[clang] [clang][analyzer] Bring checker alpha.security.MmapWriteExec out of alpha package (PR #102636)

via cfe-commits Fri, 09 Aug 2024 08:59:46 -0700

llvmbot wrote:


<!--LLVM PR SUMMARY COMMENT-->

@llvm/pr-subscribers-clang

Author: Balázs Kéri (balazske)

<details>
<summary>Changes</summary>



---
Full diff: https://github.com/llvm/llvm-project/pull/102636.diff


3 Files Affected:

- (modified) clang/docs/analyzer/checkers.rst (+16-16) 
- (modified) clang/include/clang/StaticAnalyzer/Checkers/Checkers.td (+4-4) 
- (modified) clang/test/Analysis/mmap-writeexec.c (+2-2) 


``````````diff
diff --git a/clang/docs/analyzer/checkers.rst b/clang/docs/analyzer/checkers.rst
index 55832d20bd27a1..b77defe35f9043 100644
--- a/clang/docs/analyzer/checkers.rst
+++ b/clang/docs/analyzer/checkers.rst
@@ -1277,6 +1277,22 @@ security.insecureAPI.DeprecatedOrUnsafeBufferHandling (C)
    strncpy(buf, "a", 1); // warn
  }
 
+.. _security-MmapWriteExec:
+
+security.MmapWriteExec (C)
+""""""""""""""""""""""""""
+Warn on ``mmap()`` calls with both writable and executable access.
+
+.. code-block:: c
+
+ void test(int n) {
+   void *c = mmap(NULL, 32, PROT_READ | PROT_WRITE | PROT_EXEC,
+                  MAP_PRIVATE | MAP_ANON, -1, 0);
+   // warn: Both PROT_WRITE and PROT_EXEC flags are set. This can lead to
+   //       exploitable memory regions, which could be overwritten with 
malicious
+   //       code
+ }
+
 .. _security-putenv-stack-array:
 
 security.PutenvStackArray (C)
@@ -2998,22 +3014,6 @@ Limitations:
  - It is an AST-based checker, thus it does not make use of the
    path-sensitive taint-analysis.
 
-.. _alpha-security-MmapWriteExec:
-
-alpha.security.MmapWriteExec (C)
-""""""""""""""""""""""""""""""""
-Warn on mmap() calls that are both writable and executable.
-
-.. code-block:: c
-
- void test(int n) {
-   void *c = mmap(NULL, 32, PROT_READ | PROT_WRITE | PROT_EXEC,
-                  MAP_PRIVATE | MAP_ANON, -1, 0);
-   // warn: Both PROT_WRITE and PROT_EXEC flags are set. This can lead to
-   //       exploitable memory regions, which could be overwritten with 
malicious
-   //       code
- }
-
 .. _alpha-security-ReturnPtrRange:
 
 alpha.security.ReturnPtrRange (C)
diff --git a/clang/include/clang/StaticAnalyzer/Checkers/Checkers.td 
b/clang/include/clang/StaticAnalyzer/Checkers/Checkers.td
index 38b55a0eb0a7b0..b5ed3e0ba16452 100644
--- a/clang/include/clang/StaticAnalyzer/Checkers/Checkers.td
+++ b/clang/include/clang/StaticAnalyzer/Checkers/Checkers.td
@@ -1000,6 +1000,10 @@ def FloatLoopCounter : Checker<"FloatLoopCounter">,
   Dependencies<[SecuritySyntaxChecker]>,
   Documentation<HasDocumentation>;
 
+def MmapWriteExecChecker : Checker<"MmapWriteExec">,
+  HelpText<"Warn on mmap() calls with both writable and executable access">,
+  Documentation<HasDocumentation>;
+
 def PutenvStackArray : Checker<"PutenvStackArray">,
   HelpText<"Finds calls to the function 'putenv' which pass a pointer to "
            "an automatic (stack-allocated) array as the argument.">,
@@ -1043,10 +1047,6 @@ def MallocOverflowSecurityChecker : 
Checker<"MallocOverflow">,
   HelpText<"Check for overflows in the arguments to malloc()">,
   Documentation<HasDocumentation>;
 
-def MmapWriteExecChecker : Checker<"MmapWriteExec">,
-  HelpText<"Warn on mmap() calls that are both writable and executable">,
-  Documentation<HasDocumentation>;
-
 def ReturnPointerRangeChecker : Checker<"ReturnPtrRange">,
   HelpText<"Check for an out-of-bound pointer being returned to callers">,
   Documentation<HasDocumentation>;
diff --git a/clang/test/Analysis/mmap-writeexec.c 
b/clang/test/Analysis/mmap-writeexec.c
index 579cc75069eec7..bca34d167fbc92 100644
--- a/clang/test/Analysis/mmap-writeexec.c
+++ b/clang/test/Analysis/mmap-writeexec.c
@@ -1,5 +1,5 @@
-// RUN: %clang_analyze_cc1 -triple i686-unknown-linux 
-analyzer-checker=alpha.security.MmapWriteExec 
-DUSE_ALTERNATIVE_PROT_EXEC_DEFINITION -verify %s
-// RUN: %clang_analyze_cc1 -triple x86_64-unknown-apple-darwin10 
-analyzer-checker=alpha.security.MmapWriteExec -verify %s
+// RUN: %clang_analyze_cc1 -triple i686-unknown-linux 
-analyzer-checker=security.MmapWriteExec -DUSE_ALTERNATIVE_PROT_EXEC_DEFINITION 
-verify %s
+// RUN: %clang_analyze_cc1 -triple x86_64-unknown-apple-darwin10 
-analyzer-checker=security.MmapWriteExec -verify %s
 
 #ifndef USE_ALTERNATIVE_PROT_EXEC_DEFINITION
 #define PROT_EXEC   0x01

``````````

</details>


https://github.com/llvm/llvm-project/pull/102636
_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [clang][analyzer] Bring checker alpha.security.MmapWriteExec out of alpha package (PR #102636)

Reply via email to