| 1 | //===-- CommandProcessorCheck.cpp - clang-tidy ----------------------------===// |
|---|
| 2 | // |
|---|
| 3 | // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. |
|---|
| 4 | // See https://llvm.org/LICENSE.txt for license information. |
|---|
| 5 | // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception |
|---|
| 6 | // |
|---|
| 7 | //===----------------------------------------------------------------------===// |
|---|
| 8 | |
|---|
| 9 | #include "CommandProcessorCheck.h" |
|---|
| 10 | #include "clang/ASTMatchers/ASTMatchFinder.h" |
|---|
| 11 | |
|---|
| 12 | using namespace clang::ast_matchers; |
|---|
| 13 | |
|---|
| 14 | namespace clang::tidy::cert { |
|---|
| 15 | |
|---|
| 16 | void CommandProcessorCheck::registerMatchers(MatchFinder *Finder) { |
|---|
| 17 | Finder->addMatcher( |
|---|
| 18 | NodeMatch: callExpr( |
|---|
| 19 | callee(InnerMatcher: functionDecl(hasAnyName("::system" , "::popen" , "::_popen" )) |
|---|
| 20 | .bind(ID: "func" )), |
|---|
| 21 | // Do not diagnose when the call expression passes a null pointer |
|---|
| 22 | // constant to system(); that only checks for the presence of a |
|---|
| 23 | // command processor, which is not a security risk by itself. |
|---|
| 24 | unless(callExpr(callee(InnerMatcher: functionDecl(hasName(Name: "::system" ))), |
|---|
| 25 | argumentCountIs(N: 1), |
|---|
| 26 | hasArgument(N: 0, InnerMatcher: nullPointerConstant())))) |
|---|
| 27 | .bind(ID: "expr" ), |
|---|
| 28 | Action: this); |
|---|
| 29 | } |
|---|
| 30 | |
|---|
| 31 | void CommandProcessorCheck::check(const MatchFinder::MatchResult &Result) { |
|---|
| 32 | const auto *Fn = Result.Nodes.getNodeAs<FunctionDecl>(ID: "func" ); |
|---|
| 33 | const auto *E = Result.Nodes.getNodeAs<CallExpr>(ID: "expr" ); |
|---|
| 34 | |
|---|
| 35 | diag(E->getExprLoc(), "calling %0 uses a command processor" ) << Fn; |
|---|
| 36 | } |
|---|
| 37 | |
|---|
| 38 | } // namespace clang::tidy::cert |
|---|
| 39 | |
|---|
