Run DCE after a LoopFlatten test to reduce spurious output [nfc]
[llvm-project.git] / clang / test / Analysis / taint-generic.cpp
blobc907c8f5eeb958b3afb42417459401146db44c87
1 // RUN: %clang_analyze_cc1 -analyzer-checker=alpha.security.taint,core,alpha.security.ArrayBoundV2 -analyzer-config alpha.security.taint.TaintPropagation:Config=%S/Inputs/taint-generic-config.yaml -Wno-format-security -verify -std=c++11 %s
3 #define BUFSIZE 10
4 int Buffer[BUFSIZE];
6 int scanf(const char*, ...);
7 int mySource1();
8 int mySource3();
10 typedef struct _FILE FILE;
11 extern "C" {
12 extern FILE *stdin;
14 int fscanf(FILE *stream, const char *format, ...);
16 bool isOutOfRange2(const int*);
18 void mySink2(int);
20 // Test configuration
21 namespace myNamespace {
22 void scanf(const char*, ...);
23 void myScanf(const char*, ...);
24 int mySource3();
26 bool isOutOfRange(const int*);
27 bool isOutOfRange2(const int*);
29 void mySink(int, int, int);
30 void mySink2(int);
33 namespace myAnotherNamespace {
34 int mySource3();
36 bool isOutOfRange2(const int*);
38 void mySink2(int);
41 void testConfigurationNamespacePropagation1() {
42 int x;
43 // The built-in functions should be matched only for functions in
44 // the global namespace
45 myNamespace::scanf("%d", &x);
46 Buffer[x] = 1; // no-warning
48 scanf("%d", &x);
49 Buffer[x] = 1; // expected-warning {{Out of bound memory access }}
52 void testConfigurationNamespacePropagation2() {
53 int x = mySource3();
54 Buffer[x] = 1; // no-warning
56 int y = myNamespace::mySource3();
57 Buffer[y] = 1; // expected-warning {{Out of bound memory access }}
60 void testConfigurationNamespacePropagation3() {
61 int x = myAnotherNamespace::mySource3();
62 Buffer[x] = 1; // expected-warning {{Out of bound memory access }}
65 void testConfigurationNamespacePropagation4() {
66 int x;
67 // Configured functions without scope should match for all function.
68 myNamespace::myScanf("%d", &x);
69 Buffer[x] = 1; // expected-warning {{Out of bound memory access }}
72 void testConfigurationNamespaceFilter1() {
73 int x = mySource1();
74 if (myNamespace::isOutOfRange2(&x))
75 return;
76 Buffer[x] = 1; // no-warning
78 int y = mySource1();
79 if (isOutOfRange2(&y))
80 return;
81 Buffer[y] = 1; // expected-warning {{Out of bound memory access }}
84 void testConfigurationNamespaceFilter2() {
85 int x = mySource1();
86 if (myAnotherNamespace::isOutOfRange2(&x))
87 return;
88 Buffer[x] = 1; // no-warning
91 void testConfigurationNamespaceFilter3() {
92 int x = mySource1();
93 if (myNamespace::isOutOfRange(&x))
94 return;
95 Buffer[x] = 1; // no-warning
98 void testConfigurationNamespaceSink1() {
99 int x = mySource1();
100 mySink2(x); // no-warning
102 int y = mySource1();
103 myNamespace::mySink2(y);
104 // expected-warning@-1 {{Untrusted data is passed to a user-defined sink}}
107 void testConfigurationNamespaceSink2() {
108 int x = mySource1();
109 myAnotherNamespace::mySink2(x);
110 // expected-warning@-1 {{Untrusted data is passed to a user-defined sink}}
113 void testConfigurationNamespaceSink3() {
114 int x = mySource1();
115 myNamespace::mySink(x, 0, 1);
116 // expected-warning@-1 {{Untrusted data is passed to a user-defined sink}}
119 struct Foo {
120 void scanf(const char*, int*);
121 void myMemberScanf(const char*, int*);
124 void testConfigurationMemberFunc() {
125 int x;
126 Foo foo;
127 foo.scanf("%d", &x);
128 Buffer[x] = 1; // no-warning
130 foo.myMemberScanf("%d", &x);
131 Buffer[x] = 1; // expected-warning {{Out of bound memory access }}
134 void testReadingFromStdin(char **p) {
135 int n;
136 fscanf(stdin, "%d", &n);
137 Buffer[n] = 1; // expected-warning {{Out of bound memory access (index is tainted)}}