diff options
| -rw-r--r-- | lib/StaticAnalyzer/Checkers/MacOSKeychainAPIChecker.cpp | 5 | ||||
| -rw-r--r-- | test/Analysis/keychainAPI.m | 11 |
2 files changed, 16 insertions, 0 deletions
diff --git a/lib/StaticAnalyzer/Checkers/MacOSKeychainAPIChecker.cpp b/lib/StaticAnalyzer/Checkers/MacOSKeychainAPIChecker.cpp index d955f4bdb5..1663252cdd 100644 --- a/lib/StaticAnalyzer/Checkers/MacOSKeychainAPIChecker.cpp +++ b/lib/StaticAnalyzer/Checkers/MacOSKeychainAPIChecker.cpp @@ -349,6 +349,11 @@ void MacOSKeychainAPIChecker::checkPostStmt(const CallExpr *CE, return; const Expr *ArgExpr = CE->getArg(FunctionsToTrack[idx].Param); + // If the argument entered as an enclosing function parameter, skip it to + // avoid false positives. + if (isEnclosingFunctionParam(ArgExpr)) + return; + if (SymbolRef V = getAsPointeeSymbol(ArgExpr, C)) { // If the argument points to something that's not a symbolic region, it // can be: diff --git a/test/Analysis/keychainAPI.m b/test/Analysis/keychainAPI.m index be9d74c31e..74834ab5d5 100644 --- a/test/Analysis/keychainAPI.m +++ b/test/Analysis/keychainAPI.m @@ -133,6 +133,17 @@ void* returnContent() { return outData; } // no-warning +// Password was passed in as an argument and does nt have to be deleted. +OSStatus getPasswordAndItem(void** password, UInt32* passwordLength) { + OSStatus err; + SecKeychainItemRef item; + err = SecKeychainFindGenericPassword(0, 3, "xx", + 3, "xx", + passwordLength, password, + &item); + return err; +} // no-warning + int apiMismatch(SecKeychainItemRef itemRef, SecKeychainAttributeInfo *info, SecItemClass *itemClass) { |