Commit Graph

1 Commits

Author SHA1 Message Date
Balazs Benics 859bcf4e3b [analyzer][taint] Add isTainted debug expression inspection check
Summary:
This patch introduces the `clang_analyzer_isTainted` expression inspection
check for checking taint.

Using this we could query the analyzer whether the expression used as the
argument is tainted or not. This would be useful in tests, where we don't want
to issue warning for all tainted expressions in a given file
(like the `debug.TaintTest` would do) but only for certain expressions.

Example usage:

```lang=c++
int read_integer() {
  int n;
  clang_analyzer_isTainted(n);     // expected-warning{{NO}}
  scanf("%d", &n);
  clang_analyzer_isTainted(n);     // expected-warning{{YES}}
  clang_analyzer_isTainted(n + 2); // expected-warning{{YES}}
  clang_analyzer_isTainted(n > 0); // expected-warning{{YES}}
  int next_tainted_value = n; // no-warning
  return n;
}
```

Reviewers: NoQ, Szelethus, baloghadamsoftware, xazax.hun, boga95

Reviewed By: Szelethus

Subscribers: martong, rnkovacs, whisperity, xazax.hun,
baloghadamsoftware, szepet, a.sidorin, mikhail.ramalho, donat.nagy,
Charusso, cfe-commits, boga95, dkrupp, cfe-commits

Tags: #clang

Differential Revision: https://reviews.llvm.org/D74131
2020-03-03 14:40:23 +01:00