brintos

brintos / llvm-project-archived public Read only

0
0
Text · 1.5 KiB · a09c1a9 Raw
39 lines · cpp
1//===----------------------------------------------------------------------===//2//3// Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.4// See https://llvm.org/LICENSE.txt for license information.5// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception6//7//===----------------------------------------------------------------------===//8 9#include "CommandProcessorCheck.h"10#include "clang/ASTMatchers/ASTMatchFinder.h"11 12using namespace clang::ast_matchers;13 14namespace clang::tidy::bugprone {15 16void CommandProcessorCheck::registerMatchers(MatchFinder *Finder) {17  Finder->addMatcher(18      callExpr(19          callee(functionDecl(hasAnyName("::system", "::popen", "::_popen"))20                     .bind("func")),21          // Do not diagnose when the call expression passes a null pointer22          // constant to system(); that only checks for the presence of a23          // command processor, which is not a security risk by itself.24          unless(callExpr(callee(functionDecl(hasName("::system"))),25                          argumentCountIs(1),26                          hasArgument(0, nullPointerConstant()))))27          .bind("expr"),28      this);29}30 31void CommandProcessorCheck::check(const MatchFinder::MatchResult &Result) {32  const auto *Fn = Result.Nodes.getNodeAs<FunctionDecl>("func");33  const auto *E = Result.Nodes.getNodeAs<CallExpr>("expr");34 35  diag(E->getExprLoc(), "calling %0 uses a command processor") << Fn;36}37 38} // namespace clang::tidy::bugprone39