Adding some documentation changes that were missed in r336301.

llvm-svn: 336302
2018-07-05 01:35:49 +00:00 · 2018-07-05 01:35:49 +00:00 · c34426f026
parent 5bee05c57b
commit c34426f026
2 changed files with 42 additions and 0 deletions
--- a/clang-tools-extra/docs/clang-tidy/checks/cert-msc51-cpp.rst
+++ b/clang-tools-extra/docs/clang-tidy/checks/cert-msc51-cpp.rst
@ -0,0 +1,40 @@
+.. title:: clang-tidy - cert-msc51-cpp
+
+cert-msc51-cpp
+==============
+
+This check flags all pseudo-random number engines, engine adaptor
+instantiations and ``srand()`` when initialized or seeded with default argument,
+constant expression or any user-configurable type. Pseudo-random number
+engines seeded with a predictable value may cause vulnerabilities e.g. in
+security protocols.
+This is a CERT security rule, see
+`MSC51-CPP. Ensure your random number generator is properly seeded
+<https://wiki.sei.cmu.edu/confluence/display/cplusplus/MSC51-CPP.+Ensure+your+random+number+generator+is+properly+seeded>`_ and
+`MSC32-C. Properly seed pseudorandom number generators
+<https://wiki.sei.cmu.edu/confluence/display/c/MSC32-C.+Properly+seed+pseudorandom+number+generators>`_.
+
+Examples:
+
+.. code-block:: c++
+
+  void foo() {
+    std::mt19937 engine1; // Diagnose, always generate the same sequence
+    std::mt19937 engine2(1); // Diagnose
+    engine1.seed(); // Diagnose
+    engine2.seed(1); // Diagnose
+    
+    std::time_t t;
+    engine1.seed(std::time(&t)); // Diagnose, system time might be controlled by user
+
+    int x = atoi(argv[1]);
+    std::mt19937 engine3(x);  // Will not warn
+  }
+
+Options
+-------
+
+.. option:: DisallowedSeedTypes
+
+   A comma-separated list of the type names which are disallowed.
+   Default values are ``time_t``, ``std::time_t``.
--- a/clang-tools-extra/docs/clang-tidy/checks/list.rst
+++ b/clang-tools-extra/docs/clang-tidy/checks/list.rst
@ -73,7 +73,9 @@ Clang-Tidy Checks
   cert-fio38-c (redirects to misc-non-copyable-objects) <cert-fio38-c>
   cert-flp30-c
   cert-msc30-c (redirects to cert-msc50-cpp) <cert-msc30-c>
+   cert-msc32-c (redirects to cert-msc51-cpp) <cert-msc32-c>
   cert-msc50-cpp
+   cert-msc51-cpp
   cert-oop11-cpp (redirects to performance-move-constructor-init) <cert-oop11-cpp>
   cppcoreguidelines-avoid-goto
   cppcoreguidelines-c-copy-assignment-signature (redirects to misc-unconventional-assign-operator) <cppcoreguidelines-c-copy-assignment-signature>