20 using namespace clang;
22 using namespace taint;
25 class TaintTesterChecker :
public Checker< check::PostStmt<Expr> > {
27 mutable std::unique_ptr<BugType> BT;
28 void initBugType()
const;
32 SymbolRef getPointedToSymbol(CheckerContext &C,
34 bool IssueWarning =
true)
const;
37 void checkPostStmt(
const Expr *E, CheckerContext &C)
const;
41 inline void TaintTesterChecker::initBugType()
const {
43 BT.reset(
new BugType(
this,
"Tainted data",
"General"));
46 void TaintTesterChecker::checkPostStmt(
const Expr *E,
47 CheckerContext &C)
const {
52 if (
isTainted(State, E, C.getLocationContext())) {
53 if (ExplodedNode *N = C.generateNonFatalErrorNode()) {
55 auto report = llvm::make_unique<BugReport>(*BT,
"tainted",N);
57 C.emitReport(std::move(report));
62 void ento::registerTaintTesterChecker(CheckerManager &mgr) {
63 mgr.registerChecker<TaintTesterChecker>();
66 bool ento::shouldRegisterTaintTesterChecker(
const LangOptions &LO) {
const SymExpr * SymbolRef
IntrusiveRefCntPtr< const ProgramState > ProgramStateRef
Keeps track of the various options that can be enabled, which controls the dialect of C or C++ that i...
This represents one expression.
bool isTainted(ProgramStateRef State, const Stmt *S, const LocationContext *LCtx, TaintTagType Kind=TaintTagGeneric)
Check if the statement has a tainted value in the given state.
Dataflow Directional Tag Classes.
SourceRange getSourceRange() const LLVM_READONLY
SourceLocation tokens are not useful in isolation - they are low level value objects created/interpre...