1 //===-- CommandProcessorCheck.cpp - clang-tidy ----------------------------===//
2 //
3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions.
4 // See https://llvm.org/LICENSE.txt for license information.
5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception
6 //
7 //===----------------------------------------------------------------------===//
8
9 #include "CommandProcessorCheck.h"
10 #include "clang/AST/ASTContext.h"
11 #include "clang/ASTMatchers/ASTMatchFinder.h"
12
13 using namespace clang::ast_matchers;
14
15 namespace clang {
16 namespace tidy {
17 namespace cert {
18
registerMatchers(MatchFinder * Finder)19 void CommandProcessorCheck::registerMatchers(MatchFinder *Finder) {
20 Finder->addMatcher(
21 callExpr(
22 callee(functionDecl(hasAnyName("::system", "::popen", "::_popen"))
23 .bind("func")),
24 // Do not diagnose when the call expression passes a null pointer
25 // constant to system(); that only checks for the presence of a
26 // command processor, which is not a security risk by itself.
27 unless(callExpr(callee(functionDecl(hasName("::system"))),
28 argumentCountIs(1),
29 hasArgument(0, nullPointerConstant()))))
30 .bind("expr"),
31 this);
32 }
33
check(const MatchFinder::MatchResult & Result)34 void CommandProcessorCheck::check(const MatchFinder::MatchResult &Result) {
35 const auto *Fn = Result.Nodes.getNodeAs<FunctionDecl>("func");
36 const auto *E = Result.Nodes.getNodeAs<CallExpr>("expr");
37
38 diag(E->getExprLoc(), "calling %0 uses a command processor") << Fn;
39 }
40
41 } // namespace cert
42 } // namespace tidy
43 } // namespace clang
44