[clang] [clang][analyzer] Add taintedness to argv (PR #178054)

Mon, 23 Feb 2026 08:20:04 -0800 

================
@@ -0,0 +1,46 @@
+// RUN: %clang_analyze_cc1 
-analyzer-checker=optin.taint,core,security.ArrayBound -analyzer-config \
+// RUN: assume-controlled-environment=false -analyzer-output=text -verify %s
+
+// This file is for testing enhanced diagnostics produced by the
+// GenericTaintChecker
+
+typedef __typeof(sizeof(int)) size_t;
+int system(const char *command);
+size_t strlen(const char *str);
+char *strncat(char *destination, const char *source, size_t num);
+char *strncpy(char *destination, const char *source, size_t num);
+
+// In an untrusted environment the cmd line arguments
+// are assumed to be tainted.
+int main(int argc, char *argv[]) { // expected-note {{Taint originated in 
'argv'}}
+  if (argc < 2)          // expected-note {{'argc' is >= 2}}
+                         // expected-note@-1 {{Taking false branch}}
+    return 1;
+  char cmd[2048] = "/bin/cat ";
+  char filename[1024];
+  strncpy(filename, argv[1], sizeof(filename) - 1); // expected-note {{Taint 
propagated to the 1st argument}}
+  strncat(cmd, filename, sizeof(cmd) - strlen(cmd) - 1); // expected-note 
{{Taint propagated to the 1st argument}}
+  system(cmd); // expected-warning {{Untrusted data is passed to a system 
call}}
+               // expected-note@-1 {{Untrusted data is passed to a system 
call}}
+  return 0;
+}
+
+// Arguments of main as a class member
+// are note taint sources.
+// no warning expected
+// A function declared inside a class or namespace may be named "main" but it
+// cannot be _the_ `main` function that is executed at startup. Validate that
+// in a case like this the arguments are not marked as tainted and no warning
+// is produced.
+class MyClass {
+  int main(int argc, char *argv[]) {
+    if (argc < 2)
+      return 1;
+    char cmd[2048] = "/bin/cat ";
+    char filename[1024];
+    strncpy(filename, argv[1], sizeof(filename) - 1);
+    strncat(cmd, filename, sizeof(cmd) - strlen(cmd) - 1);
+    system(cmd);
+    return 0;
+  }
+};
----------------
steakhal wrote:

```suggestion
};

```

https://github.com/llvm/llvm-project/pull/178054
_______________________________________________
cfe-commits mailing list
[email protected]
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

Reply via email to