2019-03-01 17:52:53 +08:00
|
|
|
//===-- CommandProcessorCheck.cpp - clang-tidy ----------------------------===//
|
2016-02-23 00:01:06 +08:00
|
|
|
//
|
2019-01-19 16:50:56 +08:00
|
|
|
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
|
|
|
|
// See https://llvm.org/LICENSE.txt for license information.
|
|
|
|
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
|
2016-02-23 00:01:06 +08:00
|
|
|
//
|
|
|
|
//===----------------------------------------------------------------------===//
|
|
|
|
|
|
|
|
#include "CommandProcessorCheck.h"
|
|
|
|
#include "clang/AST/ASTContext.h"
|
|
|
|
#include "clang/ASTMatchers/ASTMatchFinder.h"
|
|
|
|
|
|
|
|
using namespace clang::ast_matchers;
|
|
|
|
|
|
|
|
namespace clang {
|
|
|
|
namespace tidy {
|
|
|
|
namespace cert {
|
|
|
|
|
|
|
|
void CommandProcessorCheck::registerMatchers(MatchFinder *Finder) {
|
|
|
|
Finder->addMatcher(
|
|
|
|
callExpr(
|
2020-07-07 21:30:52 +08:00
|
|
|
callee(functionDecl(hasAnyName("::system", "::popen", "::_popen"))
|
2016-02-23 00:01:06 +08:00
|
|
|
.bind("func")),
|
|
|
|
// Do not diagnose when the call expression passes a null pointer
|
|
|
|
// constant to system(); that only checks for the presence of a
|
|
|
|
// command processor, which is not a security risk by itself.
|
|
|
|
unless(callExpr(callee(functionDecl(hasName("::system"))),
|
|
|
|
argumentCountIs(1),
|
|
|
|
hasArgument(0, nullPointerConstant()))))
|
|
|
|
.bind("expr"),
|
|
|
|
this);
|
|
|
|
}
|
|
|
|
|
|
|
|
void CommandProcessorCheck::check(const MatchFinder::MatchResult &Result) {
|
|
|
|
const auto *Fn = Result.Nodes.getNodeAs<FunctionDecl>("func");
|
|
|
|
const auto *E = Result.Nodes.getNodeAs<CallExpr>("expr");
|
|
|
|
|
|
|
|
diag(E->getExprLoc(), "calling %0 uses a command processor") << Fn;
|
|
|
|
}
|
|
|
|
|
|
|
|
} // namespace cert
|
|
|
|
} // namespace tidy
|
|
|
|
} // namespace clang
|