[PATCH] D71524: [analyzer] Support tainted objects in GenericTaintChecker

steakhal added a comment. In D71524#2304742 , @boga95 wrote: > As far as I remember I tried to make `std::cin` tainted, but it was > complicated. What sort of issues did you find by implementing that approach? Could you elaborate? > I run the checker a

[PATCH] D71524: [analyzer] Support tainted objects in GenericTaintChecker

boga95 marked an inline comment as done. boga95 added a comment. In D71524#2291925 , @steakhal wrote: > In D71524#2284386 , @Szelethus wrote: > >> I figured you're still working on this, sorry! I'd really like to ch

[PATCH] D71524: [analyzer] Support tainted objects in GenericTaintChecker

steakhal added a comment. In D71524#2284386 , @Szelethus wrote: > I figured you're still working on this, sorry! I'd really like to chat about > my earlier comment D71524#1917251 , > as it kind of challenges the h

[PATCH] D71524: [analyzer] Support tainted objects in GenericTaintChecker

Szelethus added a comment. I figured you're still working on this, sorry! I'd really like to chat about my earlier comment D71524#1917251 , as it kind of challenges the high level idea. CHANGES SINCE LAST ACTION https://reviews.llvm.org/D71524/new/ h

[PATCH] D71524: [analyzer] Support tainted objects in GenericTaintChecker

boga95 marked 9 inline comments as done. boga95 added a comment. Ping Comment at: clang/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp:289-293 + {"c_str", {"std::__cxx11::basic_string", {{0}, {ReturnValueIndex, + {"data", {"std::__cxx11::basic_string", {{0},

[PATCH] D71524: [analyzer] Support tainted objects in GenericTaintChecker

boga95 updated this revision to Diff 256839. CHANGES SINCE LAST ACTION https://reviews.llvm.org/D71524/new/ https://reviews.llvm.org/D71524 Files: clang/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp clang/lib/StaticAnalyzer/Checkers/Taint.cpp clang/test/Analysis/Inputs/system-heade

[PATCH] D71524: [analyzer] Support tainted objects in GenericTaintChecker

Szelethus added a comment. Herald added a subscriber: ASDenysPetrov. In D71524#1924508 , @steakhal wrote: > I think `CallDescription` can only identify objects/functions which has > `IdefntifyerInfo` in them. AFAIK operators don't have such. Though someho

[PATCH] D71524: [analyzer] Support tainted objects in GenericTaintChecker

steakhal added a comment. In D71524#1917251 , @Szelethus wrote: > Are we sure this is what we want? If this is a heuristic, we should document > it well, and even then I'm not sure whether we want it. I'm also pretty sure > this would make the eventual c

[PATCH] D71524: [analyzer] Support tainted objects in GenericTaintChecker

Szelethus added inline comments. Comment at: clang/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp:139 + /// Add taint sources for extraction operator on pre-visit. + bool addOverloadedOpPre(const CallExpr *CE, CheckerContext &C) const; steakhal wrote: >

[PATCH] D71524: [analyzer] Support tainted objects in GenericTaintChecker

NoQ added inline comments. Comment at: clang/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp:289 + NameRuleMap CustomPropagations{ + {"c_str", {"std::__cxx11::basic_string", {{0}, {ReturnValueIndex, + {"data", {"std::__cxx11::basic_string", {{0}, {ReturnValueIn

[PATCH] D71524: [analyzer] Support tainted objects in GenericTaintChecker

Szelethus added a comment. So, as far as I understand, your thinking here is that `CXXOperatorCallExpr`s (which are global, non-member operators) when they are `>>`, they will propagate taintedness from the 0th argument to the 1st and the return value, correct? So, if I do this: struct Panda

[PATCH] D71524: [analyzer] Support tainted objects in GenericTaintChecker

boga95 updated this revision to Diff 249019. boga95 marked 2 inline comments as done. boga95 added a comment. Rebase to master. CHANGES SINCE LAST ACTION https://reviews.llvm.org/D71524/new/ https://reviews.llvm.org/D71524 Files: clang/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp

[PATCH] D71524: [analyzer] Support tainted objects in GenericTaintChecker

steakhal added a comment. In D71524#1902654 , @steakhal wrote: > In D71524#1889566 , @boga95 wrote: > > > @steakhal's revision is on the top of this. Changing the order will only > > cause unnecessary work on both

[PATCH] D71524: [analyzer] Support tainted objects in GenericTaintChecker

steakhal added a comment. In D71524#1889566 , @boga95 wrote: > @steakhal's revision is on the top of this. Changing the order will only > cause unnecessary work on both sides. I would happily rebase this patch if you want. Comment at

[PATCH] D71524: [analyzer] Support tainted objects in GenericTaintChecker

balazske added inline comments. Comment at: clang/test/Analysis/taint-generic.cpp:189 + istream& getline(istream& is, string& str); +} + These `std` declarations are at a better place in `system-header-simulator-cxx.h` or a similar file. CHANGES SINCE LAST AC

[PATCH] D71524: [analyzer] Support tainted objects in GenericTaintChecker

Szelethus added a comment. In D71524#1889566 , @boga95 wrote: > @steakhal's revision is on the top of this. Changing the order will only > cause unnecessary work on both sides. He recently rebased on top of master. I'm no fan of creating unnecessary wor

[PATCH] D71524: [analyzer] Support tainted objects in GenericTaintChecker

boga95 marked 6 inline comments as done. boga95 added a comment. @steakhal's revision is on the top of this. Changing the order will only cause unnecessary work on both sides. Comment at: clang/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp:103-132 struct FunctionData

[PATCH] D71524: [analyzer] Support tainted objects in GenericTaintChecker

Szelethus requested changes to this revision. Szelethus added a reviewer: steakhal. Szelethus added a comment. This revision now requires changes to proceed. This patch is really cool, but I still feel anxious a bit about duplicating so much functionality, especially since we're working very hard

[PATCH] D71524: [analyzer] Support tainted objects in GenericTaintChecker

boga95 updated this revision to Diff 246120. boga95 marked 5 inline comments as done. Herald added a subscriber: martong. CHANGES SINCE LAST ACTION https://reviews.llvm.org/D71524/new/ https://reviews.llvm.org/D71524 Files: clang/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp clang/li

[PATCH] D71524: [analyzer] Support tainted objects in GenericTaintChecker

Szelethus added a comment. A portion of my concerns are answered by this patch: D72035 . Comment at: clang/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp:103-132 struct FunctionData { FunctionData() = delete; FunctionData(cons

[PATCH] D71524: [analyzer] Support tainted objects in GenericTaintChecker

xazax.hun added inline comments. Comment at: clang/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp:268 CheckerContext &C) { - if (isTainted(State, E, C.getLocationContext()) || isStdin(E, C)) + if (isTainted(State, E, C.ge

[PATCH] D71524: [analyzer] Support tainted objects in GenericTaintChecker

Szelethus added a comment. I strongly agree with this comment: D70878#1780513 , maybe the placement of functions like `getArg` and `getNumArgs` would be most appropriate in `CallDescription`. How about we try to cut down on duplicating functionalities?

[PATCH] D71524: [analyzer] Support tainted objects in GenericTaintChecker

boga95 added a comment. Ping Repository: rG LLVM Github Monorepo CHANGES SINCE LAST ACTION https://reviews.llvm.org/D71524/new/ https://reviews.llvm.org/D71524 ___ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-

[PATCH] D71524: [analyzer] Support tainted objects in GenericTaintChecker

boga95 created this revision. boga95 added reviewers: NoQ, Szelethus. Herald added subscribers: cfe-commits, Charusso, donat.nagy, mikhail.ramalho, a.sidorin, szepet, baloghadamsoftware. Herald added a project: clang. I extended the supported C++ features: - The `this` pointer can be tainted (0.