[clang] [clang][analyzer] Add taintedness to argv (PR #178054)

Donát Nagy via cfe-commits Tue, 27 Jan 2026 05:49:56 -0800

================
@@ -827,8 +831,40 @@ void GenericTaintChecker::initTaintRules(CheckerContext 
&C) const {
                             std::make_move_iterator(Rules.end()));
 }
 
+// The incoming parameters of the main function get tainted
+// if the program called in an untrusted environment.
+void GenericTaintChecker::checkBeginFunction(CheckerContext &C) const {
+  if (!C.inTopFrame() || C.getAnalysisManager()
+                             .getAnalyzerOptions()
+                             .ShouldAssumeControlledEnvironment)
+    return;
+
+  const auto *FD = dyn_cast<FunctionDecl>(C.getLocationContext()->getDecl());
+  if (!FD || !FD->isMain() || FD->param_size() < 2)
----------------
NagyDonat wrote:


Please add testcases where:
- The `main` function is defined with no argument.
- A function named `main` is defined in a C++ namespace or as a method of a C++ 
class.
I expect that these would pass, but it would be good practice to demonstrate 
this. 

https://github.com/llvm/llvm-project/pull/178054
_______________________________________________
cfe-commits mailing list
[email protected]
https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

[clang] [clang][analyzer] Add taintedness to argv (PR #178054)

Reply via email to