[analyzer] Mark getenv output as tainted.

Also, allow adding taint to a region (not only a symbolic value).

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@146532 91177308-0d34-0410-b5e6-96231b3b80d8

1 files changed, 1 insertions, 0 deletions

diff --git a/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp b/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp
index 76405a2db2..dcf7694464 100644
--- a/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp
+++ b/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp
@@ -63,6 +63,7 @@ void GenericTaintChecker::checkPostStmt(const CallExpr *CE,
   FnCheck evalFunction = llvm::StringSwitch<FnCheck>(Name)
     .Case("scanf", &GenericTaintChecker::processScanf)
     .Case("getchar", &GenericTaintChecker::processRetTaint)
+    .Case("getenv", &GenericTaintChecker::processRetTaint)
     .Default(NULL);
 
   // If the callee isn't defined, it is not of security concern.