2017-06-30 03:13:29 +08:00
|
|
|
//===--- CloexecOpenCheck.h - clang-tidy-----------------------------------===//
|
[clang-tidy][Part1] Add a new module Android and three new checks.
Summary:
A common source of security bugs is code that opens a file descriptors without using the O_CLOEXEC flag. (Without that flag, an opened sensitive file would remain open across a fork+exec to a lower-privileged SELinux domain, leaking that sensitive data.).
Add a new Android module and one checks in clang-tidy.
-- open(), openat(), and open64() should include O_CLOEXEC in their flags argument. [android-file-open-flag]
Links to part2 and part3:
https://reviews.llvm.org/D33745
https://reviews.llvm.org/D33747
Reviewers: chh, alexfh, aaron.ballman, hokein
Reviewed By: alexfh, hokein
Subscribers: jbcoe, joerg, malcolm.parsons, Eugene.Zelenko, srhines, mgorny, xazax.hun, cfe-commits, krytarowski
Tags: #clang-tools-extra
Differential Revision: https://reviews.llvm.org/D33304
llvm-svn: 306165
2017-06-24 05:37:29 +08:00
|
|
|
//
|
|
|
|
// The LLVM Compiler Infrastructure
|
|
|
|
//
|
|
|
|
// This file is distributed under the University of Illinois Open Source
|
|
|
|
// License. See LICENSE.TXT for details.
|
|
|
|
//
|
|
|
|
//===----------------------------------------------------------------------===//
|
|
|
|
|
2017-06-30 03:13:29 +08:00
|
|
|
#ifndef LLVM_CLANG_TOOLS_EXTRA_CLANG_TIDY_ANDROID_CLOEXEC_OPEN_H
|
|
|
|
#define LLVM_CLANG_TOOLS_EXTRA_CLANG_TIDY_ANDROID_CLOEXEC_OPEN_H
|
[clang-tidy][Part1] Add a new module Android and three new checks.
Summary:
A common source of security bugs is code that opens a file descriptors without using the O_CLOEXEC flag. (Without that flag, an opened sensitive file would remain open across a fork+exec to a lower-privileged SELinux domain, leaking that sensitive data.).
Add a new Android module and one checks in clang-tidy.
-- open(), openat(), and open64() should include O_CLOEXEC in their flags argument. [android-file-open-flag]
Links to part2 and part3:
https://reviews.llvm.org/D33745
https://reviews.llvm.org/D33747
Reviewers: chh, alexfh, aaron.ballman, hokein
Reviewed By: alexfh, hokein
Subscribers: jbcoe, joerg, malcolm.parsons, Eugene.Zelenko, srhines, mgorny, xazax.hun, cfe-commits, krytarowski
Tags: #clang-tools-extra
Differential Revision: https://reviews.llvm.org/D33304
llvm-svn: 306165
2017-06-24 05:37:29 +08:00
|
|
|
|
2017-08-17 00:59:26 +08:00
|
|
|
#include "CloexecCheck.h"
|
[clang-tidy][Part1] Add a new module Android and three new checks.
Summary:
A common source of security bugs is code that opens a file descriptors without using the O_CLOEXEC flag. (Without that flag, an opened sensitive file would remain open across a fork+exec to a lower-privileged SELinux domain, leaking that sensitive data.).
Add a new Android module and one checks in clang-tidy.
-- open(), openat(), and open64() should include O_CLOEXEC in their flags argument. [android-file-open-flag]
Links to part2 and part3:
https://reviews.llvm.org/D33745
https://reviews.llvm.org/D33747
Reviewers: chh, alexfh, aaron.ballman, hokein
Reviewed By: alexfh, hokein
Subscribers: jbcoe, joerg, malcolm.parsons, Eugene.Zelenko, srhines, mgorny, xazax.hun, cfe-commits, krytarowski
Tags: #clang-tools-extra
Differential Revision: https://reviews.llvm.org/D33304
llvm-svn: 306165
2017-06-24 05:37:29 +08:00
|
|
|
|
|
|
|
namespace clang {
|
|
|
|
namespace tidy {
|
|
|
|
namespace android {
|
|
|
|
|
|
|
|
/// Finds code that opens file without using the O_CLOEXEC flag.
|
|
|
|
///
|
|
|
|
/// open(), openat(), and open64() had better to include O_CLOEXEC in their
|
|
|
|
/// flags argument. Only consider simple cases that the corresponding argument
|
|
|
|
/// is constant or binary operation OR among constants like 'O_CLOEXEC' or
|
|
|
|
/// 'O_CLOEXEC | O_RDONLY'. No constant propagation is performed.
|
|
|
|
///
|
|
|
|
/// Only the symbolic 'O_CLOEXEC' macro definition is checked, not the concrete
|
|
|
|
/// value.
|
2017-08-17 00:59:26 +08:00
|
|
|
class CloexecOpenCheck : public CloexecCheck {
|
[clang-tidy][Part1] Add a new module Android and three new checks.
Summary:
A common source of security bugs is code that opens a file descriptors without using the O_CLOEXEC flag. (Without that flag, an opened sensitive file would remain open across a fork+exec to a lower-privileged SELinux domain, leaking that sensitive data.).
Add a new Android module and one checks in clang-tidy.
-- open(), openat(), and open64() should include O_CLOEXEC in their flags argument. [android-file-open-flag]
Links to part2 and part3:
https://reviews.llvm.org/D33745
https://reviews.llvm.org/D33747
Reviewers: chh, alexfh, aaron.ballman, hokein
Reviewed By: alexfh, hokein
Subscribers: jbcoe, joerg, malcolm.parsons, Eugene.Zelenko, srhines, mgorny, xazax.hun, cfe-commits, krytarowski
Tags: #clang-tools-extra
Differential Revision: https://reviews.llvm.org/D33304
llvm-svn: 306165
2017-06-24 05:37:29 +08:00
|
|
|
public:
|
2017-06-30 03:13:29 +08:00
|
|
|
CloexecOpenCheck(StringRef Name, ClangTidyContext *Context)
|
2017-08-17 00:59:26 +08:00
|
|
|
: CloexecCheck(Name, Context) {}
|
[clang-tidy][Part1] Add a new module Android and three new checks.
Summary:
A common source of security bugs is code that opens a file descriptors without using the O_CLOEXEC flag. (Without that flag, an opened sensitive file would remain open across a fork+exec to a lower-privileged SELinux domain, leaking that sensitive data.).
Add a new Android module and one checks in clang-tidy.
-- open(), openat(), and open64() should include O_CLOEXEC in their flags argument. [android-file-open-flag]
Links to part2 and part3:
https://reviews.llvm.org/D33745
https://reviews.llvm.org/D33747
Reviewers: chh, alexfh, aaron.ballman, hokein
Reviewed By: alexfh, hokein
Subscribers: jbcoe, joerg, malcolm.parsons, Eugene.Zelenko, srhines, mgorny, xazax.hun, cfe-commits, krytarowski
Tags: #clang-tools-extra
Differential Revision: https://reviews.llvm.org/D33304
llvm-svn: 306165
2017-06-24 05:37:29 +08:00
|
|
|
void registerMatchers(ast_matchers::MatchFinder *Finder) override;
|
|
|
|
void check(const ast_matchers::MatchFinder::MatchResult &Result) override;
|
|
|
|
};
|
|
|
|
|
|
|
|
} // namespace android
|
|
|
|
} // namespace tidy
|
|
|
|
} // namespace clang
|
|
|
|
|
2017-06-30 03:13:29 +08:00
|
|
|
#endif // LLVM_CLANG_TOOLS_EXTRA_CLANG_TIDY_ANDROID_CLOEXEC_OPEN_H
|