summaryrefslogtreecommitdiffstats
path: root/test/Analysis/security-syntax-checks.m
diff options
context:
space:
mode:
Diffstat (limited to 'test/Analysis/security-syntax-checks.m')
-rw-r--r--test/Analysis/security-syntax-checks.m129
1 files changed, 120 insertions, 9 deletions
diff --git a/test/Analysis/security-syntax-checks.m b/test/Analysis/security-syntax-checks.m
index 1fd00dffe4..5c63f0686e 100644
--- a/test/Analysis/security-syntax-checks.m
+++ b/test/Analysis/security-syntax-checks.m
@@ -1,11 +1,40 @@
-// RUN: %clang_analyze_cc1 -triple i386-apple-darwin10 -analyzer-checker=security.insecureAPI,security.FloatLoopCounter %s -verify
-// RUN: %clang_analyze_cc1 -triple i386-apple-darwin10 -DUSE_BUILTINS -analyzer-checker=security.insecureAPI,security.FloatLoopCounter %s -verify
-// RUN: %clang_analyze_cc1 -triple i386-apple-darwin10 -DVARIANT -analyzer-checker=security.insecureAPI,security.FloatLoopCounter %s -verify
-// RUN: %clang_analyze_cc1 -triple i386-apple-darwin10 -DUSE_BUILTINS -DVARIANT -analyzer-checker=security.insecureAPI,security.FloatLoopCounter %s -verify
-// RUN: %clang_analyze_cc1 -triple x86_64-unknown-cloudabi -analyzer-checker=security.insecureAPI,security.FloatLoopCounter %s -verify
-// RUN: %clang_analyze_cc1 -triple x86_64-unknown-cloudabi -DUSE_BUILTINS -analyzer-checker=security.insecureAPI,security.FloatLoopCounter %s -verify
-// RUN: %clang_analyze_cc1 -triple x86_64-unknown-cloudabi -DVARIANT -analyzer-checker=security.insecureAPI,security.FloatLoopCounter %s -verify
-// RUN: %clang_analyze_cc1 -triple x86_64-unknown-cloudabi -DUSE_BUILTINS -DVARIANT -analyzer-checker=security.insecureAPI,security.FloatLoopCounter %s -verify
+// RUN: %clang_analyze_cc1 -triple i386-apple-darwin10 %s -verify \
+// RUN: -analyzer-checker=security.insecureAPI \
+// RUN: -analyzer-checker=security.FloatLoopCounter
+
+// RUN: %clang_analyze_cc1 -triple i386-apple-darwin10 %s -verify \
+// RUN: -DUSE_BUILTINS \
+// RUN: -analyzer-checker=security.insecureAPI \
+// RUN: -analyzer-checker=security.FloatLoopCounter
+
+// RUN: %clang_analyze_cc1 -triple i386-apple-darwin10 %s -verify \
+// RUN: -DVARIANT \
+// RUN: -analyzer-checker=security.insecureAPI \
+// RUN: -analyzer-checker=security.FloatLoopCounter
+
+// RUN: %clang_analyze_cc1 -triple i386-apple-darwin10 %s -verify \
+// RUN: -DUSE_BUILTINS -DVARIANT \
+// RUN: -analyzer-checker=security.insecureAPI \
+// RUN: -analyzer-checker=security.FloatLoopCounter
+
+// RUN: %clang_analyze_cc1 -triple x86_64-unknown-cloudabi %s -verify \
+// RUN: -analyzer-checker=security.insecureAPI \
+// RUN: -analyzer-checker=security.FloatLoopCounter
+
+// RUN: %clang_analyze_cc1 -triple x86_64-unknown-cloudabi %s -verify \
+// RUN: -DUSE_BUILTINS \
+// RUN: -analyzer-checker=security.insecureAPI \
+// RUN: -analyzer-checker=security.FloatLoopCounter
+
+// RUN: %clang_analyze_cc1 -triple x86_64-unknown-cloudabi %s -verify \
+// RUN: -DVARIANT \
+// RUN: -analyzer-checker=security.insecureAPI \
+// RUN: -analyzer-checker=security.FloatLoopCounter
+
+// RUN: %clang_analyze_cc1 -triple x86_64-unknown-cloudabi %s -verify \
+// RUN: -DUSE_BUILTINS -DVARIANT \
+// RUN: -analyzer-checker=security.insecureAPI \
+// RUN: -analyzer-checker=security.FloatLoopCounter
#ifdef USE_BUILTINS
# define BUILTIN(f) __builtin_ ## f
@@ -13,6 +42,9 @@
# define BUILTIN(f) f
#endif /* USE_BUILTINS */
+#include "Inputs/system-header-simulator-for-valist.h"
+#include "Inputs/system-header-simulator-for-simple-stream.h"
+
typedef typeof(sizeof(int)) size_t;
@@ -38,7 +70,7 @@ void test_float_condition() {
}
// Obsolete function bcmp
-int bcmp(void *, void *, size_t);
+int bcmp(const void *, const void *, size_t);
int test_bcmp(void *a, void *b, size_t n) {
return bcmp(a, b, n); // expected-warning{{The bcmp() function is obsoleted by memcmp()}}
@@ -238,3 +270,82 @@ void test_mkstemp() {
mkdtemp("XXXXXX");
}
+
+//===----------------------------------------------------------------------===
+// deprecated or unsafe buffer handling
+//===----------------------------------------------------------------------===
+typedef int wchar_t;
+
+int sprintf(char *str, const char *format, ...);
+//int vsprintf (char *s, const char *format, va_list arg);
+int scanf(const char *format, ...);
+int wscanf(const wchar_t *format, ...);
+int fscanf(FILE *stream, const char *format, ...);
+int fwscanf(FILE *stream, const wchar_t *format, ...);
+int vscanf(const char *format, va_list arg);
+int vwscanf(const wchar_t *format, va_list arg);
+int vfscanf(FILE *stream, const char *format, va_list arg);
+int vfwscanf(FILE *stream, const wchar_t *format, va_list arg);
+int sscanf(const char *s, const char *format, ...);
+int swscanf(const wchar_t *ws, const wchar_t *format, ...);
+int vsscanf(const char *s, const char *format, va_list arg);
+int vswscanf(const wchar_t *ws, const wchar_t *format, va_list arg);
+int swprintf(wchar_t *ws, size_t len, const wchar_t *format, ...);
+int snprintf(char *s, size_t n, const char *format, ...);
+int vswprintf(wchar_t *ws, size_t len, const wchar_t *format, va_list arg);
+int vsnprintf(char *s, size_t n, const char *format, va_list arg);
+void *memcpy(void *destination, const void *source, size_t num);
+void *memmove(void *destination, const void *source, size_t num);
+char *strncpy(char *destination, const char *source, size_t num);
+char *strncat(char *destination, const char *source, size_t num);
+void *memset(void *ptr, int value, size_t num);
+
+void test_deprecated_or_unsafe_buffer_handling_1() {
+ char buf [5];
+ wchar_t wbuf [5];
+ int a;
+ FILE *file;
+ sprintf(buf, "a"); // expected-warning{{Call to function 'sprintf' is insecure}}
+ scanf("%d", &a); // expected-warning{{Call to function 'scanf' is insecure}}
+ scanf("%s", buf); // expected-warning{{Call to function 'scanf' is insecure}}
+ scanf("%4s", buf); // expected-warning{{Call to function 'scanf' is insecure}}
+ wscanf((const wchar_t*) L"%s", buf); // expected-warning{{Call to function 'wscanf' is insecure}}
+ fscanf(file, "%d", &a); // expected-warning{{Call to function 'fscanf' is insecure}}
+ fscanf(file, "%s", buf); // expected-warning{{Call to function 'fscanf' is insecure}}
+ fscanf(file, "%4s", buf); // expected-warning{{Call to function 'fscanf' is insecure}}
+ fwscanf(file, (const wchar_t*) L"%s", wbuf); // expected-warning{{Call to function 'fwscanf' is insecure}}
+ sscanf("5", "%d", &a); // expected-warning{{Call to function 'sscanf' is insecure}}
+ sscanf("5", "%s", buf); // expected-warning{{Call to function 'sscanf' is insecure}}
+ sscanf("5", "%4s", buf); // expected-warning{{Call to function 'sscanf' is insecure}}
+ swscanf(L"5", (const wchar_t*) L"%s", wbuf); // expected-warning{{Call to function 'swscanf' is insecure}}
+ swprintf(L"5", 1, (const wchar_t*) L"%s", wbuf); // expected-warning{{Call to function 'swprintf' is insecure}}
+ snprintf("5", 1, "%s", buf); // expected-warning{{Call to function 'snprintf' is insecure}}
+ memcpy(buf, wbuf, 1); // expected-warning{{Call to function 'memcpy' is insecure}}
+ memmove(buf, wbuf, 1); // expected-warning{{Call to function 'memmove' is insecure}}
+ strncpy(buf, "a", 1); // expected-warning{{Call to function 'strncpy' is insecure}}
+ strncat(buf, "a", 1); // expected-warning{{Call to function 'strncat' is insecure}}
+ memset(buf, 'a', 1); // expected-warning{{Call to function 'memset' is insecure}}
+}
+
+void test_deprecated_or_unsafe_buffer_handling_2(const char *format, ...) {
+ char buf [5];
+ FILE *file;
+ va_list args;
+ va_start(args, format);
+ vsprintf(buf, format, args); // expected-warning{{Call to function 'vsprintf' is insecure}}
+ vscanf(format, args); // expected-warning{{Call to function 'vscanf' is insecure}}
+ vfscanf(file, format, args); // expected-warning{{Call to function 'vfscanf' is insecure}}
+ vsscanf("a", format, args); // expected-warning{{Call to function 'vsscanf' is insecure}}
+ vsnprintf("a", 1, format, args); // expected-warning{{Call to function 'vsnprintf' is insecure}}
+}
+
+void test_deprecated_or_unsafe_buffer_handling_3(const wchar_t *format, ...) {
+ wchar_t wbuf [5];
+ FILE *file;
+ va_list args;
+ va_start(args, format);
+ vwscanf(format, args); // expected-warning{{Call to function 'vwscanf' is insecure}}
+ vfwscanf(file, format, args); // expected-warning{{Call to function 'vfwscanf' is insecure}}
+ vswscanf(L"a", format, args); // expected-warning{{Call to function 'vswscanf' is insecure}}
+ vswprintf(L"a", 1, format, args); // expected-warning{{Call to function 'vswprintf' is insecure}}
+}
generated by cgit v1.2.3 (git 2.25.1) at 2024-05-11 07:26:14 +0000