diff options
| author | Anna Zaks <ganna@apple.com> | 2011-12-14 00:56:18 +0000 |
|---|---|---|
| committer | Anna Zaks <ganna@apple.com> | 2011-12-14 00:56:18 +0000 |
| commit | efd6989f4644c8460854606e085fc69535054058 (patch) | |
| tree | cdfefd4756583ef38abfd8a881269d890157851c /test/Analysis/taint-tester.c | |
| parent | 28fd98d66dab4569316de2b5881d91b534a42461 (diff) | |
[analyzer] Treat stdin as a source of taint.
Some of the test cases do not currently work because the analyzer core
does not seem to call checkers for pre/post DeclRefExpr visits.
(Opened radar://10573500. To be fixed later on.)
git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@146536 91177308-0d34-0410-b5e6-96231b3b80d8
Diffstat (limited to 'test/Analysis/taint-tester.c')
| -rw-r--r-- | test/Analysis/taint-tester.c | 29 |
1 files changed, 18 insertions, 11 deletions
diff --git a/test/Analysis/taint-tester.c b/test/Analysis/taint-tester.c index e4f39ff616..2908e60fe8 100644 --- a/test/Analysis/taint-tester.c +++ b/test/Analysis/taint-tester.c @@ -1,5 +1,7 @@ // RUN: %clang_cc1 -analyze -analyzer-checker=experimental.security.taint,debug.TaintTest -verify %s +#include <stdarg.h> + int scanf(const char *restrict format, ...); int getchar(void); @@ -84,14 +86,10 @@ void getenvTest(char *home) { } } -struct _IO_FILE { - unsigned fakeField1; - char fakeField2; -}; -typedef struct _IO_FILE FILE; -extern struct _IO_FILE *stdin; -extern struct _IO_FILE *stdout; -extern struct _IO_FILE *stderr; +typedef struct _FILE FILE; +extern FILE *stdin; +extern FILE *stdout; +extern FILE *stderr; int fscanf(FILE *restrict stream, const char *restrict format, ...); int fprintf(FILE *stream, const char *format, ...); int fclose(FILE *stream); @@ -102,13 +100,22 @@ int fscanfTest(void) { char s[80]; int t; + // Check if stdin is treated as tainted. + fscanf(stdin, "%s %d", s, &t); + // Note, here, s is not tainted, but the data s points to is tainted. + char *ts = s; + char tss = s[0]; // expected-warning 1 {{tainted}} + int tt = t; // expected-warning 1 {{tainted}} if((fp=fopen("test", "w")) == 0) // expected-warning 3 {{tainted}} return 1; - // TODO: Have to mark stdin as tainted. - fscanf(stdin, "%s%d", s, &t); - fprintf(fp, "%s %d", s, t); // expected-warning 1 {{tainted}} + fprintf(fp, "%s %d", s, t); // expected-warning 2 {{tainted}} fclose(fp); // expected-warning 1 {{tainted}} + // Check if we propagate taint from stdin when it's used in an assignment. + FILE *pfstd = stdin; + fscanf(pfstd, "%s %d", s, &t); // TODO: This should be tainted as well. + + // Test fscanf and fopen. if((fp=fopen("test","r")) == 0) // expected-warning 3 {{tainted}} return 1; fscanf(fp, "%s%d", s, &t); // expected-warning 1 {{tainted}} |