1 //===-- CommandProcessorCheck.cpp - clang-tidy ----------------------------===// 2 // 3 // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. 4 // See https://llvm.org/LICENSE.txt for license information. 5 // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception 6 // 7 //===----------------------------------------------------------------------===// 8 9 #include "CommandProcessorCheck.h" 10 #include "clang/AST/ASTContext.h" 11 #include "clang/ASTMatchers/ASTMatchFinder.h" 12 13 using namespace clang::ast_matchers; 14 15 namespace clang { 16 namespace tidy { 17 namespace cert { 18 19 void CommandProcessorCheck::registerMatchers(MatchFinder *Finder) { 20 Finder->addMatcher( 21 callExpr( 22 callee(functionDecl(hasAnyName("::system", "::popen", "::_popen")) 23 .bind("func")), 24 // Do not diagnose when the call expression passes a null pointer 25 // constant to system(); that only checks for the presence of a 26 // command processor, which is not a security risk by itself. 27 unless(callExpr(callee(functionDecl(hasName("::system"))), 28 argumentCountIs(1), 29 hasArgument(0, nullPointerConstant())))) 30 .bind("expr"), 31 this); 32 } 33 34 void CommandProcessorCheck::check(const MatchFinder::MatchResult &Result) { 35 const auto *Fn = Result.Nodes.getNodeAs<FunctionDecl>("func"); 36 const auto *E = Result.Nodes.getNodeAs<CallExpr>("expr"); 37 38 diag(E->getExprLoc(), "calling %0 uses a command processor") << Fn; 39 } 40 41 } // namespace cert 42 } // namespace tidy 43 } // namespace clang 44