================
@@ -827,8 +829,60 @@ void GenericTaintChecker::initTaintRules(CheckerContext
&C) const {
std::make_move_iterator(Rules.end()));
}
+// The incoming parameters of the main function get tainted
+// if the program called in an untrusted environment.
+void GenericTaintChecker::checkBeginFunction(CheckerContext &C) const {
+ if (!C.inTopFrame() || C.getAnalysisManager()
+ .getAnalyzerOptions()
+ .ShouldAssumeControlledEnvironment)
+ return;
+
+ const auto *FD = dyn_cast<FunctionDecl>(C.getLocationContext()->getDecl());
+ if (!FD || !FD->isMain() || FD->param_size() < 2)
+ return;
+
+ ProgramStateRef State = C.getState();
+ const MemRegion *ArgvReg =
+ State->getRegion(FD->parameters()[1], C.getLocationContext());
+ SVal ArgvSVal = State->getSVal(ArgvReg);
+ State = addTaint(State, ArgvSVal);
+ StringRef ArgvName = FD->parameters()[1]->getName();
+
+ const MemRegion *ArgcReg =
+ State->getRegion(FD->parameters()[0], C.getLocationContext());
+ SVal ArgcSVal = State->getSVal(ArgcReg);
+ State = addTaint(State, ArgcSVal);
+ StringRef ArgcName = FD->parameters()[0]->getName();
+ if (auto N = ArgcSVal.getAs<NonLoc>()) {
----------------
dkrupp wrote:
Type checking added to the parameters of the main function
https://github.com/llvm/llvm-project/pull/178054
_______________________________________________
cfe-commits mailing list
[email protected]
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
