https://github.com/zeyi2 created https://github.com/llvm/llvm-project/pull/160275
Moves `cert-env33-c` check into `bugprone` module and gives it a clearer name: `bugprone-command-processor` This is part of the cleanup described in https://github.com/llvm/llvm-project/issues/157287. Closes https://github.com/llvm/llvm-project/issues/157288 >From 089dd8ce24076dc805791084052235c653d6a56e Mon Sep 17 00:00:00 2001 From: mtx <[email protected]> Date: Tue, 23 Sep 2025 18:59:44 +0800 Subject: [PATCH] [clang-tidy] Rename `cert-env33-c` to `bugprone-command-processor` --- .../clang-tidy/bugprone/BugproneTidyModule.cpp | 3 +++ .../clang-tidy/bugprone/CMakeLists.txt | 1 + .../{cert => bugprone}/CommandProcessorCheck.cpp | 4 ++-- .../{cert => bugprone}/CommandProcessorCheck.h | 12 ++++++------ .../clang-tidy/cert/CERTTidyModule.cpp | 5 +++-- clang-tools-extra/clang-tidy/cert/CMakeLists.txt | 1 - clang-tools-extra/docs/ReleaseNotes.rst | 5 +++++ .../checks/bugprone/command-processor.rst | 16 ++++++++++++++++ .../docs/clang-tidy/checks/cert/env33-c.rst | 7 +++---- .../docs/clang-tidy/checks/list.rst | 3 ++- .../env33-c.c => bugprone/command-processor.c} | 4 ++-- 11 files changed, 43 insertions(+), 18 deletions(-) rename clang-tools-extra/clang-tidy/{cert => bugprone}/CommandProcessorCheck.cpp (95%) rename clang-tools-extra/clang-tidy/{cert => bugprone}/CommandProcessorCheck.h (72%) create mode 100644 clang-tools-extra/docs/clang-tidy/checks/bugprone/command-processor.rst rename clang-tools-extra/test/clang-tidy/checkers/{cert/env33-c.c => bugprone/command-processor.c} (83%) diff --git a/clang-tools-extra/clang-tidy/bugprone/BugproneTidyModule.cpp b/clang-tools-extra/clang-tidy/bugprone/BugproneTidyModule.cpp index 8baa8f6b35d4c..e6115f67656bc 100644 --- a/clang-tools-extra/clang-tidy/bugprone/BugproneTidyModule.cpp +++ b/clang-tools-extra/clang-tidy/bugprone/BugproneTidyModule.cpp @@ -19,6 +19,7 @@ #include "CapturingThisInMemberVariableCheck.h" #include "CastingThroughVoidCheck.h" #include "ChainedComparisonCheck.h" +#include "CommandProcessorCheck.h" #include "ComparePointerToMemberVirtualFunctionCheck.h" #include "CopyConstructorInitCheck.h" #include "CrtpConstructorAccessibilityCheck.h" @@ -130,6 +131,8 @@ class BugproneModule : public ClangTidyModule { "bugprone-casting-through-void"); CheckFactories.registerCheck<ChainedComparisonCheck>( "bugprone-chained-comparison"); + CheckFactories.registerCheck<CommandProcessorCheck>( + "bugprone-command-processor"); CheckFactories.registerCheck<ComparePointerToMemberVirtualFunctionCheck>( "bugprone-compare-pointer-to-member-virtual-function"); CheckFactories.registerCheck<CopyConstructorInitCheck>( diff --git a/clang-tools-extra/clang-tidy/bugprone/CMakeLists.txt b/clang-tools-extra/clang-tidy/bugprone/CMakeLists.txt index b0dbe84a16cd4..c8943e5b22ef8 100644 --- a/clang-tools-extra/clang-tidy/bugprone/CMakeLists.txt +++ b/clang-tools-extra/clang-tidy/bugprone/CMakeLists.txt @@ -15,6 +15,7 @@ add_clang_library(clangTidyBugproneModule STATIC CapturingThisInMemberVariableCheck.cpp CastingThroughVoidCheck.cpp ChainedComparisonCheck.cpp + CommandProcessorCheck.cpp ComparePointerToMemberVirtualFunctionCheck.cpp CopyConstructorInitCheck.cpp CrtpConstructorAccessibilityCheck.cpp diff --git a/clang-tools-extra/clang-tidy/cert/CommandProcessorCheck.cpp b/clang-tools-extra/clang-tidy/bugprone/CommandProcessorCheck.cpp similarity index 95% rename from clang-tools-extra/clang-tidy/cert/CommandProcessorCheck.cpp rename to clang-tools-extra/clang-tidy/bugprone/CommandProcessorCheck.cpp index d87396f5189b1..a09c1a931cdb5 100644 --- a/clang-tools-extra/clang-tidy/cert/CommandProcessorCheck.cpp +++ b/clang-tools-extra/clang-tidy/bugprone/CommandProcessorCheck.cpp @@ -11,7 +11,7 @@ using namespace clang::ast_matchers; -namespace clang::tidy::cert { +namespace clang::tidy::bugprone { void CommandProcessorCheck::registerMatchers(MatchFinder *Finder) { Finder->addMatcher( @@ -35,4 +35,4 @@ void CommandProcessorCheck::check(const MatchFinder::MatchResult &Result) { diag(E->getExprLoc(), "calling %0 uses a command processor") << Fn; } -} // namespace clang::tidy::cert +} // namespace clang::tidy::bugprone diff --git a/clang-tools-extra/clang-tidy/cert/CommandProcessorCheck.h b/clang-tools-extra/clang-tidy/bugprone/CommandProcessorCheck.h similarity index 72% rename from clang-tools-extra/clang-tidy/cert/CommandProcessorCheck.h rename to clang-tools-extra/clang-tidy/bugprone/CommandProcessorCheck.h index c2f8b39faaab1..49d28a11c5d7d 100644 --- a/clang-tools-extra/clang-tidy/cert/CommandProcessorCheck.h +++ b/clang-tools-extra/clang-tidy/bugprone/CommandProcessorCheck.h @@ -6,12 +6,12 @@ // //===----------------------------------------------------------------------===// -#ifndef LLVM_CLANG_TOOLS_EXTRA_CLANG_TIDY_CERT_COMMAND_PROCESSOR_CHECK_H -#define LLVM_CLANG_TOOLS_EXTRA_CLANG_TIDY_CERT_COMMAND_PROCESSOR_CHECK_H +#ifndef LLVM_CLANG_TOOLS_EXTRA_CLANG_TIDY_BUGPRONE_COMMAND_PROCESSOR_CHECK_H +#define LLVM_CLANG_TOOLS_EXTRA_CLANG_TIDY_BUGPRONE_COMMAND_PROCESSOR_CHECK_H #include "../ClangTidyCheck.h" -namespace clang::tidy::cert { +namespace clang::tidy::bugprone { /// Execution of a command processor can lead to security vulnerabilities, /// and is generally not required. Instead, prefer to launch executables @@ -19,7 +19,7 @@ namespace clang::tidy::cert { /// actually launched. /// /// For the user-facing documentation see: -/// https://clang.llvm.org/extra/clang-tidy/checks/cert/env33-c.html +/// https://clang.llvm.org/extra/clang-tidy/checks/bugprone/command-processor.html class CommandProcessorCheck : public ClangTidyCheck { public: CommandProcessorCheck(StringRef Name, ClangTidyContext *Context) @@ -28,6 +28,6 @@ class CommandProcessorCheck : public ClangTidyCheck { void check(const ast_matchers::MatchFinder::MatchResult &Result) override; }; -} // namespace clang::tidy::cert +} // namespace clang::tidy::bugprone -#endif // LLVM_CLANG_TOOLS_EXTRA_CLANG_TIDY_CERT_COMMAND_PROCESSOR_CHECK_H +#endif // LLVM_CLANG_TOOLS_EXTRA_CLANG_TIDY_BUGPRONE_COMMAND_PROCESSOR_CHECK_H diff --git a/clang-tools-extra/clang-tidy/cert/CERTTidyModule.cpp b/clang-tools-extra/clang-tidy/cert/CERTTidyModule.cpp index 9ba62219afee9..c1ca2cec7a1eb 100644 --- a/clang-tools-extra/clang-tidy/cert/CERTTidyModule.cpp +++ b/clang-tools-extra/clang-tidy/cert/CERTTidyModule.cpp @@ -10,6 +10,7 @@ #include "../ClangTidyModule.h" #include "../ClangTidyModuleRegistry.h" #include "../bugprone/BadSignalToKillThreadCheck.h" +#include "../bugprone/CommandProcessorCheck.h" #include "../bugprone/PointerArithmeticOnPolymorphicObjectCheck.h" #include "../bugprone/ReservedIdentifierCheck.h" #include "../bugprone/SignalHandlerCheck.h" @@ -33,7 +34,6 @@ #include "../performance/MoveConstructorInitCheck.h" #include "../readability/EnumInitialValueCheck.h" #include "../readability/UppercaseLiteralSuffixCheck.h" -#include "CommandProcessorCheck.h" #include "DefaultOperatorNewAlignmentCheck.h" #include "DontModifyStdNamespaceCheck.h" #include "FloatLoopCounter.h" @@ -296,7 +296,8 @@ class CERTModule : public ClangTidyModule { CheckFactories.registerCheck<bugprone::ReservedIdentifierCheck>( "cert-dcl37-c"); // ENV - CheckFactories.registerCheck<CommandProcessorCheck>("cert-env33-c"); + CheckFactories.registerCheck<bugprone::CommandProcessorCheck>( + "cert-env33-c"); // ERR CheckFactories.registerCheck<bugprone::UnusedReturnValueCheck>( "cert-err33-c"); diff --git a/clang-tools-extra/clang-tidy/cert/CMakeLists.txt b/clang-tools-extra/clang-tidy/cert/CMakeLists.txt index 4933763f03fb5..453d1d30921e9 100644 --- a/clang-tools-extra/clang-tidy/cert/CMakeLists.txt +++ b/clang-tools-extra/clang-tidy/cert/CMakeLists.txt @@ -5,7 +5,6 @@ set(LLVM_LINK_COMPONENTS add_clang_library(clangTidyCERTModule STATIC CERTTidyModule.cpp - CommandProcessorCheck.cpp DefaultOperatorNewAlignmentCheck.cpp DontModifyStdNamespaceCheck.cpp FloatLoopCounter.cpp diff --git a/clang-tools-extra/docs/ReleaseNotes.rst b/clang-tools-extra/docs/ReleaseNotes.rst index bc916396a14ca..5d4fd6e997267 100644 --- a/clang-tools-extra/docs/ReleaseNotes.rst +++ b/clang-tools-extra/docs/ReleaseNotes.rst @@ -211,6 +211,11 @@ New check aliases <clang-tidy/checks/modernize/avoid-variadic-functions>` keeping initial check as an alias to the new one. +- Renamed :doc:`cert-env33-c <clang-tidy/checks/cert/env33-c>` to + :doc:`bugprone-command-processor + <clang-tidy/checks/bugprone/command-processor>` + keeping initial check as an alias to the new one. + - Renamed :doc:`cert-err34-c <clang-tidy/checks/cert/err34-c>` to :doc:`bugprone-unchecked-string-to-number-conversion <clang-tidy/checks/bugprone/unchecked-string-to-number-conversion>` diff --git a/clang-tools-extra/docs/clang-tidy/checks/bugprone/command-processor.rst b/clang-tools-extra/docs/clang-tidy/checks/bugprone/command-processor.rst new file mode 100644 index 0000000000000..cbffe7dddae04 --- /dev/null +++ b/clang-tools-extra/docs/clang-tidy/checks/bugprone/command-processor.rst @@ -0,0 +1,16 @@ +.. title:: clang-tidy - bugprone-command-processor + +bugprone-command-processor +========================== + +Flags calls to ``system()``, ``popen()``, and ``_popen()``, which +execute a command processor. It does not flag calls to ``system()`` with a null +pointer argument, as such a call checks for the presence of a command processor +but does not actually attempt to execute a command. + +References +---------- + +This check corresponds to the CERT C Coding Standard rule +`ENV33-C. Do not call system() +<https://www.securecoding.cert.org/confluence/display/c/ENV33-C.+Do+not+call+system()>`_. diff --git a/clang-tools-extra/docs/clang-tidy/checks/cert/env33-c.rst b/clang-tools-extra/docs/clang-tidy/checks/cert/env33-c.rst index 9271c9ecccc00..751bccfaee8f2 100644 --- a/clang-tools-extra/docs/clang-tidy/checks/cert/env33-c.rst +++ b/clang-tools-extra/docs/clang-tidy/checks/cert/env33-c.rst @@ -3,10 +3,9 @@ cert-env33-c ============ -This check flags calls to ``system()``, ``popen()``, and ``_popen()``, which -execute a command processor. It does not flag calls to ``system()`` with a null -pointer argument, as such a call checks for the presence of a command processor -but does not actually attempt to execute a command. +The `cert-env33-c` check is an alias, please see +`bugprone-command-processor <../bugprone/command-processor.html>`_ +for more information. This check corresponds to the CERT C Coding Standard rule `ENV33-C. Do not call system() diff --git a/clang-tools-extra/docs/clang-tidy/checks/list.rst b/clang-tools-extra/docs/clang-tidy/checks/list.rst index 472d509101cdb..e705958f9033f 100644 --- a/clang-tools-extra/docs/clang-tidy/checks/list.rst +++ b/clang-tools-extra/docs/clang-tidy/checks/list.rst @@ -87,6 +87,7 @@ Clang-Tidy Checks :doc:`bugprone-capturing-this-in-member-variable <bugprone/capturing-this-in-member-variable>`, :doc:`bugprone-casting-through-void <bugprone/casting-through-void>`, :doc:`bugprone-chained-comparison <bugprone/chained-comparison>`, + :doc:`bugprone-command-processor <bugprone/command-processor>`, :doc:`bugprone-compare-pointer-to-member-virtual-function <bugprone/compare-pointer-to-member-virtual-function>`, :doc:`bugprone-copy-constructor-init <bugprone/copy-constructor-init>`, "Yes" :doc:`bugprone-crtp-constructor-accessibility <bugprone/crtp-constructor-accessibility>`, "Yes" @@ -173,7 +174,6 @@ Clang-Tidy Checks :doc:`bugprone-use-after-move <bugprone/use-after-move>`, :doc:`bugprone-virtual-near-miss <bugprone/virtual-near-miss>`, "Yes" :doc:`cert-dcl58-cpp <cert/dcl58-cpp>`, - :doc:`cert-env33-c <cert/env33-c>`, :doc:`cert-err33-c <cert/err33-c>`, :doc:`cert-err60-cpp <cert/err60-cpp>`, :doc:`cert-flp30-c <cert/flp30-c>`, @@ -440,6 +440,7 @@ Check aliases :doc:`cert-dcl54-cpp <cert/dcl54-cpp>`, :doc:`misc-new-delete-overloads <misc/new-delete-overloads>`, :doc:`cert-dcl59-cpp <cert/dcl59-cpp>`, :doc:`google-build-namespaces <google/build-namespaces>`, :doc:`cert-err09-cpp <cert/err09-cpp>`, :doc:`misc-throw-by-value-catch-by-reference <misc/throw-by-value-catch-by-reference>`, + :doc:`cert-env33-c <cert/env33-c>`, :doc:`bugprone-command-processor <bugprone/command-processor>`, :doc:`cert-err34-c <cert/err34-c>`, :doc:`bugprone-unchecked-string-to-number-conversion <bugprone/unchecked-string-to-number-conversion>`, :doc:`cert-err52-cpp <cert/err52-cpp>`, :doc:`modernize-avoid-setjmp-longjmp <modernize/avoid-setjmp-longjmp>`, :doc:`cert-err58-cpp <cert/err58-cpp>`, :doc:`bugprone-throwing-static-initialization <bugprone/throwing-static-initialization>`, diff --git a/clang-tools-extra/test/clang-tidy/checkers/cert/env33-c.c b/clang-tools-extra/test/clang-tidy/checkers/bugprone/command-processor.c similarity index 83% rename from clang-tools-extra/test/clang-tidy/checkers/cert/env33-c.c rename to clang-tools-extra/test/clang-tidy/checkers/bugprone/command-processor.c index 5846b496242c5..e592b57c9fb29 100644 --- a/clang-tools-extra/test/clang-tidy/checkers/cert/env33-c.c +++ b/clang-tools-extra/test/clang-tidy/checkers/bugprone/command-processor.c @@ -1,4 +1,4 @@ -// RUN: %check_clang_tidy %s cert-env33-c %t +// RUN: %check_clang_tidy %s bugprone-command-processor %t typedef struct FILE {} FILE; @@ -11,7 +11,7 @@ void f(void) { system(0); system("test"); - // CHECK-MESSAGES: :[[@LINE-1]]:3: warning: calling 'system' uses a command processor [cert-env33-c] + // CHECK-MESSAGES: :[[@LINE-1]]:3: warning: calling 'system' uses a command processor [bugprone-command-processor] popen("test", "test"); // CHECK-MESSAGES: :[[@LINE-1]]:3: warning: calling 'popen' uses a command processor _______________________________________________ cfe-commits mailing list [email protected] https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
