - ``getgroups``, ``gethostname``, ``getlogin``, ``getlogin_r``, ``getnameinfo``, - ``gets``, ``gets_s``, ``getseuserbyname``, ``readlink``, ``readlinkat``, - ``scanf``, ``scanf_s``, ``socket``, ``wgetch`` - -Default propagations rules: - ``atoi``, ``atol``, ``atoll``, ``basename``, ``dirname``, ``fgetc``, - ``fgetln``, ``fgets``, ``fnmatch``, ``fread``, ``fscanf``, ``fscanf_s``, - ``index``, ``inflate``, ``isalnum``, ``isalpha``, ``isascii``, ``isblank``, - ``iscntrl``, ``isdigit``, ``isgraph``, ``islower``, ``isprint``, ``ispunct``, - ``isspace``, ``isupper``, ``isxdigit``, ``memchr``, ``memrchr``, ``sscanf``, - ``getc``, ``getc_unlocked``, ``getdelim``, ``getline``, ``getw``, ``memcmp``, - ``memcpy``, ``memmem``, ``memmove``, ``mbtowc``, ``pread``, ``qsort``, - ``qsort_r``, ``rawmemchr``, ``read``, ``recv``, ``recvfrom``, ``rindex``, - ``strcasestr``, ``strchr``, ``strchrnul``, ``strcasecmp``, ``strcmp``, - ``strcspn``, ``strncasecmp``, ``strncmp``, ``strndup``, - ``strndupa``, ``strpbrk``, ``strrchr``, ``strsep``, ``strspn``, - ``strstr``, ``strtol``, ``strtoll``, ``strtoul``, ``strtoull``, ``tolower``, - ``toupper``, ``ttyname``, ``ttyname_r``, ``wctomb``, ``wcwidth`` - -Default sinks: - ``printf``, ``setproctitle``, ``system``, ``popen``, ``execl``, ``execle``, - ``execlp``, ``execv``, ``execvp``, ``execvP``, ``execve``, ``dlopen`` - -Please note that there are no built-in filter functions. - -One can configure their own taint sources, sinks, and propagation rules by -providing a configuration file via checker option -``alpha.security.taint.TaintPropagation:Config``. The configuration file is in -`YAML <http://llvm.org/docs/YamlIO.html#introduction-to-yaml>`_ format. The -taint-related options defined in the config file extend but do not override the -built-in sources, rules, sinks. The format of the external taint configuration -file is not stable, and could change without any notice even in a non-backward -compatible way. - -For a more detailed description of configuration options, please see the -:doc:`user-docs/TaintAnalysisConfiguration`. For an example see -:ref:`clangsa-taint-configuration-example`. - -**Configuration** - -* `Config` Specifies the name of the YAML configuration file. The user can - define their own taint sources and sinks. - -**Related Guidelines** - -* `CWE Data Neutralization Issues - <https://cwe.mitre.org/data/definitions/137.html>`_ -* `SEI Cert STR02-C. Sanitize data passed to complex subsystems - <https://wiki.sei.cmu.edu/confluence/display/c/STR02-C.+Sanitize+data+passed+to+complex+subsystems>`_ -* `SEI Cert ENV33-C. Do not call system() - <https://wiki.sei.cmu.edu/confluence/pages/viewpage.action?pageId=87152177>`_ -* `ENV03-C. Sanitize the environment when invoking external programs - <https://wiki.sei.cmu.edu/confluence/display/c/ENV03-C.+Sanitize+the+environment+when+invoking+external+programs>`_ - -**Limitations** - -* The taintedness property is not propagated through function calls which are - unknown (or too complex) to the analyzer, unless there is a specific - propagation rule built-in to the checker or given in the YAML configuration - file. This causes potential true positive findings to be lost. - alpha.unix ^^^^^^^^^^ diff --git a/clang/docs/analyzer/user-docs/TaintAnalysisConfiguration.rst b/clang/docs/analyzer/user-docs/TaintAnalysisConfiguration.rst index 67e71d558f2cef..4849a553cb2ce9 100644 --- a/clang/docs/analyzer/user-docs/TaintAnalysisConfiguration.rst +++ b/clang/docs/analyzer/user-docs/TaintAnalysisConfiguration.rst @@ -4,10 +4,10 @@ Taint Analysis Configuration The Clang Static Analyzer uses taint analysis to detect injection vulnerability related issues in code. The backbone of taint analysis in the Clang SA is the ``TaintPropagation`` modeling checker. -The reports are emitted via the :ref:`alpha-security-taint-GenericTaint` checker. +The reports are emitted via the :ref:`optin-taint-GenericTaint` checker. The ``TaintPropagation`` checker has a default taint-related configuration. The built-in default settings are defined in code, and they are always in effect. -The checker also provides a configuration interface for extending the default settings via the ``alpha.security.taint.TaintPropagation:Config`` checker config parameter +The checker also provides a configuration interface for extending the default settings via the ``optin.taint.TaintPropagation:Config`` checker config parameter by providing a configuration file to the in `YAML <http://llvm.org/docs/YamlIO.html#introduction-to-yaml>`_ format. This documentation describes the syntax of the configuration file and gives the informal semantics of the configuration options. diff --git a/clang/include/clang/StaticAnalyzer/Checkers/Checkers.td b/clang/include/clang/StaticAnalyzer/Checkers/Checkers.td index 585246547b3dce..7da0d0a87e8c0c 100644 --- a/clang/include/clang/StaticAnalyzer/Checkers/Checkers.td +++ b/clang/include/clang/StaticAnalyzer/Checkers/Checkers.td @@ -74,7 +74,6 @@ def Performance : Package<"performance">, ParentPackage<OptIn>; def Security : Package <"security">; def InsecureAPI : Package<"insecureAPI">, ParentPackage<Security>; def SecurityAlpha : Package<"security">, ParentPackage<Alpha>; -def Taint : Package<"taint">, ParentPackage<SecurityAlpha>; def CERT : Package<"cert">, ParentPackage<Security>; def ENV : Package<"env">, ParentPackage<CERT>; @@ -1049,30 +1048,6 @@ def ReturnPointerRangeChecker : Checker<"ReturnPtrRange">, } // end "alpha.security" -//===----------------------------------------------------------------------===// -// Taint checkers. -//===----------------------------------------------------------------------===// - -let ParentPackage = Taint in { - -def TaintPropagationChecker : Checker<"TaintPropagation">, // Modelling checker - HelpText<"Generate taint information used by other checkers">, - CheckerOptions<[ - CmdLineOption<String, - "Config", - "Specifies the name of the configuration file.", - "", - InAlpha>, - ]>, - Documentation<NotDocumented>, - Hidden; - -def GenericTaintChecker : Checker<"GenericTaint">, - HelpText<"Reports potential injection vulnerabilities">, - Dependencies<[TaintPropagationChecker]>, - Documentation<HasDocumentation>; - -} // end "alpha.security.taint" //===----------------------------------------------------------------------===// // Mac OS X, Cocoa, and Core Foundation checkers. @@ -1704,6 +1679,24 @@ def UnixAPIPortabilityChecker : Checker<"UnixAPI">, let ParentPackage = TaintOptIn in { +def TaintPropagationChecker : Checker<"TaintPropagation">, // Modelling checker + HelpText<"Generate taint information used by other checkers">, + CheckerOptions<[ + CmdLineOption<String, + "Config", + "Specifies the name of the configuration file.", + "", + Released> + ]>, + Documentation<NotDocumented>, + Hidden; + +def GenericTaintChecker : Checker<"GenericTaint">, + HelpText<"Reports potential injection vulnerabilities">, + Dependencies<[TaintPropagationChecker]>, + Documentation<HasDocumentation>; + + def TaintedAllocChecker: Checker<"TaintedAlloc">, HelpText<"Check for memory allocations, where the size parameter " "might be a tainted (attacker controlled) value.">, diff --git a/clang/test/Analysis/analyzer-config.c b/clang/test/Analysis/analyzer-config.c index 8eb869bac46f8f..47594e8317bc79 100644 --- a/clang/test/Analysis/analyzer-config.c +++ b/clang/test/Analysis/analyzer-config.c @@ -9,7 +9,6 @@ // CHECK-NEXT: alpha.clone.CloneChecker:ReportNormalClones = true // CHECK-NEXT: alpha.cplusplus.STLAlgorithmModeling:AggressiveStdFindModeling = false // CHECK-NEXT: alpha.osx.cocoa.DirectIvarAssignment:AnnotatedFunctions = false -// CHECK-NEXT: alpha.security.taint.TaintPropagation:Config = "" // CHECK-NEXT: apply-fixits = false // CHECK-NEXT: assume-controlled-environment = false // CHECK-NEXT: avoid-suppressing-null-argument-paths = false @@ -111,6 +110,7 @@ // CHECK-NEXT: optin.cplusplus.VirtualCall:ShowFixIts = false // CHECK-NEXT: optin.osx.cocoa.localizability.NonLocalizedStringChecker:AggressiveReport = false // CHECK-NEXT: optin.performance.Padding:AllowedPad = 24 +// CHECK-NEXT: optin.taint.TaintPropagation:Config = "" // CHECK-NEXT: osx.NumberObjectConversion:Pedantic = false // CHECK-NEXT: osx.cocoa.RetainCount:TrackNSCFStartParam = false // CHECK-NEXT: prune-paths = true diff --git a/clang/test/Analysis/assume-controlled-environment.c b/clang/test/Analysis/assume-controlled-environment.c index fce1a1e7bae330..4f663502f8657b 100644 --- a/clang/test/Analysis/assume-controlled-environment.c +++ b/clang/test/Analysis/assume-controlled-environment.c @@ -1,12 +1,12 @@ // RUN: %clang_analyze_cc1 -verify=untrusted-env %s \ // RUN: -analyzer-checker=core \ -// RUN: -analyzer-checker=alpha.security.taint \ +// RUN: -analyzer-checker=optin.taint \ // RUN: -analyzer-checker=debug.TaintTest // RUN: %clang_analyze_cc1 -verify %s -DEXPECT_NO_WARNINGS \ // RUN: -analyzer-config assume-controlled-environment=true \ // RUN: -analyzer-checker=core \ -// RUN: -analyzer-checker=alpha.security.taint \ +// RUN: -analyzer-checker=optin.taint \ // RUN: -analyzer-checker=debug.TaintTest diff --git a/clang/test/Analysis/bool-assignment.c b/clang/test/Analysis/bool-assignment.c index c32bc8f9e8b14f..3a104cf627ffa0 100644 --- a/clang/test/Analysis/bool-assignment.c +++ b/clang/test/Analysis/bool-assignment.c @@ -1,5 +1,5 @@ -// RUN: %clang_analyze_cc1 -analyzer-checker=core,alpha.core.BoolAssignment,alpha.security.taint -verify -std=c99 -Dbool=_Bool %s -// RUN: %clang_analyze_cc1 -analyzer-checker=core,alpha.core.BoolAssignment,alpha.security.taint -verify -x c++ %s +// RUN: %clang_analyze_cc1 -analyzer-checker=core,alpha.core.BoolAssignment,optin.taint -verify -std=c99 -Dbool=_Bool %s +// RUN: %clang_analyze_cc1 -analyzer-checker=core,alpha.core.BoolAssignment,optin.taint -verify -x c++ %s // Test C++'s bool and C's _Bool. // FIXME: We stopped warning on these when SValBuilder got smarter about diff --git a/clang/test/Analysis/cxx-method-names.cpp b/clang/test/Analysis/cxx-method-names.cpp index 22ec4db34796bc..5254d82bd90b20 100644 --- a/clang/test/Analysis/cxx-method-names.cpp +++ b/clang/test/Analysis/cxx-method-names.cpp @@ -1,4 +1,4 @@ -// RUN: %clang_analyze_cc1 -analyzer-checker=core,unix,osx,alpha.unix,alpha.security.taint -verify %s +// RUN: %clang_analyze_cc1 -analyzer-checker=core,unix,osx,alpha.unix,optin.taint -verify %s // expected-no-diagnostics class Evil { diff --git a/clang/test/Analysis/debug-exprinspection-istainted.c b/clang/test/Analysis/debug-exprinspection-istainted.c index 8d1ebca930885d..b459f3a3e791b1 100644 --- a/clang/test/Analysis/debug-exprinspection-istainted.c +++ b/clang/test/Analysis/debug-exprinspection-istainted.c @@ -1,7 +1,7 @@ // RUN: %clang_analyze_cc1 -verify %s \ // RUN: -analyzer-checker=core \ // RUN: -analyzer-checker=debug.ExprInspection \ -// RUN: -analyzer-checker=alpha.security.taint +// RUN: -analyzer-checker=optin.taint int scanf(const char *restrict format, ...); void clang_analyzer_isTainted(char); diff --git a/clang/test/Analysis/diagnostics/Inputs/expected-sarif/sarif-diagnostics-taint-test.c.sarif b/clang/test/Analysis/diagnostics/Inputs/expected-sarif/sarif-diagnostics-taint-test.c.sarif index 0ac96cacbed19f..0bded6f0925d1e 100644 --- a/clang/test/Analysis/diagnostics/Inputs/expected-sarif/sarif-diagnostics-taint-test.c.sarif +++ b/clang/test/Analysis/diagnostics/Inputs/expected-sarif/sarif-diagnostics-taint-test.c.sarif @@ -4,7 +4,7 @@ { "artifacts": [ { - "length": 434, + "length": 425, "location": { "index": 0, }, diff --git a/clang/test/Analysis/diagnostics/Inputs/expected-sarif/sarif-multi-diagnostic-test.c.sarif b/clang/test/Analysis/diagnostics/Inputs/expected-sarif/sarif-multi-diagnostic-test.c.sarif index ae49ad6604cb2a..7f9deea304832f 100644 --- a/clang/test/Analysis/diagnostics/Inputs/expected-sarif/sarif-multi-diagnostic-test.c.sarif +++ b/clang/test/Analysis/diagnostics/Inputs/expected-sarif/sarif-multi-diagnostic-test.c.sarif @@ -4,7 +4,7 @@ { "artifacts": [ { - "length": 1081, + "length": 1071, "location": { "index": 0, }, diff --git a/clang/test/Analysis/diagnostics/sarif-diagnostics-taint-test.c b/clang/test/Analysis/diagnostics/sarif-diagnostics-taint-test.c index b1042f9034d7d7..7a3ca61c4319ff 100644 --- a/clang/test/Analysis/diagnostics/sarif-diagnostics-taint-test.c +++ b/clang/test/Analysis/diagnostics/sarif-diagnostics-taint-test.c @@ -1,4 +1,4 @@ -// RUN: %clang_analyze_cc1 -analyzer-checker=alpha.security.taint,debug.TaintTest %s -verify -analyzer-output=sarif -o - | %normalize_sarif | diff -U1 -b %S/Inputs/expected-sarif/sarif-diagnostics-taint-test.c.sarif - +// RUN: %clang_analyze_cc1 -analyzer-checker=optin.taint,debug.TaintTest %s -verify -analyzer-output=sarif -o - | %normalize_sarif | diff -U1 -b %S/Inputs/expected-sarif/sarif-diagnostics-taint-test.c.sarif - #include "../Inputs/system-header-simulator.h" int atoi(const char *nptr); diff --git a/clang/test/Analysis/diagnostics/sarif-multi-diagnostic-test.c b/clang/test/Analysis/diagnostics/sarif-multi-diagnostic-test.c index 61d19817407e27..eeafd178628b38 100644 --- a/clang/test/Analysis/diagnostics/sarif-multi-diagnostic-test.c +++ b/clang/test/Analysis/diagnostics/sarif-multi-diagnostic-test.c @@ -1,4 +1,4 @@ -// RUN: %clang_analyze_cc1 -analyzer-checker=core,alpha.security.taint,debug.TaintTest,unix.Malloc %s -verify -analyzer-output=sarif -o - | %normalize_sarif | diff -U1 -b %S/Inputs/expected-sarif/sarif-multi-diagnostic-test.c.sarif - +// RUN: %clang_analyze_cc1 -analyzer-checker=core,optin.taint,debug.TaintTest,unix.Malloc %s -verify -analyzer-output=sarif -o - | %normalize_sarif | diff -U1 -b %S/Inputs/expected-sarif/sarif-multi-diagnostic-test.c.sarif - #include "../Inputs/system-header-simulator.h" #include "../Inputs/system-header-simulator-for-malloc.h" #define ERR -1 @@ -43,4 +43,3 @@ int main(void) { unicode(); return 0; } - diff --git a/clang/test/Analysis/fread.c b/clang/test/Analysis/fread.c index 5dc6c0c744093a..8dc998ea1e899d 100644 --- a/clang/test/Analysis/fread.c +++ b/clang/test/Analysis/fread.c @@ -1,6 +1,6 @@ // RUN: %clang_analyze_cc1 -verify %s \ // RUN: -triple x86_64-linux-gnu \ -// RUN: -analyzer-checker=core,unix.Stream,alpha.security.taint \ +// RUN: -analyzer-checker=core,unix.Stream,optin.taint \ // RUN: -analyzer-checker=debug.ExprInspection #include "Inputs/system-header-simulator-for-simple-stream.h" diff --git a/clang/test/Analysis/global-region-invalidation-errno.c b/clang/test/Analysis/global-region-invalidation-errno.c index 9de10ad59095a2..868869b5d262f6 100644 --- a/clang/test/Analysis/global-region-invalidation-errno.c +++ b/clang/test/Analysis/global-region-invalidation-errno.c @@ -1,9 +1,9 @@ // RUN: %clang_analyze_cc1 -triple x86_64-apple-darwin10 -disable-free -verify %s \ -// RUN: -analyzer-checker=core,deadcode,alpha.security.taint \ +// RUN: -analyzer-checker=core,deadcode,optin.taint \ // RUN: -DERRNO_VAR // RUN: %clang_analyze_cc1 -triple x86_64-apple-darwin10 -disable-free -verify %s \ -// RUN: -analyzer-checker=core,deadcode,alpha.security.taint \ +// RUN: -analyzer-checker=core,deadcode,optin.taint \ // RUN: -DERRNO_FUNC // Note, we do need to include headers here, since the analyzer checks if the function declaration is located in a system header. diff --git a/clang/test/Analysis/global-region-invalidation.c b/clang/test/Analysis/global-region-invalidation.c index faca3baf11caf3..2f78467630ce63 100644 --- a/clang/test/Analysis/global-region-invalidation.c +++ b/clang/test/Analysis/global-region-invalidation.c @@ -1,5 +1,5 @@ // RUN: %clang_analyze_cc1 -triple x86_64-apple-darwin10 -disable-free -verify %s \ -// RUN: -analyzer-checker=core,deadcode,alpha.security.taint,debug.TaintTest,debug.ExprInspection +// RUN: -analyzer-checker=core,deadcode,optin.taint,debug.TaintTest,debug.ExprInspection void clang_analyzer_eval(int); diff --git a/clang/test/Analysis/malloc.c b/clang/test/Analysis/malloc.c index 9c7ca43bfbc5af..57f8561a74da66 100644 --- a/clang/test/Analysis/malloc.c +++ b/clang/test/Analysis/malloc.c @@ -4,7 +4,7 @@ // RUN: -analyzer-checker=alpha.core.CastSize \ // RUN: -analyzer-checker=unix \ // RUN: -analyzer-checker=debug.ExprInspection \ -// RUN: -analyzer-checker=alpha.security.taint.TaintPropagation \ +// RUN: -analyzer-checker=optin.taint.TaintPropagation \ // RUN: -analyzer-checker=optin.taint.TaintedAlloc #include "Inputs/system-header-simulator.h" diff --git a/clang/test/Analysis/malloc.cpp b/clang/test/Analysis/malloc.cpp index 7af1b59e04a5a2..2bbfaf6640b795 100644 --- a/clang/test/Analysis/malloc.cpp +++ b/clang/test/Analysis/malloc.cpp @@ -4,7 +4,7 @@ // RUN: -analyzer-checker=alpha.core.CastSize \ // RUN: -analyzer-checker=unix.Malloc \ // RUN: -analyzer-checker=cplusplus.NewDelete \ -// RUN: -analyzer-checker=alpha.security.taint.TaintPropagation \ +// RUN: -analyzer-checker=optin.taint.TaintPropagation \ // RUN: -analyzer-checker=optin.taint.TaintedAlloc // RUN: %clang_analyze_cc1 -w -verify %s \ @@ -14,7 +14,7 @@ // RUN: -analyzer-checker=alpha.core.CastSize \ // RUN: -analyzer-checker=unix.Malloc \ // RUN: -analyzer-checker=cplusplus.NewDelete \ -// RUN: -analyzer-checker=alpha.security.taint.TaintPropagation \ +// RUN: -analyzer-checker=optin.taint.TaintPropagation \ // RUN: -analyzer-checker=optin.taint.TaintedAlloc // RUN: %clang_analyze_cc1 -w -verify %s -DTEST_INLINABLE_ALLOCATORS \ @@ -23,7 +23,7 @@ // RUN: -analyzer-checker=alpha.core.CastSize \ // RUN: -analyzer-checker=unix.Malloc \ // RUN: -analyzer-checker=cplusplus.NewDelete \ -// RUN: -analyzer-checker=alpha.security.taint.TaintPropagation \ +// RUN: -analyzer-checker=optin.taint.TaintPropagation \ // RUN: -analyzer-checker=optin.taint.TaintedAlloc // RUN: %clang_analyze_cc1 -w -verify %s -DTEST_INLINABLE_ALLOCATORS \ @@ -33,7 +33,7 @@ // RUN: -analyzer-checker=alpha.core.CastSize \ // RUN: -analyzer-checker=unix.Malloc \ // RUN: -analyzer-checker=cplusplus.NewDelete \ -// RUN: -analyzer-checker=alpha.security.taint.TaintPropagation \ +// RUN: -analyzer-checker=optin.taint.TaintPropagation \ // RUN: -analyzer-checker=optin.taint.TaintedAlloc #include "Inputs/system-header-simulator-cxx.h" diff --git a/clang/test/Analysis/out-of-bounds-diagnostics.c b/clang/test/Analysis/out-of-bounds-diagnostics.c index de70e483add1c0..8ecad7036c3314 100644 --- a/clang/test/Analysis/out-of-bounds-diagnostics.c +++ b/clang/test/Analysis/out-of-bounds-diagnostics.c @@ -1,5 +1,5 @@ // RUN: %clang_analyze_cc1 -Wno-array-bounds -analyzer-output=text \ -// RUN: -analyzer-checker=core,alpha.security.ArrayBoundV2,unix.Malloc,alpha.security.taint -verify %s +// RUN: -analyzer-checker=core,alpha.security.ArrayBoundV2,unix.Malloc,optin.taint -verify %s int TenElements[10]; diff --git a/clang/test/Analysis/out-of-bounds-notes.c b/clang/test/Analysis/out-of-bounds-notes.c index c29b6f8ab111b4..391089b6a35d81 100644 --- a/clang/test/Analysis/out-of-bounds-notes.c +++ b/clang/test/Analysis/out-of-bounds-notes.c @@ -1,5 +1,5 @@ // RUN: %clang_analyze_cc1 -Wno-array-bounds -analyzer-output=text \ -// RUN: -analyzer-checker=core,alpha.security.ArrayBoundV2,unix.Malloc,alpha.security.taint -verify %s +// RUN: -analyzer-checker=core,alpha.security.ArrayBoundV2,unix.Malloc,optin.taint -verify %s int TenElements[10]; diff --git a/clang/test/Analysis/redefined_system.c b/clang/test/Analysis/redefined_system.c index 0a55c36c6dd5b3..0998fb92d2cd2a 100644 --- a/clang/test/Analysis/redefined_system.c +++ b/clang/test/Analysis/redefined_system.c @@ -1,4 +1,4 @@ -// RUN: %clang_analyze_cc1 -analyzer-checker=osx,unix,core,alpha.security.taint -w -verify %s +// RUN: %clang_analyze_cc1 -analyzer-checker=osx,unix,core,optin.taint -w -verify %s // expected-no-diagnostics // Make sure we don't crash when someone redefines a system function we reason about. diff --git a/clang/test/Analysis/string.c b/clang/test/Analysis/string.c index 85232624160c06..79b4877eedbd9c 100644 --- a/clang/test/Analysis/string.c +++ b/clang/test/Analysis/string.c @@ -25,7 +25,7 @@ // RUN: %clang_analyze_cc1 -verify %s -Wno-null-dereference \ // RUN: -DUSE_BUILTINS -DVARIANT \ // RUN: -analyzer-checker=core \ -// RUN: -analyzer-checker=alpha.security.taint \ +// RUN: -analyzer-checker=optin.taint \ // RUN: -analyzer-checker=unix.cstring \ // RUN: -analyzer-checker=unix.Malloc \ // RUN: -analyzer-checker=alpha.unix.cstring \ diff --git a/clang/test/Analysis/taint-checker-callback-order-has-definition.c b/clang/test/Analysis/taint-checker-callback-order-has-definition.c index eaf96cc675f062..66c244c4cfda33 100644 --- a/clang/test/Analysis/taint-checker-callback-order-has-definition.c +++ b/clang/test/Analysis/taint-checker-callback-order-has-definition.c @@ -1,5 +1,5 @@ // RUN: %clang_analyze_cc1 %s \ -// RUN: -analyzer-checker=core,alpha.security.taint \ +// RUN: -analyzer-checker=core,optin.taint \ // RUN: -mllvm -debug-only=taint-checker \ // RUN: 2>&1 | FileCheck %s diff --git a/clang/test/Analysis/taint-checker-callback-order-without-definition.c b/clang/test/Analysis/taint-checker-callback-order-without-definition.c index 6de87f736926d3..5f8df871b304d7 100644 --- a/clang/test/Analysis/taint-checker-callback-order-without-definition.c +++ b/clang/test/Analysis/taint-checker-callback-order-without-definition.c @@ -1,5 +1,5 @@ // RUN: %clang_analyze_cc1 %s \ -// RUN: -analyzer-checker=core,alpha.security.taint \ +// RUN: -analyzer-checker=core,optin.taint \ // RUN: -mllvm -debug-only=taint-checker \ // RUN: 2>&1 | FileCheck %s diff --git a/clang/test/Analysis/taint-diagnostic-visitor.c b/clang/test/Analysis/taint-diagnostic-visitor.c index f51423646e8aec..526c04c3607775 100644 --- a/clang/test/Analysis/taint-diagnostic-visitor.c +++ b/clang/test/Analysis/taint-diagnostic-visitor.c @@ -1,4 +1,4 @@ -// RUN: %clang_cc1 -analyze -analyzer-checker=alpha.security.taint,core,alpha.security.ArrayBoundV2,optin.taint.TaintedAlloc -analyzer-output=text -verify %s +// RUN: %clang_cc1 -analyze -analyzer-checker=optin.taint,core,alpha.security.ArrayBoundV2,optin.taint.TaintedAlloc -analyzer-output=text -verify %s // This file is for testing enhanced diagnostics produced by the GenericTaintChecker diff --git a/clang/test/Analysis/taint-dumps.c b/clang/test/Analysis/taint-dumps.c index 37fb6c2f2adf7d..01bf0d7deff3ad 100644 --- a/clang/test/Analysis/taint-dumps.c +++ b/clang/test/Analysis/taint-dumps.c @@ -1,4 +1,4 @@ -// RUN: %clang_analyze_cc1 -analyzer-checker=alpha.security.taint\ +// RUN: %clang_analyze_cc1 -analyzer-checker=optin.taint\ // RUN: -analyzer-checker=debug.ExprInspection %s\ // RUN: 2>&1 | FileCheck %s diff --git a/clang/test/Analysis/taint-generic.c b/clang/test/Analysis/taint-generic.c index 1c139312734bca..a5cfdd9db11579 100644 --- a/clang/test/Analysis/taint-generic.c +++ b/clang/test/Analysis/taint-generic.c @@ -1,57 +1,57 @@ // RUN: %clang_analyze_cc1 -Wno-format-security -Wno-pointer-to-int-cast \ // RUN: -Wno-incompatible-library-redeclaration -verify %s \ -// RUN: -analyzer-checker=alpha.security.taint \ +// RUN: -analyzer-checker=optin.taint.GenericTaint \ // RUN: -analyzer-checker=core \ // RUN: -analyzer-checker=alpha.security.ArrayBoundV2 \ // RUN: -analyzer-checker=debug.ExprInspection \ // RUN: -analyzer-config \ -// RUN: alpha.security.taint.TaintPropagation:Config=%S/Inputs/taint-generic-config.yaml +// RUN: optin.taint.TaintPropagation:Config=%S/Inputs/taint-generic-config.yaml // RUN: %clang_analyze_cc1 -Wno-format-security -Wno-pointer-to-int-cast \ // RUN: -Wno-incompatible-library-redeclaration -verify %s \ // RUN: -DFILE_IS_STRUCT \ -// RUN: -analyzer-checker=alpha.security.taint \ +// RUN: -analyzer-checker=optin.taint.GenericTaint \ // RUN: -analyzer-checker=core \ // RUN: -analyzer-checker=alpha.security.ArrayBoundV2 \ // RUN: -analyzer-checker=debug.ExprInspection \ // RUN: -analyzer-config \ -// RUN: alpha.security.taint.TaintPropagation:Config=%S/Inputs/taint-generic-config.yaml +// RUN: optin.taint.TaintPropagation:Config=%S/Inputs/taint-generic-config.yaml // RUN: not %clang_analyze_cc1 -Wno-pointer-to-int-cast \ // RUN: -Wno-incompatible-library-redeclaration -verify %s \ -// RUN: -analyzer-checker=alpha.security.taint \ +// RUN: -analyzer-checker=optin.taint.GenericTaint \ // RUN: -analyzer-checker=debug.ExprInspection \ // RUN: -analyzer-config \ -// RUN: alpha.security.taint.TaintPropagation:Config=justguessit \ +// RUN: optin.taint.TaintPropagation:Config=justguessit \ // RUN: 2>&1 | FileCheck %s -check-prefix=CHECK-INVALID-FILE // CHECK-INVALID-FILE: (frontend): invalid input for checker option -// CHECK-INVALID-FILE-SAME: 'alpha.security.taint.TaintPropagation:Config', +// CHECK-INVALID-FILE-SAME: 'optin.taint.TaintPropagation:Config', // CHECK-INVALID-FILE-SAME: that expects a valid filename instead of // CHECK-INVALID-FILE-SAME: 'justguessit' // RUN: not %clang_analyze_cc1 -Wno-incompatible-library-redeclaration \ // RUN: -verify %s \ -// RUN: -analyzer-checker=alpha.security.taint \ +// RUN: -analyzer-checker=optin.taint.GenericTaint \ // RUN: -analyzer-checker=debug.ExprInspection \ // RUN: -analyzer-config \ -// RUN: alpha.security.taint.TaintPropagation:Config=%S/Inputs/taint-generic-config-ill-formed.yaml \ +// RUN: optin.taint.TaintPropagation:Config=%S/Inputs/taint-generic-config-ill-formed.yaml \ // RUN: 2>&1 | FileCheck -DMSG=%errc_EINVAL %s -check-prefix=CHECK-ILL-FORMED // CHECK-ILL-FORMED: (frontend): invalid input for checker option -// CHECK-ILL-FORMED-SAME: 'alpha.security.taint.TaintPropagation:Config', +// CHECK-ILL-FORMED-SAME: 'optin.taint.TaintPropagation:Config', // CHECK-ILL-FORMED-SAME: that expects a valid yaml file: [[MSG]] // RUN: not %clang_analyze_cc1 -Wno-incompatible-library-redeclaration \ // RUN: -verify %s \ -// RUN: -analyzer-checker=alpha.security.taint \ +// RUN: -analyzer-checker=optin.taint.GenericTaint \ // RUN: -analyzer-checker=debug.ExprInspection \ // RUN: -analyzer-config \ -// RUN: alpha.security.taint.TaintPropagation:Config=%S/Inputs/taint-generic-config-invalid-arg.yaml \ +// RUN: optin.taint.TaintPropagation:Config=%S/Inputs/taint-generic-config-invalid-arg.yaml \ // RUN: 2>&1 | FileCheck %s -check-prefix=CHECK-INVALID-ARG // CHECK-INVALID-ARG: (frontend): invalid input for checker option -// CHECK-INVALID-ARG-SAME: 'alpha.security.taint.TaintPropagation:Config', +// CHECK-INVALID-ARG-SAME: 'optin.taint.TaintPropagation:Config', // CHECK-INVALID-ARG-SAME: that expects an argument number for propagation // CHECK-INVALID-ARG-SAME: rules greater or equal to -1 diff --git a/clang/test/Analysis/taint-generic.cpp b/clang/test/Analysis/taint-generic.cpp index 0aadef88c704cf..8092ac6f270b2a 100644 --- a/clang/test/Analysis/taint-generic.cpp +++ b/clang/test/Analysis/taint-generic.cpp @@ -1,4 +1,4 @@ -// RUN: %clang_analyze_cc1 -analyzer-checker=alpha.security.taint,core,alpha.security.ArrayBoundV2 -analyzer-config alpha.security.taint.TaintPropagation:Config=%S/Inputs/taint-generic-config.yaml -Wno-format-security -verify -std=c++11 %s +// RUN: %clang_analyze_cc1 -analyzer-checker=optin.taint,core,alpha.security.ArrayBoundV2 -analyzer-config optin.taint.TaintPropagation:Config=%S/Inputs/taint-generic-config.yaml -Wno-format-security -verify -std=c++11 %s #define BUFSIZE 10 int Buffer[BUFSIZE]; diff --git a/clang/test/Analysis/taint-tester.c b/clang/test/Analysis/taint-tester.c index 302349fb662ddb..479a96c92ececd 100644 --- a/clang/test/Analysis/taint-tester.c +++ b/clang/test/Analysis/taint-tester.c @@ -1,4 +1,4 @@ -// RUN: %clang_analyze_cc1 -Wno-int-to-pointer-cast -analyzer-checker=alpha.security.taint,debug.TaintTest %s -verify +// RUN: %clang_analyze_cc1 -Wno-int-to-pointer-cast -analyzer-checker=optin.taint,debug.TaintTest %s -verify #include "Inputs/system-header-simulator.h" diff --git a/clang/test/Analysis/taint-tester.cpp b/clang/test/Analysis/taint-tester.cpp index 23a92cc56d248f..a419938906800f 100644 --- a/clang/test/Analysis/taint-tester.cpp +++ b/clang/test/Analysis/taint-tester.cpp @@ -1,4 +1,4 @@ -// RUN: %clang_analyze_cc1 -analyzer-checker=alpha.security.taint,debug.TaintTest %s -verify +// RUN: %clang_analyze_cc1 -analyzer-checker=optin.taint,debug.TaintTest %s -verify // expected-no-diagnostics typedef struct _FILE FILE; @@ -32,4 +32,3 @@ void testOpaqueClass(opaque *obj) { char buf[20]; snprintf(buf, 20, "%p", obj); // don't crash trying to load *obj } - diff --git a/clang/test/Analysis/taint-tester.m b/clang/test/Analysis/taint-tester.m index 531c21b5faf88f..3358a7769e2571 100644 --- a/clang/test/Analysis/taint-tester.m +++ b/clang/test/Analysis/taint-tester.m @@ -1,4 +1,4 @@ -// RUN: %clang_analyze_cc1 -analyzer-checker=alpha.security.taint,debug.TaintTest %s -verify +// RUN: %clang_analyze_cc1 -analyzer-checker=optin.taint,debug.TaintTest %s -verify // expected-no-diagnostics #import <stdarg.h> @@ -14,8 +14,8 @@ void TestLog (NSString *format, ...) { va_list ap; va_start(ap, format); NSString *string = @"AAA: "; - + NSLogv([string stringByAppendingString:format], ap); - + va_end(ap); } \ No newline at end of file diff --git a/clang/utils/analyzer/SATestBuild.py b/clang/utils/analyzer/SATestBuild.py index bc86ed8b64e0e9..66e1ab72985cd9 100644 --- a/clang/utils/analyzer/SATestBuild.py +++ b/clang/utils/analyzer/SATestBuild.py @@ -176,7 +176,7 @@ def stdout(message: str): CHECKERS = ",".join( [ "alpha.unix.SimpleStream", - "alpha.security.taint", + "optin.taint", "cplusplus.NewDeleteLeaks", "core", "cplusplus", _______________________________________________ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
