Re: [PATCH] D17447: Add check for CERT ENV33-C

Aaron Ballman via cfe-commits Fri, 19 Feb 2016 08:19:10 -0800

aaron.ballman added inline comments.

================
Comment at: clang-tidy/cert/CommandProcessorCheck.cpp:22
@@ +21,3 @@
+  Finder->addMatcher(
+      callExpr(callee(functionDecl(anyOf(hasName("system"), hasName("popen"),
+                                         hasName("_popen")))
----------------
sbenza wrote:
> Should we check that it is calling ::system and not any function called 
> system?
Hmm, that's not a bad idea. Same for `popen` and `_popen()`.


================
Comment at: clang-tidy/cert/CommandProcessorCheck.h:19
@@ +18,3 @@
+
+/// Execution of a command processor is can lead to security vulnerabilities,
+/// and is generally not required. Instead, prefer to launch executables
----------------
sbenza wrote:
> typo: is can
Good catch.


http://reviews.llvm.org/D17447



_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

Re: [PATCH] D17447: Add check for CERT ENV33-C

Reply via email to