1 //== TaintTesterChecker.cpp ----------------------------------- -*- C++ -*--=//
3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4 // See https://llvm.org/LICENSE.txt for license information.
5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
7 //===----------------------------------------------------------------------===//
9 // This checker can be used for testing how taint data is propagated.
11 //===----------------------------------------------------------------------===//
13 #include "clang/StaticAnalyzer/Checkers/BuiltinCheckerRegistration.h"
14 #include "clang/StaticAnalyzer/Checkers/Taint.h"
15 #include "clang/StaticAnalyzer/Core/BugReporter/BugType.h"
16 #include "clang/StaticAnalyzer/Core/Checker.h"
17 #include "clang/StaticAnalyzer/Core/CheckerManager.h"
18 #include "clang/StaticAnalyzer/Core/PathSensitive/CheckerContext.h"
20 using namespace clang
;
22 using namespace taint
;
25 class TaintTesterChecker
: public Checker
<check::PostStmt
<Expr
>> {
26 std::unique_ptr
<BugType
> BT
=
27 std::make_unique
<BugType
>(this, "Tainted data", "General");
30 void checkPostStmt(const Expr
*E
, CheckerContext
&C
) const;
34 void TaintTesterChecker::checkPostStmt(const Expr
*E
,
35 CheckerContext
&C
) const {
36 ProgramStateRef State
= C
.getState();
40 if (isTainted(State
, E
, C
.getLocationContext())) {
41 if (ExplodedNode
*N
= C
.generateNonFatalErrorNode()) {
42 auto report
= std::make_unique
<PathSensitiveBugReport
>(*BT
, "tainted", N
);
43 report
->addRange(E
->getSourceRange());
44 C
.emitReport(std::move(report
));
49 void ento::registerTaintTesterChecker(CheckerManager
&mgr
) {
50 mgr
.registerChecker
<TaintTesterChecker
>();
53 bool ento::shouldRegisterTaintTesterChecker(const CheckerManager
&mgr
) {
