| 6bcf27bb9a4b5c3f79cb44c0e4654a6d7619ad89 |
|
29-May-2014 |
Stephen Hines <srhines@google.com> |
Update Clang for 3.5 rebase (r209713).
Change-Id: I8c9133b0f8f776dc915f270b60f94962e771bc83
/external/clang/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp
|
| 651f13cea278ec967336033dd032faef0e9fc2ec |
|
24-Apr-2014 |
Stephen Hines <srhines@google.com> |
Updated to Clang 3.5a.
Change-Id: I8127eb568f674c2e72635b639a3295381fe8af82
/external/clang/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp
|
| caa5ab264ddea332e8423af1ebcea50d0cb37206 |
|
03-Sep-2013 |
Aaron Ballman <aaron@aaronballman.com> |
Switched FormatAttr to using an IdentifierArgument instead of a StringArgument since that is a more accurate modeling.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@189851 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp
|
| dc84cd5efdd3430efb22546b4ac656aa0540b210 |
|
20-Feb-2013 |
David Blaikie <dblaikie@gmail.com> |
Include llvm::Optional in clang/Basic/LLVM.h
Post-commit CR feedback from Jordan Rose regarding r175594.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175679 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp
|
| 5251abea41b446c26e3239c8dd6c7edea6fc335d |
|
20-Feb-2013 |
David Blaikie <dblaikie@gmail.com> |
Replace SVal llvm::cast support to be well-defined.
See r175462 for another example/more details.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@175594 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp
|
| cfa88f893915ceb8ae4ce2f17c46c24a4d67502f |
|
12-Jan-2013 |
Dmitri Gribenko <gribozavr@gmail.com> |
Remove useless 'llvm::' qualifier from names like StringRef and others that are
brought into 'clang' namespace by clang/Basic/LLVM.h
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@172323 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp
|
| 55fc873017f10f6f566b182b70f6fc22aefa3464 |
|
04-Dec-2012 |
Chandler Carruth <chandlerc@gmail.com> |
Sort all of Clang's files under 'lib', and fix up the broken headers
uncovered.
This required manually correcting all of the incorrect main-module
headers I could find, and running the new llvm/utils/sort_includes.py
script over the files.
I also manually added quite a few missing headers that were uncovered by
shuffling the order or moving headers up to be main-module-headers.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@169237 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp
|
| 2fa67efeaf66a9332c30a026dc1c21bef6c33a6c |
|
01-Dec-2012 |
Benjamin Kramer <benny.kra@googlemail.com> |
Pull the Attr iteration parts out of Attr.h, so including DeclBase.h doesn't pull in all the generated Attr code.
Required to pull some functions out of line, but this shouldn't have a perf impact.
No functionality change.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@169092 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp
|
| 166d502d5367ceacd1313a33cac43b1048b8524d |
|
02-Nov-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Use nice macros for the common ProgramStateTraits (map, set, list).
Also, move the REGISTER_*_WITH_PROGRAMSTATE macros to ProgramStateTrait.h.
This doesn't get rid of /all/ explicit uses of ProgramStatePartialTrait,
but it does get a lot of them.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@167276 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp
|
| 785950e59424dca7ce0081bebf13c0acd2c4fff6 |
|
02-Nov-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Rename 'EmitReport' to 'emitReport'.
No functionality change.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@167275 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp
|
| 7373ead8719ceedd21c108419159ea74b02b2461 |
|
18-Jul-2012 |
Benjamin Kramer <benny.kra@googlemail.com> |
Remove trivial destructor from SVal.
This enables the faster SmallVector in clang and also allows clang's unused
variable warnings to be more effective. Fix the two instances that popped up.
The RetainCountChecker change actually changes functionality, it would be nice
if someone from the StaticAnalyzer folks could look at it.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160444 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp
|
| 5ef6e94b294cc47750d8ab220858a36726caba59 |
|
11-Jul-2012 |
Jordan Rose <jordan_rose@apple.com> |
[analyzer] Guard against C++ member functions that look like system functions.
C++ method calls and C function calls both appear as CallExprs in the AST.
This was causing crashes for an object that had a 'free' method.
<rdar://problem/11822244>
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@160029 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp
|
| 48d798ce32447607144db70a484cdb99c1180663 |
|
02-Jun-2012 |
Benjamin Kramer <benny.kra@googlemail.com> |
Fix typos found by http://github.com/lyda/misspell-check
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@157886 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp
|
| 259052d8c819d101f6f627f960f56e582ecbcebc |
|
11-Apr-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Don't crash even when the system functions are redefined.
(Applied changes to CStringAPI, Malloc, and Taint.)
This might almost never happen, but we should not crash even if it does.
This fixes a crash on the internal analyzer buildbot, where postgresql's
configure was redefining memmove (radar://11219852).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@154451 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp
|
| 5fdadf4b643dd2f7a467244946dc1587b2f9ed1f |
|
22-Feb-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Change naming in bug reports "tainted" -> "untrusted"
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@151120 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp
|
| 6f42b62b6194f53bcbc349f5d17388e1936535d7 |
|
05-Feb-2012 |
Dylan Noblesmith <nobled@dreamwidth.org> |
Basic: import OwningPtr<> into clang namespace
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149798 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp
|
| 8bef8238181a30e52dea380789a7e2d760eac532 |
|
26-Jan-2012 |
Ted Kremenek <kremenek@apple.com> |
Change references to 'const ProgramState *' to typedef 'ProgramStateRef'.
At this point this is largely cosmetic, but it opens the door to replace
ProgramStateRef with a smart pointer that more eagerly acts in the role
of reclaiming unused ProgramState objects.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@149081 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp
|
| b9ac30cf9ec001fd0d63ffc44289a333a21e691d |
|
24-Jan-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Add more C taint sources/sinks.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148844 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp
|
| 665b00265858a47f3ccd80b2f27b250c54f5fd5d |
|
21-Jan-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] It's possible to have a non PointerType expression evaluate to a Loc value. When this happens, use the default type.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148631 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp
|
| 3026348bd4c13a0f83b59839f64065e0fcbea253 |
|
20-Jan-2012 |
David Blaikie <dblaikie@gmail.com> |
More dead code removal (using -Wunreachable-code)
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148577 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp
|
| 2bf8fd84087231fd92dfdebe18895e01a6ae405c |
|
20-Jan-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Add socket API as a source of taint.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148518 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp
|
| 7cdfe298ae49e381f6d78fc93855c372e5173dd0 |
|
18-Jan-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Refactor: prePropagateTaint ->
TaintPropagationRule::process().
Also remove the "should be a pointer argument" warning - should be
handled elsewhere.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148372 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp
|
| 4e46221e38b7d434fbecb1cd56b259437206d246 |
|
18-Jan-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Taint: warn when tainted data is used to specify a buffer
size (Ex: in malloc, memcpy, strncpy..)
(Maybe some of this could migrate to the CString checker. One issue
with that is that we might want to separate security issues from
regular API misuse.)
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148371 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp
|
| 9b0c749a20d0f7d0e63441d76baa15def3f37fdb |
|
18-Jan-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Taint: add taint propagation rules for string and memory copy
functions.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148370 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp
|
| 022b3f4490bbdcde7b3f18ce0498f9a73b6cbf53 |
|
17-Jan-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Taint: generalize taint propagation to simplify adding more
taint propagation functions.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148266 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp
|
| 8568ee743406ac4bb23c9768a0dffd627fdbc579 |
|
14-Jan-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Taint: add system and popen as undesirable sinks for taint
data.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148176 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp
|
| 71d29095d27e94b00083259c06a45f5294501697 |
|
13-Jan-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Taint: when looking up a binding, provide the type.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148080 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp
|
| 1fb826a6fd893234f32b0b91bb92ea4d127788ad |
|
12-Jan-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Add taint transfer by strcpy & others (part 1).
To simplify the process:
Refactor taint generation checker to simplify passing the
information on which arguments need to be tainted from pre to post
visit.
Todo: We need to factor out the code that sema is using to identify the
string and memcpy functions and use it here and in the CString checker.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@148010 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp
|
| 2215eef02c3ac84c3189e5ac694326038226b467 |
|
07-Jan-2012 |
Rafael Espindola <rafael.espindola@gmail.com> |
Remove unused variable.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@147744 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp
|
| 9f03b62036a7abc0a227b17f4a49b9eefced9450 |
|
07-Jan-2012 |
Anna Zaks <ganna@apple.com> |
[analyzer] Add basic format string vulnerability checking.
We already have a more conservative check in the compiler (if the
format string is not a literal, we warn). Still adding it here for
completeness and since this check is stronger - only triggered if the
format string is tainted.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@147714 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp
|
| 5eca482fe895ea57bc82410222e6426c09e63284 |
|
06-Jan-2012 |
Ted Kremenek <kremenek@apple.com> |
[analyzer] Make the entries in 'Environment' context-sensitive by making entries map from
(Stmt*,LocationContext*) pairs to SVals instead of Stmt* to SVals.
This is needed to support basic IPA via inlining. Without this, we cannot tell
if a Stmt* binding is part of the current analysis scope (StackFrameContext) or
part of a parent context.
This change introduces an uglification of the use of getSVal(), and thus takes
two steps forward and one step back. There are also potential performance implications
of enlarging the Environment. Both can be addressed going forward by refactoring the
APIs and optimizing the internal representation of Environment. This patch
mainly introduces the functionality upon when we want to build upon (and clean up).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@147688 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp
|
| 9ffbe243cca46082b4a59b5c3be454ab0c455378 |
|
17-Dec-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Add support for taint flowing through a function (atoi).
Check if the input parameters are tainted (or point to tainted data) on
a checkPreStmt<CallExpr>. If the output should be tainted, record it in
the state. On post visit (checkPostStmt<CallExpr>), use the state to
make decisions (in addition to the existing logic). Use this logic for
atoi and fscanf.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@146793 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp
|
| d3d8548e75f3fb6db53ed0927c1df30d78f4ce1d |
|
16-Dec-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Better stdin support.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@146748 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp
|
| efd6989f4644c8460854606e085fc69535054058 |
|
14-Dec-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Treat stdin as a source of taint.
Some of the test cases do not currently work because the analyzer core
does not seem to call checkers for pre/post DeclRefExpr visits.
(Opened radar://10573500. To be fixed later on.)
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@146536 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp
|
| 1009ac715501a4fa1951d94722dcbe6ab30068f8 |
|
14-Dec-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Mark output of fscanf and fopen as tainted.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@146533 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp
|
| e55a22b917327651178ddea36b3615f579681eea |
|
14-Dec-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Mark getenv output as tainted.
Also, allow adding taint to a region (not only a symbolic value).
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@146532 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp
|
| e3d250e488241cbfe71a592df4d07d03ad89434a |
|
11-Dec-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] CStringChecker should not rely on the analyzer generating UndefOrUnknown value when it cannot reason about the expression.
We are now often generating expressions even if the solver is not known to be able to simplify it. This is another cleanup of the existing code, where the rest of the analyzer and checkers should not base their logic on knowing ahead of the time what the solver can reason about.
In this case, CStringChecker is performing a check for overflow of 'left+right' operation. The overflow can be checked with either 'maxVal-left' or 'maxVal-right'. Previously, the decision was based on whether the expresion evaluated to undef or not. With this patch, we check if one of the arguments is a constant, in which case we know that 'maxVal-const' is easily simplified. (Another option is to use canReasonAbout() method of the solver here, however, it's currently is protected.)
This patch also contains 2 small bug fixes:
- swap the order of operators inside SValBuilder::makeGenericVal.
- handle a case when AddeVal is unknown in GenericTaintChecker::getPointedToSymbol.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@146343 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp
|
| 8f4caf5fec2de9b18f9c5fc69696d9f6cf66bcc5 |
|
18-Nov-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Warn when non pointer arguments are passed to scanf (only when running taint checker).
There is an open radar to implement better scanf checking as a Sema warning. However, a bit of redundancy is fine in this case.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@144964 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp
|
| df18c5ae6c48d3b56f7f9550875c53dc46eb8d78 |
|
16-Nov-2011 |
Anna Zaks <ganna@apple.com> |
[analyzer] Adding generic taint checker.
The checker is responsible for defining attack surface and adding taint to symbols.
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@144825 91177308-0d34-0410-b5e6-96231b3b80d8
/external/clang/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp
|