================ @@ -1413,9 +1371,16 @@ For a more detailed description of configuration options, please see the **Configuration** -* `Config` Specifies the name of the YAML configuration file. The user can +* ``Config`` Specifies the name of the YAML configuration file. The user can define their own taint sources and sinks. +* The if the analyzer option ``assume-controlled-environment`` is set to ``false``, + it is assumed that the command line arguments and the environment + variables of the program are attacker controlled. + In particular, the ``argv`` argument of the ``main`` function and ---------------- NagyDonat wrote:
> As envp is not in the POSIX standard did not look important. Support for `envp` is pretty widespread (e.g. [GCC supports it](https://www.gnu.org/software/c-intro-and-ref/manual/html_node/The-main-Function.html), [MSVC also supports it](https://learn.microsoft.com/en-us/cpp/cpp/main-function-command-line-args?view=msvc-170)) so I think we should recognize it and mark its contents as tainted. Also note that the C99 standard [explicitly allows implementations to accept more signatures for `main` than the usual two](https://en.cppreference.com/w/c/language/main_function.html). > The taintedness of the environment variables are handled when they are > accessed through getenv() which is typically used to access them. I agree that `getenv()` is probably more common (although I don't have concrete statistics), but we should still support `envp` if it is not too difficult (I assume that it can be handled the same way `argv` is handled). https://github.com/llvm/llvm-project/pull/178054 _______________________________________________ cfe-commits mailing list [email protected] https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
