llvm-project/clang-tools-extra/clang-tidy/android/AndroidTidyModule.cpp

//===--- AndroidTidyModule.cpp - clang-tidy--------------------------------===//
//
// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
// See https://llvm.org/LICENSE.txt for license information.
// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
//
//===----------------------------------------------------------------------===//

#include "../ClangTidy.h"
#include "../ClangTidyModule.h"
#include "../ClangTidyModuleRegistry.h"
#include "CloexecAccept4Check.h"
#include "CloexecAcceptCheck.h"
#include "CloexecCreatCheck.h"
#include "CloexecDupCheck.h"
#include "CloexecEpollCreate1Check.h"
#include "CloexecEpollCreateCheck.h"
#include "CloexecFopenCheck.h"
#include "CloexecInotifyInit1Check.h"
#include "CloexecInotifyInitCheck.h"
#include "CloexecMemfdCreateCheck.h"
#include "CloexecOpenCheck.h"
#include "CloexecPipe2Check.h"
#include "CloexecPipeCheck.h"
#include "CloexecSocketCheck.h"
#include "ComparisonInTempFailureRetryCheck.h"

using namespace clang::ast_matchers;

namespace clang {
namespace tidy {
namespace android {

/// This module is for Android specific checks.
class AndroidModule : public ClangTidyModule {
public:
  void addCheckFactories(ClangTidyCheckFactories &CheckFactories) override {
    CheckFactories.registerCheck<CloexecAccept4Check>("android-cloexec-accept4");
    CheckFactories.registerCheck<CloexecAcceptCheck>("android-cloexec-accept");
    CheckFactories.registerCheck<CloexecCreatCheck>("android-cloexec-creat");
    CheckFactories.registerCheck<CloexecDupCheck>("android-cloexec-dup");
    CheckFactories.registerCheck<CloexecEpollCreate1Check>(
        "android-cloexec-epoll-create1");
    CheckFactories.registerCheck<CloexecEpollCreateCheck>(
        "android-cloexec-epoll-create");
    CheckFactories.registerCheck<CloexecFopenCheck>("android-cloexec-fopen");
    CheckFactories.registerCheck<CloexecInotifyInit1Check>(
        "android-cloexec-inotify-init1");
    CheckFactories.registerCheck<CloexecInotifyInitCheck>(
        "android-cloexec-inotify-init");
    CheckFactories.registerCheck<CloexecMemfdCreateCheck>(
        "android-cloexec-memfd-create");
    CheckFactories.registerCheck<CloexecOpenCheck>("android-cloexec-open");
    CheckFactories.registerCheck<CloexecPipeCheck>("android-cloexec-pipe");
    CheckFactories.registerCheck<CloexecPipe2Check>("android-cloexec-pipe2");
    CheckFactories.registerCheck<CloexecSocketCheck>("android-cloexec-socket");
    CheckFactories.registerCheck<ComparisonInTempFailureRetryCheck>(
        "android-comparison-in-temp-failure-retry");
  }
};

// Register the AndroidTidyModule using this statically initialized variable.
static ClangTidyModuleRegistry::Add<AndroidModule>
    X("android-module", "Adds Android platform checks.");

} // namespace android

// This anchor is used to force the linker to link in the generated object file
// and thus register the AndroidModule.
volatile int AndroidModuleAnchorSource = 0;

} // namespace tidy
} // namespace clang
[clang-tidy][Part1] Add a new module Android and three new checks. Summary: A common source of security bugs is code that opens a file descriptors without using the O_CLOEXEC flag. (Without that flag, an opened sensitive file would remain open across a fork+exec to a lower-privileged SELinux domain, leaking that sensitive data.). Add a new Android module and one checks in clang-tidy. -- open(), openat(), and open64() should include O_CLOEXEC in their flags argument. [android-file-open-flag] Links to part2 and part3: https://reviews.llvm.org/D33745 https://reviews.llvm.org/D33747 Reviewers: chh, alexfh, aaron.ballman, hokein Reviewed By: alexfh, hokein Subscribers: jbcoe, joerg, malcolm.parsons, Eugene.Zelenko, srhines, mgorny, xazax.hun, cfe-commits, krytarowski Tags: #clang-tools-extra Differential Revision: https://reviews.llvm.org/D33304 llvm-svn: 306165 2017-06-24 05:37:29 +08:00			`//===--- AndroidTidyModule.cpp - clang-tidy--------------------------------===//`
			`//`
Update the file headers across all of the LLVM projects in the monorepo to reflect the new license. We understand that people may be surprised that we're moving the header entirely to discuss the new license. We checked this carefully with the Foundation's lawyer and we believe this is the correct approach. Essentially, all code in the project is now made available by the LLVM project under our new license, so you will see that the license headers include that license only. Some of our contributors have contributed code under our old license, and accordingly, we have retained a copy of our old license notice in the top-level files in each project and repository. llvm-svn: 351636 2019-01-19 16:50:56 +08:00			`// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.`
			`// See https://llvm.org/LICENSE.txt for license information.`
			`// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception`
[clang-tidy][Part1] Add a new module Android and three new checks. Summary: A common source of security bugs is code that opens a file descriptors without using the O_CLOEXEC flag. (Without that flag, an opened sensitive file would remain open across a fork+exec to a lower-privileged SELinux domain, leaking that sensitive data.). Add a new Android module and one checks in clang-tidy. -- open(), openat(), and open64() should include O_CLOEXEC in their flags argument. [android-file-open-flag] Links to part2 and part3: https://reviews.llvm.org/D33745 https://reviews.llvm.org/D33747 Reviewers: chh, alexfh, aaron.ballman, hokein Reviewed By: alexfh, hokein Subscribers: jbcoe, joerg, malcolm.parsons, Eugene.Zelenko, srhines, mgorny, xazax.hun, cfe-commits, krytarowski Tags: #clang-tools-extra Differential Revision: https://reviews.llvm.org/D33304 llvm-svn: 306165 2017-06-24 05:37:29 +08:00			`//`
			`//===----------------------------------------------------------------------===//`

			`#include "../ClangTidy.h"`
			`#include "../ClangTidyModule.h"`
			`#include "../ClangTidyModuleRegistry.h"`
[clang-tidy] Add a close-on-exec check on accept4() in Android module. Summary: accept4() is better to set SOCK_CLOEXEC flag to avoid file descriptor leakage. Differential Revision: https://reviews.llvm.org/D35363 llvm-svn: 311027 2017-08-17 01:46:18 +08:00			`#include "CloexecAccept4Check.h"`
[clang-tidy] Add a close-on-exec check on accept() in Android module. Summary: accept() is better to be replaced by accept4() with SOCK_CLOEXEC flag to avoid file descriptor leakage. Differential Revision: https://reviews.llvm.org/D35362 llvm-svn: 311024 2017-08-17 01:18:16 +08:00			`#include "CloexecAcceptCheck.h"`
[clang-tidy][Part2] Add a new module Android and three new checks Summary: -- creat() should be replaced by open(). [android-creat-usage] Reviewers: chh, alexfh, aaron.ballman, hokein Reviewed By: hokein Subscribers: JDevlieghere, srhines, mgorny, xazax.hun Tags: #clang-tools-extra Differential Revision: https://reviews.llvm.org/D33745 llvm-svn: 306708 2017-06-30 01:40:57 +08:00			`#include "CloexecCreatCheck.h"`
[clang-tidy] Sort includes; NFC llvm-svn: 329428 2018-04-07 01:22:36 +08:00			`#include "CloexecDupCheck.h"`
[clang-tidy] Add a close-on-exec check on epoll_create1() in Android module. Summary: epoll_create1() is better to set EPOLL_CLOEXEC flag to avoid file descriptor leakage. Differential Revision: https://reviews.llvm.org/D35365 llvm-svn: 311028 2017-08-17 01:53:12 +08:00			`#include "CloexecEpollCreate1Check.h"`
[clang-tidy] Add a close-on-exec check on epoll_create() in Android module. Summary: epoll_create() is better to be replaced by epoll_create1() with EPOLL_CLOEXEC flag to avoid file descriptor leakage. Differential Revision: https://reviews.llvm.org/D35367 llvm-svn: 311029 2017-08-17 02:02:49 +08:00			`#include "CloexecEpollCreateCheck.h"`
[clang-tidy][Part3] Add a new module Android and three new checks. Summary: -- fopen() should include "e" in their mode string. [android-fopen-mode] Reviewers: chh, alexfh, aaron.ballman, hokein Reviewed By: hokein Subscribers: JDevlieghere, srhines, mgorny, xazax.hun Tags: #clang-tools-extra Differential Revision: https://reviews.llvm.org/D33747 llvm-svn: 306709 2017-06-30 01:42:23 +08:00			`#include "CloexecFopenCheck.h"`
[clang-tidy] Add a close-on-exec check on inotify_init1() in Android module. Summary: inotify_init1() is better to set IN_CLOEXEC flag to avoid file descriptor leakage. Differential Revision: https://reviews.llvm.org/D35368 llvm-svn: 310863 2017-08-15 01:45:48 +08:00			`#include "CloexecInotifyInit1Check.h"`
[clang-tidy] Add a close-on-exec check on inotify_init() in Android module. Summary: inotify_init() is better to be replaced by inotify_init1() with IN_CLOEXEC flag to avoid file descriptor leakage. Differential Revision: https://reviews.llvm.org/D35370 llvm-svn: 310861 2017-08-15 01:25:41 +08:00			`#include "CloexecInotifyInitCheck.h"`
[clang-tidy] Fix for buildbot. Summary: Fix an issue for windows. Differential Revision: https://reviews.llvm.org/D35372 llvm-svn: 310669 2017-08-11 06:09:22 +08:00			`#include "CloexecMemfdCreateCheck.h"`
[clang-tidy] Rename android-file-open-flag and fix a bug Summary: 1. Rename android-file-open-flag to android-cloexec-open. 2. Handle a case when the function is passed as an argument of a function-like macro. Reviewers: chh Reviewed By: chh Subscribers: srhines, mgorny, JDevlieghere, xazax.hun, cfe-commits Tags: #clang-tools-extra Differential Revision: https://reviews.llvm.org/D34633 llvm-svn: 306728 2017-06-30 03:13:29 +08:00			`#include "CloexecOpenCheck.h"`
android: add a close-on-exec check on pipe2() On Android, pipe2() is better to set O_CLOEXEC flag to avoid file descriptor leakage. Patch by Jian Cai! Differential Revision: https://reviews.llvm.org/D62049 llvm-svn: 362672 2019-06-06 13:21:39 +08:00			`#include "CloexecPipe2Check.h"`
[clang-tidy] Applied clang-tidy fixes. NFC Applied fixes enabled by the LLVM's .clang-tidy configs. Reverted files where fixes introduced compile errors: clang-tools-extra/clang-tidy/hicpp/NoAssemblerCheck.cpp clang-tools-extra/clang-tidy/misc/ThrowByValueCatchByReferenceCheck.cpp $ clang-tools-extra/clang-tidy/tool/run-clang-tidy.py -fix clang-tools-extra/clang-tidy/ Enabled checks: llvm-else-after-return llvm-header-guard llvm-include-order llvm-namespace-comment llvm-prefer-isa-or-dyn-cast-in-conditionals llvm-prefer-register-over-unsigned llvm-qualified-auto llvm-twine-local misc-definitions-in-headers misc-misplaced-const misc-new-delete-overloads misc-no-recursion misc-non-copyable-objects misc-redundant-expression misc-static-assert misc-throw-by-value-catch-by-reference misc-unconventional-assign-operator misc-uniqueptr-reset-release misc-unused-alias-decls misc-unused-using-decls readability-identifier-naming Reviewed By: aaron.ballman Differential Revision: https://reviews.llvm.org/D95614 2021-01-29 07:49:53 +08:00			`#include "CloexecPipeCheck.h"`
[clang-tidy] Add a new Android check "android-cloexec-socket" Summary: socket() is better to include SOCK_CLOEXEC in its type argument to avoid the file descriptor leakage. Reviewers: chh, Eugene.Zelenko, alexfh, hokein, aaron.ballman Reviewed By: chh, alexfh Subscribers: srhines, mgorny, JDevlieghere, xazax.hun, cfe-commits Tags: #clang-tools-extra Differential Revision: https://reviews.llvm.org/D34913 llvm-svn: 307818 2017-07-13 01:43:36 +08:00			`#include "CloexecSocketCheck.h"`
[clang-tidy] Add a `android-comparison-in-temp-failure-retry` check This check attempts to catch buggy uses of the `TEMP_FAILURE_RETRY` macro, which is provided by both Bionic and glibc. Differential Revision: https://reviews.llvm.org/D45059 llvm-svn: 329759 2018-04-11 05:22:22 +08:00			`#include "ComparisonInTempFailureRetryCheck.h"`
[clang-tidy][Part1] Add a new module Android and three new checks. Summary: A common source of security bugs is code that opens a file descriptors without using the O_CLOEXEC flag. (Without that flag, an opened sensitive file would remain open across a fork+exec to a lower-privileged SELinux domain, leaking that sensitive data.). Add a new Android module and one checks in clang-tidy. -- open(), openat(), and open64() should include O_CLOEXEC in their flags argument. [android-file-open-flag] Links to part2 and part3: https://reviews.llvm.org/D33745 https://reviews.llvm.org/D33747 Reviewers: chh, alexfh, aaron.ballman, hokein Reviewed By: alexfh, hokein Subscribers: jbcoe, joerg, malcolm.parsons, Eugene.Zelenko, srhines, mgorny, xazax.hun, cfe-commits, krytarowski Tags: #clang-tools-extra Differential Revision: https://reviews.llvm.org/D33304 llvm-svn: 306165 2017-06-24 05:37:29 +08:00
			`using namespace clang::ast_matchers;`

			`namespace clang {`
			`namespace tidy {`
			`namespace android {`

			`/// This module is for Android specific checks.`
			`class AndroidModule : public ClangTidyModule {`
			`public:`
			`void addCheckFactories(ClangTidyCheckFactories &CheckFactories) override {`
[clang-tidy] Add a close-on-exec check on accept4() in Android module. Summary: accept4() is better to set SOCK_CLOEXEC flag to avoid file descriptor leakage. Differential Revision: https://reviews.llvm.org/D35363 llvm-svn: 311027 2017-08-17 01:46:18 +08:00			`CheckFactories.registerCheck<CloexecAccept4Check>("android-cloexec-accept4");`
[clang-tidy] Add a close-on-exec check on accept() in Android module. Summary: accept() is better to be replaced by accept4() with SOCK_CLOEXEC flag to avoid file descriptor leakage. Differential Revision: https://reviews.llvm.org/D35362 llvm-svn: 311024 2017-08-17 01:18:16 +08:00			`CheckFactories.registerCheck<CloexecAcceptCheck>("android-cloexec-accept");`
[clang-tidy][Part2] Add a new module Android and three new checks Summary: -- creat() should be replaced by open(). [android-creat-usage] Reviewers: chh, alexfh, aaron.ballman, hokein Reviewed By: hokein Subscribers: JDevlieghere, srhines, mgorny, xazax.hun Tags: #clang-tools-extra Differential Revision: https://reviews.llvm.org/D33745 llvm-svn: 306708 2017-06-30 01:40:57 +08:00			`CheckFactories.registerCheck<CloexecCreatCheck>("android-cloexec-creat");`
[Clang-tidy] Alphabetical sort of files/checks. Add space after clang-tidy in source code headers. llvm-svn: 342601 2018-09-20 08:02:55 +08:00			`CheckFactories.registerCheck<CloexecDupCheck>("android-cloexec-dup");`
[clang-tidy] Add a close-on-exec check on epoll_create1() in Android module. Summary: epoll_create1() is better to set EPOLL_CLOEXEC flag to avoid file descriptor leakage. Differential Revision: https://reviews.llvm.org/D35365 llvm-svn: 311028 2017-08-17 01:53:12 +08:00			`CheckFactories.registerCheck<CloexecEpollCreate1Check>(`
			`"android-cloexec-epoll-create1");`
[clang-tidy] Add a close-on-exec check on epoll_create() in Android module. Summary: epoll_create() is better to be replaced by epoll_create1() with EPOLL_CLOEXEC flag to avoid file descriptor leakage. Differential Revision: https://reviews.llvm.org/D35367 llvm-svn: 311029 2017-08-17 02:02:49 +08:00			`CheckFactories.registerCheck<CloexecEpollCreateCheck>(`
			`"android-cloexec-epoll-create");`
[clang-tidy][Part3] Add a new module Android and three new checks. Summary: -- fopen() should include "e" in their mode string. [android-fopen-mode] Reviewers: chh, alexfh, aaron.ballman, hokein Reviewed By: hokein Subscribers: JDevlieghere, srhines, mgorny, xazax.hun Tags: #clang-tools-extra Differential Revision: https://reviews.llvm.org/D33747 llvm-svn: 306709 2017-06-30 01:42:23 +08:00			`CheckFactories.registerCheck<CloexecFopenCheck>("android-cloexec-fopen");`
[clang-tidy] Add a close-on-exec check on inotify_init1() in Android module. Summary: inotify_init1() is better to set IN_CLOEXEC flag to avoid file descriptor leakage. Differential Revision: https://reviews.llvm.org/D35368 llvm-svn: 310863 2017-08-15 01:45:48 +08:00			`CheckFactories.registerCheck<CloexecInotifyInit1Check>(`
			`"android-cloexec-inotify-init1");`
[Clang-tidy] Alphabetical sort of files/checks. Add space after clang-tidy in source code headers. llvm-svn: 342601 2018-09-20 08:02:55 +08:00			`CheckFactories.registerCheck<CloexecInotifyInitCheck>(`
			`"android-cloexec-inotify-init");`
[clang-tidy] Fix for buildbot. Summary: Fix an issue for windows. Differential Revision: https://reviews.llvm.org/D35372 llvm-svn: 310669 2017-08-11 06:09:22 +08:00			`CheckFactories.registerCheck<CloexecMemfdCreateCheck>(`
			`"android-cloexec-memfd-create");`
[clang-tidy] Rename android-file-open-flag and fix a bug Summary: 1. Rename android-file-open-flag to android-cloexec-open. 2. Handle a case when the function is passed as an argument of a function-like macro. Reviewers: chh Reviewed By: chh Subscribers: srhines, mgorny, JDevlieghere, xazax.hun, cfe-commits Tags: #clang-tools-extra Differential Revision: https://reviews.llvm.org/D34633 llvm-svn: 306728 2017-06-30 03:13:29 +08:00			`CheckFactories.registerCheck<CloexecOpenCheck>("android-cloexec-open");`
android: add a close-on-exec check on pipe() On Android, pipe() is better to be replaced by pipe2() with O_CLOEXEC flag to avoid file descriptor leakage. Patch by Jian Cai! Differential Revision: https://reviews.llvm.org/D61967 llvm-svn: 362673 2019-06-06 13:21:45 +08:00			`CheckFactories.registerCheck<CloexecPipeCheck>("android-cloexec-pipe");`
android: add a close-on-exec check on pipe2() On Android, pipe2() is better to set O_CLOEXEC flag to avoid file descriptor leakage. Patch by Jian Cai! Differential Revision: https://reviews.llvm.org/D62049 llvm-svn: 362672 2019-06-06 13:21:39 +08:00			`CheckFactories.registerCheck<CloexecPipe2Check>("android-cloexec-pipe2");`
[clang-tidy] Add a new Android check "android-cloexec-socket" Summary: socket() is better to include SOCK_CLOEXEC in its type argument to avoid the file descriptor leakage. Reviewers: chh, Eugene.Zelenko, alexfh, hokein, aaron.ballman Reviewed By: chh, alexfh Subscribers: srhines, mgorny, JDevlieghere, xazax.hun, cfe-commits Tags: #clang-tools-extra Differential Revision: https://reviews.llvm.org/D34913 llvm-svn: 307818 2017-07-13 01:43:36 +08:00			`CheckFactories.registerCheck<CloexecSocketCheck>("android-cloexec-socket");`
[clang-tidy] Add a `android-comparison-in-temp-failure-retry` check This check attempts to catch buggy uses of the `TEMP_FAILURE_RETRY` macro, which is provided by both Bionic and glibc. Differential Revision: https://reviews.llvm.org/D45059 llvm-svn: 329759 2018-04-11 05:22:22 +08:00			`CheckFactories.registerCheck<ComparisonInTempFailureRetryCheck>(`
			`"android-comparison-in-temp-failure-retry");`
[clang-tidy][Part1] Add a new module Android and three new checks. Summary: A common source of security bugs is code that opens a file descriptors without using the O_CLOEXEC flag. (Without that flag, an opened sensitive file would remain open across a fork+exec to a lower-privileged SELinux domain, leaking that sensitive data.). Add a new Android module and one checks in clang-tidy. -- open(), openat(), and open64() should include O_CLOEXEC in their flags argument. [android-file-open-flag] Links to part2 and part3: https://reviews.llvm.org/D33745 https://reviews.llvm.org/D33747 Reviewers: chh, alexfh, aaron.ballman, hokein Reviewed By: alexfh, hokein Subscribers: jbcoe, joerg, malcolm.parsons, Eugene.Zelenko, srhines, mgorny, xazax.hun, cfe-commits, krytarowski Tags: #clang-tools-extra Differential Revision: https://reviews.llvm.org/D33304 llvm-svn: 306165 2017-06-24 05:37:29 +08:00			`}`
			`};`

			`// Register the AndroidTidyModule using this statically initialized variable.`
			`static ClangTidyModuleRegistry::Add<AndroidModule>`
			`X("android-module", "Adds Android platform checks.");`

			`} // namespace android`

			`// This anchor is used to force the linker to link in the generated object file`
			`// and thus register the AndroidModule.`
			`volatile int AndroidModuleAnchorSource = 0;`

			`} // namespace tidy`
			`} // namespace clang`