On Wed, 2020-01-08 at 04:02 -0500, David Malcolm wrote: > Initial comments by Jeff here: > https://gcc.gnu.org/ml/gcc-patches/2019-12/msg00510.html > This checker isn't ready for production yet, so the discussion in the > cover letter applies here. > > Changed in v5: > - update ChangeLog path > - updated copyright years to include 2020 > > Changed in v4: > - Remove include of gcc-plugin.h, reworking includes accordingly. > - Wrap everything in #if ENABLE_ANALYZER > - Remove /// comment lines > - Rework on_leak vfunc: > https://gcc.gnu.org/ml/gcc-patches/2019-11/msg02028.html > - Rework for changes to is_named_call_p, resolving function pointers: > https://gcc.gnu.org/ml/gcc-patches/2019-12/msg00178.html > > This patch adds a state machine checker for tracking "taint", > where data potentially under an attacker's control is used for > things like array indices without sanitization (CWE-129). > > This checker isn't ready for production, and is presented as a > proof-of-concept of the sm-based approach. > > gcc/analyzer/ChangeLog: > * sm-taint.cc: New file. OK. I think there's all kinds of things we can and will do with taint analysis over the longer term. Seems like having this as a starting point for those interested in the area would be a good thing.
jeff >
