Skip to content

Commit f82fb06

Browse files
authored
[analyzer] Moving TaintPropagation checker out of alpha (#67352)
This commit moves the **alpha.security.taint.TaintPropagation** and **alpha.security.taint.GenericTaint** checkers to the **optin.taint** optional package. These checkers were stabilized and improved by recent commits thus they are ready for production use.
1 parent 28439a1 commit f82fb06

31 files changed

+305
-312
lines changed

clang/docs/analyzer/checkers.rst

Lines changed: 237 additions & 235 deletions
Large diffs are not rendered by default.

clang/docs/analyzer/user-docs/TaintAnalysisConfiguration.rst

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -4,10 +4,10 @@ Taint Analysis Configuration
44

55
The Clang Static Analyzer uses taint analysis to detect injection vulnerability related issues in code.
66
The backbone of taint analysis in the Clang SA is the ``TaintPropagation`` modeling checker.
7-
The reports are emitted via the :ref:`alpha-security-taint-GenericTaint` checker.
7+
The reports are emitted via the :ref:`optin-taint-GenericTaint` checker.
88
The ``TaintPropagation`` checker has a default taint-related configuration.
99
The built-in default settings are defined in code, and they are always in effect.
10-
The checker also provides a configuration interface for extending the default settings via the ``alpha.security.taint.TaintPropagation:Config`` checker config parameter
10+
The checker also provides a configuration interface for extending the default settings via the ``optin.taint.TaintPropagation:Config`` checker config parameter
1111
by providing a configuration file to the in `YAML <http://llvm.org/docs/YamlIO.html#introduction-to-yaml>`_ format.
1212
This documentation describes the syntax of the configuration file and gives the informal semantics of the configuration options.
1313

clang/include/clang/StaticAnalyzer/Checkers/Checkers.td

Lines changed: 18 additions & 25 deletions
Original file line numberDiff line numberDiff line change
@@ -74,7 +74,6 @@ def Performance : Package<"performance">, ParentPackage<OptIn>;
7474
def Security : Package <"security">;
7575
def InsecureAPI : Package<"insecureAPI">, ParentPackage<Security>;
7676
def SecurityAlpha : Package<"security">, ParentPackage<Alpha>;
77-
def Taint : Package<"taint">, ParentPackage<SecurityAlpha>;
7877

7978
def CERT : Package<"cert">, ParentPackage<Security>;
8079
def ENV : Package<"env">, ParentPackage<CERT>;
@@ -1049,30 +1048,6 @@ def ReturnPointerRangeChecker : Checker<"ReturnPtrRange">,
10491048

10501049
} // end "alpha.security"
10511050

1052-
//===----------------------------------------------------------------------===//
1053-
// Taint checkers.
1054-
//===----------------------------------------------------------------------===//
1055-
1056-
let ParentPackage = Taint in {
1057-
1058-
def TaintPropagationChecker : Checker<"TaintPropagation">, // Modelling checker
1059-
HelpText<"Generate taint information used by other checkers">,
1060-
CheckerOptions<[
1061-
CmdLineOption<String,
1062-
"Config",
1063-
"Specifies the name of the configuration file.",
1064-
"",
1065-
InAlpha>,
1066-
]>,
1067-
Documentation<NotDocumented>,
1068-
Hidden;
1069-
1070-
def GenericTaintChecker : Checker<"GenericTaint">,
1071-
HelpText<"Reports potential injection vulnerabilities">,
1072-
Dependencies<[TaintPropagationChecker]>,
1073-
Documentation<HasDocumentation>;
1074-
1075-
} // end "alpha.security.taint"
10761051

10771052
//===----------------------------------------------------------------------===//
10781053
// Mac OS X, Cocoa, and Core Foundation checkers.
@@ -1704,6 +1679,24 @@ def UnixAPIPortabilityChecker : Checker<"UnixAPI">,
17041679

17051680
let ParentPackage = TaintOptIn in {
17061681

1682+
def TaintPropagationChecker : Checker<"TaintPropagation">, // Modelling checker
1683+
HelpText<"Generate taint information used by other checkers">,
1684+
CheckerOptions<[
1685+
CmdLineOption<String,
1686+
"Config",
1687+
"Specifies the name of the configuration file.",
1688+
"",
1689+
Released>
1690+
]>,
1691+
Documentation<NotDocumented>,
1692+
Hidden;
1693+
1694+
def GenericTaintChecker : Checker<"GenericTaint">,
1695+
HelpText<"Reports potential injection vulnerabilities">,
1696+
Dependencies<[TaintPropagationChecker]>,
1697+
Documentation<HasDocumentation>;
1698+
1699+
17071700
def TaintedAllocChecker: Checker<"TaintedAlloc">,
17081701
HelpText<"Check for memory allocations, where the size parameter "
17091702
"might be a tainted (attacker controlled) value.">,

clang/test/Analysis/analyzer-config.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -9,7 +9,6 @@
99
// CHECK-NEXT: alpha.clone.CloneChecker:ReportNormalClones = true
1010
// CHECK-NEXT: alpha.cplusplus.STLAlgorithmModeling:AggressiveStdFindModeling = false
1111
// CHECK-NEXT: alpha.osx.cocoa.DirectIvarAssignment:AnnotatedFunctions = false
12-
// CHECK-NEXT: alpha.security.taint.TaintPropagation:Config = ""
1312
// CHECK-NEXT: apply-fixits = false
1413
// CHECK-NEXT: assume-controlled-environment = false
1514
// CHECK-NEXT: avoid-suppressing-null-argument-paths = false
@@ -111,6 +110,7 @@
111110
// CHECK-NEXT: optin.cplusplus.VirtualCall:ShowFixIts = false
112111
// CHECK-NEXT: optin.osx.cocoa.localizability.NonLocalizedStringChecker:AggressiveReport = false
113112
// CHECK-NEXT: optin.performance.Padding:AllowedPad = 24
113+
// CHECK-NEXT: optin.taint.TaintPropagation:Config = ""
114114
// CHECK-NEXT: osx.NumberObjectConversion:Pedantic = false
115115
// CHECK-NEXT: osx.cocoa.RetainCount:TrackNSCFStartParam = false
116116
// CHECK-NEXT: prune-paths = true

clang/test/Analysis/assume-controlled-environment.c

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,12 +1,12 @@
11
// RUN: %clang_analyze_cc1 -verify=untrusted-env %s \
22
// RUN: -analyzer-checker=core \
3-
// RUN: -analyzer-checker=alpha.security.taint \
3+
// RUN: -analyzer-checker=optin.taint \
44
// RUN: -analyzer-checker=debug.TaintTest
55

66
// RUN: %clang_analyze_cc1 -verify %s -DEXPECT_NO_WARNINGS \
77
// RUN: -analyzer-config assume-controlled-environment=true \
88
// RUN: -analyzer-checker=core \
9-
// RUN: -analyzer-checker=alpha.security.taint \
9+
// RUN: -analyzer-checker=optin.taint \
1010
// RUN: -analyzer-checker=debug.TaintTest
1111

1212

clang/test/Analysis/bool-assignment.c

Lines changed: 2 additions & 2 deletions
Original file line numberDiff line numberDiff line change
@@ -1,5 +1,5 @@
1-
// RUN: %clang_analyze_cc1 -analyzer-checker=core,alpha.core.BoolAssignment,alpha.security.taint -verify -std=c99 -Dbool=_Bool %s
2-
// RUN: %clang_analyze_cc1 -analyzer-checker=core,alpha.core.BoolAssignment,alpha.security.taint -verify -x c++ %s
1+
// RUN: %clang_analyze_cc1 -analyzer-checker=core,alpha.core.BoolAssignment,optin.taint -verify -std=c99 -Dbool=_Bool %s
2+
// RUN: %clang_analyze_cc1 -analyzer-checker=core,alpha.core.BoolAssignment,optin.taint -verify -x c++ %s
33

44
// Test C++'s bool and C's _Bool.
55
// FIXME: We stopped warning on these when SValBuilder got smarter about

clang/test/Analysis/cxx-method-names.cpp

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,4 +1,4 @@
1-
// RUN: %clang_analyze_cc1 -analyzer-checker=core,unix,osx,alpha.unix,alpha.security.taint -verify %s
1+
// RUN: %clang_analyze_cc1 -analyzer-checker=core,unix,osx,alpha.unix,optin.taint -verify %s
22
// expected-no-diagnostics
33

44
class Evil {

clang/test/Analysis/debug-exprinspection-istainted.c

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1,7 +1,7 @@
11
// RUN: %clang_analyze_cc1 -verify %s \
22
// RUN: -analyzer-checker=core \
33
// RUN: -analyzer-checker=debug.ExprInspection \
4-
// RUN: -analyzer-checker=alpha.security.taint
4+
// RUN: -analyzer-checker=optin.taint
55

66
int scanf(const char *restrict format, ...);
77
void clang_analyzer_isTainted(char);

clang/test/Analysis/diagnostics/Inputs/expected-sarif/sarif-diagnostics-taint-test.c.sarif

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@
44
{
55
"artifacts": [
66
{
7-
"length": 434,
7+
"length": 425,
88
"location": {
99
"index": 0,
1010
},

clang/test/Analysis/diagnostics/Inputs/expected-sarif/sarif-multi-diagnostic-test.c.sarif

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -4,7 +4,7 @@
44
{
55
"artifacts": [
66
{
7-
"length": 1081,
7+
"length": 1071,
88
"location": {
99
"index": 0,
1010
},

0 commit comments

Comments
 (0)