xref: /llvm-project/clang-tools-extra/test/clang-tidy/checkers/bugprone/unsafe-functions.c (revision 0b8866d15ac5806a980d2ff2ea63240d8acfa778) 
1 // This test fails on "x86_64-sie" buildbot and "x86_64-scei-ps4" target.
2 // According to @dyung, something related to the kind of standard library
3 // availability is causing the failure. Even though we explicitly define
4 // the relevant macros the check is hunting for in the invocation, the real
5 // parsing and preprocessor state will not have that case.
6 // UNSUPPORTED: target={{.*-(ps4|ps5)}}
7 //
8 // RUN: %check_clang_tidy -check-suffix=WITH-ANNEX-K            %s bugprone-unsafe-functions %t -- -- -D__STDC_LIB_EXT1__=1 -D__STDC_WANT_LIB_EXT1__=1
9 // RUN: %check_clang_tidy -check-suffix=WITHOUT-ANNEX-K         %s bugprone-unsafe-functions %t -- -- -U__STDC_LIB_EXT1__   -U__STDC_WANT_LIB_EXT1__
10 // RUN: %check_clang_tidy -check-suffix=WITHOUT-ANNEX-K         %s bugprone-unsafe-functions %t -- -- -D__STDC_LIB_EXT1__=1 -U__STDC_WANT_LIB_EXT1__
11 // RUN: %check_clang_tidy -check-suffix=WITHOUT-ANNEX-K         %s bugprone-unsafe-functions %t -- -- -U__STDC_LIB_EXT1__   -D__STDC_WANT_LIB_EXT1__=1
12 // RUN: %check_clang_tidy -check-suffix=WITH-ANNEX-K-CERT-ONLY  %s bugprone-unsafe-functions %t -- \
13 // RUN:   -config="{CheckOptions: {bugprone-unsafe-functions.ReportMoreUnsafeFunctions: false}}" \
14 // RUN:                                                                                            -- -D__STDC_LIB_EXT1__=1 -D__STDC_WANT_LIB_EXT1__=1
15 // RUN: %check_clang_tidy -check-suffix=WITH-NONE-ENABLED       %s bugprone-unsafe-functions %t --\
16 // RUN:   -config="{CheckOptions: {bugprone-unsafe-functions.ReportDefaultFunctions: false}}" \
17 // RUN:                                                                                            -- -D__STDC_LIB_EXT1__=1 -D__STDC_WANT_LIB_EXT1__=1
18 
19 // CHECK-MESSAGES-WITH-NONE-ENABLED: 1 warning generated
20 // CHECK-MESSAGES-WITH-NONE-ENABLED: Suppressed 1 warnings
21 
22 typedef __SIZE_TYPE__ size_t;
23 typedef __WCHAR_TYPE__ wchar_t;
24 
25 char *gets(char *S);
26 size_t strlen(const char *S);
27 size_t wcslen(const wchar_t *S);
28 
29 void f1(char *S) {
30   gets(S);
31   // CHECK-MESSAGES-WITH-ANNEX-K:           :[[@LINE-1]]:3: warning: function 'gets' is insecure, was deprecated and removed in C11 and C++14; 'gets_s' should be used instead [bugprone-unsafe-functions]
32   // FIXME(?): On target=x86_64-scie-ps4, the above warning in the
33   // "-WITH-ANNEX-K" case will still report the suggestion to use 'fgets'
34   // instead of the expected 'get_s', as if "Annex K" was not available.
35   // CHECK-MESSAGES-WITH-ANNEX-K-CERT-ONLY: :[[@LINE-5]]:3: warning: function 'gets' is insecure, was deprecated and removed in C11 and C++14; 'gets_s' should be used instead
36   // CHECK-MESSAGES-WITHOUT-ANNEX-K:        :[[@LINE-6]]:3: warning: function 'gets' is insecure, was deprecated and removed in C11 and C++14; 'fgets' should be used instead
37 
38   strlen(S);
39   // CHECK-MESSAGES-WITH-ANNEX-K:           :[[@LINE-1]]:3: warning: function 'strlen' is not bounds-checking; 'strnlen_s' should be used instead
40   // CHECK-MESSAGES-WITH-ANNEX-K-CERT-ONLY: :[[@LINE-2]]:3: warning: function 'strlen' is not bounds-checking; 'strnlen_s' should be used instead
41   // no-warning WITHOUT-ANNEX-K
42 }
43 
44 void f1w(wchar_t *S) {
45   wcslen(S);
46   // CHECK-MESSAGES-WITH-ANNEX-K:           :[[@LINE-1]]:3: warning: function 'wcslen' is not bounds-checking; 'wcsnlen_s' should be used instead
47   // CHECK-MESSAGES-WITH-ANNEX-K-CERT-ONLY: :[[@LINE-2]]:3: warning: function 'wcslen' is not bounds-checking; 'wcsnlen_s' should be used instead
48   // no-warning WITHOUT-ANNEX-K
49 }
50 
51 struct tm;
52 char *asctime(const struct tm *TimePtr);
53 
54 void f2(const struct tm *Time) {
55   asctime(Time);
56   // CHECK-MESSAGES-WITH-ANNEX-K:           :[[@LINE-1]]:3: warning: function 'asctime' is not bounds-checking and non-reentrant; 'asctime_s' should be used instead
57   // CHECK-MESSAGES-WITH-ANNEX-K-CERT-ONLY: :[[@LINE-2]]:3: warning: function 'asctime' is not bounds-checking and non-reentrant; 'asctime_s' should be used instead
58   // CHECK-MESSAGES-WITHOUT-ANNEX-K:        :[[@LINE-3]]:3: warning: function 'asctime' is not bounds-checking and non-reentrant; 'strftime' should be used instead
59 
60   char *(*F1)(const struct tm *) = asctime;
61   // CHECK-MESSAGES-WITH-ANNEX-K:           :[[@LINE-1]]:36: warning: function 'asctime' is not bounds-checking and non-reentrant; 'asctime_s' should be used instead
62   // CHECK-MESSAGES-WITH-ANNEX-K-CERT-ONLY: :[[@LINE-2]]:36: warning: function 'asctime' is not bounds-checking and non-reentrant; 'asctime_s' should be used instead
63   // CHECK-MESSAGES-WITHOUT-ANNEX-K:        :[[@LINE-3]]:36: warning: function 'asctime' is not bounds-checking and non-reentrant; 'strftime' should be used instead
64 
65   char *(*F2)(const struct tm *) = &asctime;
66   // CHECK-MESSAGES-WITH-ANNEX-K:           :[[@LINE-1]]:37: warning: function 'asctime' is not bounds-checking and non-reentrant; 'asctime_s' should be used instead
67   // CHECK-MESSAGES-WITH-ANNEX-K-CERT-ONLY: :[[@LINE-2]]:37: warning: function 'asctime' is not bounds-checking and non-reentrant; 'asctime_s' should be used instead
68   // CHECK-MESSAGES-WITHOUT-ANNEX-K:        :[[@LINE-3]]:37: warning: function 'asctime' is not bounds-checking and non-reentrant; 'strftime' should be used instead
69 }
70 
71 typedef void *FILE;
72 FILE *fopen(const char *Filename, const char *Mode);
73 FILE *freopen(const char *Filename, const char *Mode, FILE *Stream);
74 int fscanf(FILE *Stream, const char *Format, ...);
75 void rewind(FILE *Stream);
76 void setbuf(FILE *Stream, char *Buf);
77 
78 void f3(char *S, FILE *F) {
79   fopen(S, S);
80   // CHECK-MESSAGES-WITH-ANNEX-K:           :[[@LINE-1]]:3: warning: function 'fopen' has no exclusive access to the opened file; 'fopen_s' should be used instead
81   // CHECK-MESSAGES-WITH-ANNEX-K-CERT-ONLY: :[[@LINE-2]]:3: warning: function 'fopen' has no exclusive access to the opened file; 'fopen_s' should be used instead
82   // no-warning WITHOUT-ANNEX-K
83 
84   freopen(S, S, F);
85   // CHECK-MESSAGES-WITH-ANNEX-K:           :[[@LINE-1]]:3: warning: function 'freopen' has no exclusive access to the opened file; 'freopen_s' should be used instead
86   // CHECK-MESSAGES-WITH-ANNEX-K-CERT-ONLY: :[[@LINE-2]]:3: warning: function 'freopen' has no exclusive access to the opened file; 'freopen_s' should be used instead
87   // no-warning WITHOUT-ANNEX-K
88 
89   int I;
90   fscanf(F, "%d", &I);
91   // CHECK-MESSAGES-WITH-ANNEX-K:           :[[@LINE-1]]:3: warning: function 'fscanf' is not bounds-checking; 'fscanf_s' should be used instead
92   // CHECK-MESSAGES-WITH-ANNEX-K-CERT-ONLY: :[[@LINE-2]]:3: warning: function 'fscanf' is not bounds-checking; 'fscanf_s' should be used instead
93   // no-warning WITHOUT-ANNEX-K
94 
95   rewind(F);
96   // CHECK-MESSAGES-WITH-ANNEX-K:           :[[@LINE-1]]:3: warning: function 'rewind' has no error detection; 'fseek' should be used instead
97   // CHECK-MESSAGES-WITH-ANNEX-K-CERT-ONLY: :[[@LINE-2]]:3: warning: function 'rewind' has no error detection; 'fseek' should be used instead
98   // CHECK-MESSAGES-WITHOUT-ANNEX-K:        :[[@LINE-3]]:3: warning: function 'rewind' has no error detection; 'fseek' should be used instead
99 
100   setbuf(F, S);
101   // CHECK-MESSAGES-WITH-ANNEX-K:           :[[@LINE-1]]:3: warning: function 'setbuf' has no error detection; 'setvbuf' should be used instead
102   // CHECK-MESSAGES-WITH-ANNEX-K-CERT-ONLY: :[[@LINE-2]]:3: warning: function 'setbuf' has no error detection; 'setvbuf' should be used instead
103   // CHECK-MESSAGES-WITHOUT-ANNEX-K:        :[[@LINE-3]]:3: warning: function 'setbuf' has no error detection; 'setvbuf' should be used instead
104 }
105 
106 typedef int time_t;
107 char *ctime(const time_t *Timer);
108 
109 void f4(const time_t *Timer) {
110   ctime(Timer);
111   // CHECK-MESSAGES-WITH-ANNEX-K:           :[[@LINE-1]]:3: warning: function 'ctime' is not bounds-checking and non-reentrant; 'ctime_s' should be used instead
112   // CHECK-MESSAGES-WITH-ANNEX-K-CERT-ONLY: :[[@LINE-2]]:3: warning: function 'ctime' is not bounds-checking and non-reentrant; 'ctime_s' should be used instead
113   // no-warning WITHOUT-ANNEX-K
114 }
115 
116 #define BUFSIZ 128
117 typedef int uid_t;
118 typedef int pid_t;
119 int bcmp(const void *S1, const void *S2, size_t N);
120 void bcopy(const void *Src, void *Dest, size_t N);
121 void bzero(void *S, size_t N);
122 int getpw(uid_t UId, char *Buf);
123 pid_t vfork(void);
124 
125 void fOptional() {
126   char Buf1[BUFSIZ] = {0};
127   char Buf2[BUFSIZ] = {0};
128 
129   bcmp(Buf1, Buf2, BUFSIZ);
130   // CHECK-MESSAGES-WITH-ANNEX-K:    :[[@LINE-1]]:3: warning: function 'bcmp' is deprecated; 'memcmp' should be used instead
131   // CHECK-MESSAGES-WITHOUT-ANNEX-K: :[[@LINE-2]]:3: warning: function 'bcmp' is deprecated; 'memcmp' should be used instead
132   // no-warning CERT-ONLY
133 
134   bcopy(Buf1, Buf2, BUFSIZ);
135   // CHECK-MESSAGES-WITH-ANNEX-K:    :[[@LINE-1]]:3: warning: function 'bcopy' is deprecated; 'memcpy_s' should be used instead
136   // CHECK-MESSAGES-WITHOUT-ANNEX-K: :[[@LINE-2]]:3: warning: function 'bcopy' is deprecated; 'memcpy' should be used instead
137   // no-warning CERT-ONLY
138 
139   bzero(Buf1, BUFSIZ);
140   // CHECK-MESSAGES-WITH-ANNEX-K:    :[[@LINE-1]]:3: warning: function 'bzero' is deprecated; 'memset_s' should be used instead
141   // CHECK-MESSAGES-WITHOUT-ANNEX-K: :[[@LINE-2]]:3: warning: function 'bzero' is deprecated; 'memset' should be used instead
142   // no-warning CERT-ONLY
143 
144   getpw(0, Buf1);
145   // CHECK-MESSAGES-WITH-ANNEX-K:    :[[@LINE-1]]:3: warning: function 'getpw' is dangerous as it may overflow the provided buffer; 'getpwuid' should be used instead
146   // CHECK-MESSAGES-WITHOUT-ANNEX-K: :[[@LINE-2]]:3: warning: function 'getpw' is dangerous as it may overflow the provided buffer; 'getpwuid' should be used instead
147   // no-warning CERT-ONLY
148 
149   vfork();
150   // CHECK-MESSAGES-WITH-ANNEX-K:    :[[@LINE-1]]:3: warning: function 'vfork' is insecure as it can lead to denial of service situations in the parent process; 'posix_spawn' should be used instead
151   // CHECK-MESSAGES-WITHOUT-ANNEX-K: :[[@LINE-2]]:3: warning: function 'vfork' is insecure as it can lead to denial of service situations in the parent process; 'posix_spawn' should be used instead
152   // no-warning CERT-ONLY
153 }
154 
155 typedef int errno_t;
156 typedef size_t rsize_t;
157 errno_t asctime_s(char *S, rsize_t Maxsize, const struct tm *TimePtr);
158 errno_t strcat_s(char *S1, rsize_t S1Max, const char *S2);
159 
160 void fUsingSafeFunctions(const struct tm *Time, FILE *F) {
161   char Buf[BUFSIZ] = {0};
162 
163   // no-warning, safe function from annex K is used
164   if (asctime_s(Buf, BUFSIZ, Time) != 0)
165     return;
166 
167   // no-warning, safe function from annex K is used
168   if (strcat_s(Buf, BUFSIZ, "something") != 0)
169     return;
170 }
171