Commit Graph

9 Commits

Author SHA1 Message Date
Aaron Ballman 527a420550 Add a new check, cert-env33-c, that diagnoses uses of system(), popen(), and _popen() to execute a command processor. This check corresponds to the CERT secure coding rule: https://www.securecoding.cert.org/confluence/pages/viewpage.action?pageId=2130132
llvm-svn: 261530
2016-02-22 16:01:06 +00:00
Aaron Ballman 611d2e4ee6 Add a new check, cert-flp30-c, that diagnoses loop induction expressions of floating-point type. This check corresponds to the CERT secure coding rule: https://www.securecoding.cert.org/confluence/display/c/FLP30-C.+Do+not+use+floating-point+variables+as+loop+counters
llvm-svn: 261324
2016-02-19 14:03:20 +00:00
Aaron Ballman 1284f04aed Rename the CERT namespace to cert, and update some checkers to use this namespace consistently.
Patch thanks to Haojian Wu!

llvm-svn: 256756
2016-01-04 14:31:14 +00:00
Aaron Ballman 43aef4cb9b Add a new checker, cert-err58-cpp, that checks for static or thread_local objects that use a throwing constructor.
This check corresponds to the CERT secure coding rule: https://www.securecoding.cert.org/confluence/display/cplusplus/ERR58-CPP.+Constructors+of+objects+with+static+or+thread+storage+duration+must+not+throw+exceptions

llvm-svn: 254415
2015-12-01 14:05:39 +00:00
Aaron Ballman 5a786ddf4c Add a new clang-tidy checker that flags throw expressions whose thrown type is not nothrow copy constructible. While the compiler is free to elide copy constructor calls in some cases, it is under no obligation to do so, which makes the code a portability concern as well as a security concern.
This checker corresponds to the CERT secure coding rule: https://www.securecoding.cert.org/confluence/display/cplusplus/ERR60-CPP.+Exception+objects+must+be+nothrow+copy+constructible

llvm-svn: 253246
2015-11-16 19:17:43 +00:00
Aaron Ballman a742b84e5d Exposing an existing checker under the name cert-err61-cpp, as it corresponds to the CERT C++ secure coding rule: https://www.securecoding.cert.org/confluence/display/cplusplus/ERR61-CPP.+Catch+exceptions+by+lvalue+reference
llvm-svn: 250221
2015-10-13 20:42:41 +00:00
Aaron Ballman e4b1765a0f Adding a checker (cert-err52-cpp) that detects use of setjmp or longjmp in C++ code. Corresponds to the CERT C++ secure coding rule: https://www.securecoding.cert.org/confluence/pages/viewpage.action?pageId=1834
llvm-svn: 249727
2015-10-08 19:54:43 +00:00
Aaron Ballman 46bc30472b Adding a checker (cert-dcl50-cpp) that detects the definition of a C-style variadic function in C++ code. Corresponds to the CERT C++ secure coding rule: https://www.securecoding.cert.org/confluence/display/cplusplus/DCL50-CPP.+Do+not+define+a+C-style+variadic+function
llvm-svn: 249343
2015-10-05 20:08:59 +00:00
Aaron Ballman ea2f90c96b Adding a new clang-tidy module to house CERT-specific checkers, and map existing checkers to CERT secure coding rules and recommendations for both C (https://www.securecoding.cert.org/confluence/display/c/SEI+CERT+C+Coding+Standard) and C++ (https://www.securecoding.cert.org/confluence/pages/viewpage.action?pageId=637).
llvm-svn: 249130
2015-10-02 13:27:19 +00:00