Add a new clang-tidy check for cert-msc50-cpp (and cert-msc30-c) that corresponds to the CERT C++ secure coding rule: https://www.securecoding.cert.org/confluence/display/cplusplus/MSC50-CPP.+Do+not+use+std%3A%3Arand%28%29+for+generating+pseudorandom+numbers

Patch by Benedek Kiss git-svn-id: https://llvm.org/svn/llvm-project/clang-tools-extra/trunk@285809 91177308-0d34-0410-b5e6-96231b3b80d8
author: Aaron Ballman <aaron@aaronballman.com> 2016-11-02 14:16:36 +0000
committer: Aaron Ballman <aaron@aaronballman.com> 2016-11-02 14:16:36 +0000
commit: 7b7f5caa6d17269c30054528a5d4d14775f8dd79 (patch)
tree: f0e92e0eebf250e5c8a20960998e3249e3119a4b /clang-tidy
parent: c9bdecfcf90ad53bbe054c5a0233b76e63c60fa8 (diff)
4 files changed, 86 insertions, 0 deletions
diff --git a/clang-tidy/cert/CERTTidyModule.cpp b/clang-tidy/cert/CERTTidyModule.cpp
index c44d6eeb..71135378 100644
--- a/clang-tidy/cert/CERTTidyModule.cpp
+++ b/clang-tidy/cert/CERTTidyModule.cpp
@@ -18,6 +18,7 @@
 #include "../misc/ThrowByValueCatchByReferenceCheck.h"
 #include "CommandProcessorCheck.h"
 #include "FloatLoopCounter.h"
+#include "LimitedRandomnessCheck.h"
 #include "SetLongJmpCheck.h"
 #include "StaticObjectExceptionCheck.h"
 #include "StrToNumCheck.h"
@@ -53,6 +54,9 @@ public:
         "cert-err60-cpp");
     CheckFactories.registerCheck<misc::ThrowByValueCatchByReferenceCheck>(
         "cert-err61-cpp");
+    // MSC
+    CheckFactories.registerCheck<LimitedRandomnessCheck>(
+        "cert-msc50-cpp");
 
     // C checkers
     // DCL
@@ -70,6 +74,9 @@ public:
     // ERR
     CheckFactories.registerCheck<StrToNumCheck>(
         "cert-err34-c");
+    // MSC
+    CheckFactories.registerCheck<LimitedRandomnessCheck>(
+        "cert-msc30-c");
   }
   ClangTidyOptions getModuleOptions() override {
     ClangTidyOptions Options;
diff --git a/clang-tidy/cert/CMakeLists.txt b/clang-tidy/cert/CMakeLists.txt
index a53ec2f6..7a6b44a0 100644
--- a/clang-tidy/cert/CMakeLists.txt
+++ b/clang-tidy/cert/CMakeLists.txt
@@ -4,6 +4,7 @@ add_clang_library(clangTidyCERTModule
   CERTTidyModule.cpp
   CommandProcessorCheck.cpp
   FloatLoopCounter.cpp
+  LimitedRandomnessCheck.cpp
   SetLongJmpCheck.cpp
   StaticObjectExceptionCheck.cpp
   StrToNumCheck.cpp
diff --git a/clang-tidy/cert/LimitedRandomnessCheck.cpp b/clang-tidy/cert/LimitedRandomnessCheck.cpp
new file mode 100644
index 00000000..807f1835
--- /dev/null
+++ b/clang-tidy/cert/LimitedRandomnessCheck.cpp
@@ -0,0 +1,40 @@
+//===--- LimitedRandomnessCheck.cpp - clang-tidy---------------------------===//
+//
+//                     The LLVM Compiler Infrastructure
+//
+// This file is distributed under the University of Illinois Open Source
+// License. See LICENSE.TXT for details.
+//
+//===----------------------------------------------------------------------===//
+
+#include "LimitedRandomnessCheck.h"
+#include "clang/AST/ASTContext.h"
+#include "clang/ASTMatchers/ASTMatchFinder.h"
+
+using namespace clang::ast_matchers;
+
+namespace clang {
+namespace tidy {
+namespace cert {
+
+void LimitedRandomnessCheck::registerMatchers(MatchFinder *Finder) {
+  Finder->addMatcher(callExpr(callee(functionDecl(namedDecl(hasName("::rand")),
+                                                  parameterCountIs(0))))
+                         .bind("randomGenerator"),
+                     this);
+}
+
+void LimitedRandomnessCheck::check(const MatchFinder::MatchResult &Result) {
+  std::string msg = "";
+  if (getLangOpts().CPlusPlus)
+    msg = "; use C++11 random library instead";
+
+  const auto *MatchedDecl = Result.Nodes.getNodeAs<CallExpr>("randomGenerator");
+  diag(MatchedDecl->getLocStart(),
+       "rand() has limited randomness" + msg);
+}
+
+} // namespace cert
+} // namespace tidy
+} // namespace clang
+
diff --git a/clang-tidy/cert/LimitedRandomnessCheck.h b/clang-tidy/cert/LimitedRandomnessCheck.h
new file mode 100644
index 00000000..59d511cb
--- /dev/null
+++ b/clang-tidy/cert/LimitedRandomnessCheck.h
@@ -0,0 +1,38 @@
+//===--- LimitedRandomnessCheck.h - clang-tidy-------------------*- C++ -*-===//
+//
+//                     The LLVM Compiler Infrastructure
+//
+// This file is distributed under the University of Illinois Open Source
+// License. See LICENSE.TXT for details.
+//
+//===----------------------------------------------------------------------===//
+
+#ifndef LLVM_CLANG_TOOLS_EXTRA_CLANG_TIDY_CERT_LIMITED_RANDOMNESS_H
+#define LLVM_CLANG_TOOLS_EXTRA_CLANG_TIDY_CERT_LIMITED_RANDOMNESS_H
+
+#include "../ClangTidy.h"
+
+namespace clang {
+namespace tidy {
+namespace cert {
+
+/// Pseudorandom number generators are not genuinely random. The result of the
+/// std::rand() function makes no guarantees as to the quality of the random
+/// sequence produced.
+/// This check warns for the usage of std::rand() function.
+///
+/// For the user-facing documentation see:
+/// http://clang.llvm.org/extra/clang-tidy/checks/cert-msc50-cpp.html
+class LimitedRandomnessCheck : public ClangTidyCheck {
+public:
+  LimitedRandomnessCheck(StringRef Name, ClangTidyContext *Context)
+      : ClangTidyCheck(Name, Context) {}
+  void registerMatchers(ast_matchers::MatchFinder *Finder) override;
+  void check(const ast_matchers::MatchFinder::MatchResult &Result) override;
+};
+
+} // namespace cert
+} // namespace tidy
+} // namespace clang
+
+#endif // LLVM_CLANG_TOOLS_EXTRA_CLANG_TIDY_CERT_LIMITED_RANDOMNESS_H
author	Aaron Ballman <aaron@aaronballman.com>	2016-11-02 14:16:36 +0000
committer	Aaron Ballman <aaron@aaronballman.com>	2016-11-02 14:16:36 +0000
commit	7b7f5caa6d17269c30054528a5d4d14775f8dd79 (patch)
tree	f0e92e0eebf250e5c8a20960998e3249e3119a4b /clang-tidy
parent	c9bdecfcf90ad53bbe054c5a0233b76e63c60fa8 (diff)