diff options
author | Aaron Ballman <aaron@aaronballman.com> | 2016-11-02 14:16:36 +0000 |
---|---|---|
committer | Aaron Ballman <aaron@aaronballman.com> | 2016-11-02 14:16:36 +0000 |
commit | 7b7f5caa6d17269c30054528a5d4d14775f8dd79 (patch) | |
tree | f0e92e0eebf250e5c8a20960998e3249e3119a4b /clang-tidy | |
parent | c9bdecfcf90ad53bbe054c5a0233b76e63c60fa8 (diff) |
Add a new clang-tidy check for cert-msc50-cpp (and cert-msc30-c) that corresponds to the CERT C++ secure coding rule: https://www.securecoding.cert.org/confluence/display/cplusplus/MSC50-CPP.+Do+not+use+std%3A%3Arand%28%29+for+generating+pseudorandom+numbers
Patch by Benedek Kiss
git-svn-id: https://llvm.org/svn/llvm-project/clang-tools-extra/trunk@285809 91177308-0d34-0410-b5e6-96231b3b80d8
Diffstat (limited to 'clang-tidy')
-rw-r--r-- | clang-tidy/cert/CERTTidyModule.cpp | 7 | ||||
-rw-r--r-- | clang-tidy/cert/CMakeLists.txt | 1 | ||||
-rw-r--r-- | clang-tidy/cert/LimitedRandomnessCheck.cpp | 40 | ||||
-rw-r--r-- | clang-tidy/cert/LimitedRandomnessCheck.h | 38 |
4 files changed, 86 insertions, 0 deletions
diff --git a/clang-tidy/cert/CERTTidyModule.cpp b/clang-tidy/cert/CERTTidyModule.cpp index c44d6eeb..71135378 100644 --- a/clang-tidy/cert/CERTTidyModule.cpp +++ b/clang-tidy/cert/CERTTidyModule.cpp @@ -18,6 +18,7 @@ #include "../misc/ThrowByValueCatchByReferenceCheck.h" #include "CommandProcessorCheck.h" #include "FloatLoopCounter.h" +#include "LimitedRandomnessCheck.h" #include "SetLongJmpCheck.h" #include "StaticObjectExceptionCheck.h" #include "StrToNumCheck.h" @@ -53,6 +54,9 @@ public: "cert-err60-cpp"); CheckFactories.registerCheck<misc::ThrowByValueCatchByReferenceCheck>( "cert-err61-cpp"); + // MSC + CheckFactories.registerCheck<LimitedRandomnessCheck>( + "cert-msc50-cpp"); // C checkers // DCL @@ -70,6 +74,9 @@ public: // ERR CheckFactories.registerCheck<StrToNumCheck>( "cert-err34-c"); + // MSC + CheckFactories.registerCheck<LimitedRandomnessCheck>( + "cert-msc30-c"); } ClangTidyOptions getModuleOptions() override { ClangTidyOptions Options; diff --git a/clang-tidy/cert/CMakeLists.txt b/clang-tidy/cert/CMakeLists.txt index a53ec2f6..7a6b44a0 100644 --- a/clang-tidy/cert/CMakeLists.txt +++ b/clang-tidy/cert/CMakeLists.txt @@ -4,6 +4,7 @@ add_clang_library(clangTidyCERTModule CERTTidyModule.cpp CommandProcessorCheck.cpp FloatLoopCounter.cpp + LimitedRandomnessCheck.cpp SetLongJmpCheck.cpp StaticObjectExceptionCheck.cpp StrToNumCheck.cpp diff --git a/clang-tidy/cert/LimitedRandomnessCheck.cpp b/clang-tidy/cert/LimitedRandomnessCheck.cpp new file mode 100644 index 00000000..807f1835 --- /dev/null +++ b/clang-tidy/cert/LimitedRandomnessCheck.cpp @@ -0,0 +1,40 @@ +//===--- LimitedRandomnessCheck.cpp - clang-tidy---------------------------===// +// +// The LLVM Compiler Infrastructure +// +// This file is distributed under the University of Illinois Open Source +// License. See LICENSE.TXT for details. +// +//===----------------------------------------------------------------------===// + +#include "LimitedRandomnessCheck.h" +#include "clang/AST/ASTContext.h" +#include "clang/ASTMatchers/ASTMatchFinder.h" + +using namespace clang::ast_matchers; + +namespace clang { +namespace tidy { +namespace cert { + +void LimitedRandomnessCheck::registerMatchers(MatchFinder *Finder) { + Finder->addMatcher(callExpr(callee(functionDecl(namedDecl(hasName("::rand")), + parameterCountIs(0)))) + .bind("randomGenerator"), + this); +} + +void LimitedRandomnessCheck::check(const MatchFinder::MatchResult &Result) { + std::string msg = ""; + if (getLangOpts().CPlusPlus) + msg = "; use C++11 random library instead"; + + const auto *MatchedDecl = Result.Nodes.getNodeAs<CallExpr>("randomGenerator"); + diag(MatchedDecl->getLocStart(), + "rand() has limited randomness" + msg); +} + +} // namespace cert +} // namespace tidy +} // namespace clang + diff --git a/clang-tidy/cert/LimitedRandomnessCheck.h b/clang-tidy/cert/LimitedRandomnessCheck.h new file mode 100644 index 00000000..59d511cb --- /dev/null +++ b/clang-tidy/cert/LimitedRandomnessCheck.h @@ -0,0 +1,38 @@ +//===--- LimitedRandomnessCheck.h - clang-tidy-------------------*- C++ -*-===// +// +// The LLVM Compiler Infrastructure +// +// This file is distributed under the University of Illinois Open Source +// License. See LICENSE.TXT for details. +// +//===----------------------------------------------------------------------===// + +#ifndef LLVM_CLANG_TOOLS_EXTRA_CLANG_TIDY_CERT_LIMITED_RANDOMNESS_H +#define LLVM_CLANG_TOOLS_EXTRA_CLANG_TIDY_CERT_LIMITED_RANDOMNESS_H + +#include "../ClangTidy.h" + +namespace clang { +namespace tidy { +namespace cert { + +/// Pseudorandom number generators are not genuinely random. The result of the +/// std::rand() function makes no guarantees as to the quality of the random +/// sequence produced. +/// This check warns for the usage of std::rand() function. +/// +/// For the user-facing documentation see: +/// http://clang.llvm.org/extra/clang-tidy/checks/cert-msc50-cpp.html +class LimitedRandomnessCheck : public ClangTidyCheck { +public: + LimitedRandomnessCheck(StringRef Name, ClangTidyContext *Context) + : ClangTidyCheck(Name, Context) {} + void registerMatchers(ast_matchers::MatchFinder *Finder) override; + void check(const ast_matchers::MatchFinder::MatchResult &Result) override; +}; + +} // namespace cert +} // namespace tidy +} // namespace clang + +#endif // LLVM_CLANG_TOOLS_EXTRA_CLANG_TIDY_CERT_LIMITED_RANDOMNESS_H |