clang-tools-extra/clang-tidy/cert/CommandProcessorCheck.cpp

   1 //===-- CommandProcessorCheck.cpp - clang-tidy ----------------------------===//
   2 //
   3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
   4 // See https://llvm.org/LICENSE.txt for license information.
   5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
   6 //
   7 //===----------------------------------------------------------------------===//
   8
   9 #include "CommandProcessorCheck.h"
  10 #include "clang/AST/ASTContext.h"
  11 #include "clang/ASTMatchers/ASTMatchFinder.h"
  12
  13 using namespace clang::ast_matchers;
  14
  15 namespace clang::tidy::cert {
  16
  17 void CommandProcessorCheck::registerMatchers(MatchFinder *Finder) {
  18   Finder->addMatcher(
  19       callExpr(
  20           callee(functionDecl(hasAnyName("::system", "::popen", "::_popen"))
  21                      .bind("func")),
  22           // Do not diagnose when the call expression passes a null pointer
  23           // constant to system(); that only checks for the presence of a
  24           // command processor, which is not a security risk by itself.
  25           unless(callExpr(callee(functionDecl(hasName("::system"))),
  26                           argumentCountIs(1),
  27                           hasArgument(0, nullPointerConstant()))))
  28           .bind("expr"),
  29       this);
  30 }
  31
  32 void CommandProcessorCheck::check(const MatchFinder::MatchResult &Result) {
  33   const auto *Fn = Result.Nodes.getNodeAs<FunctionDecl>("func");
  34   const auto *E = Result.Nodes.getNodeAs<CallExpr>("expr");
  35
  36   diag(E->getExprLoc(), "calling %0 uses a command processor") << Fn;
  37 }
  38
  39 } // namespace clang::tidy::cert