Re: [PATCH] D17447: Add check for CERT ENV33-C

Samuel Benzaquen via cfe-commits Fri, 19 Feb 2016 07:57:49 -0800

sbenza added inline comments.

================
Comment at: clang-tidy/cert/CommandProcessorCheck.cpp:22
@@ +21,3 @@
+  Finder->addMatcher(
+      callExpr(callee(functionDecl(anyOf(hasName("system"), hasName("popen"),
+                                         hasName("_popen")))
----------------
Should we check that it is calling ::system and not any function called system?


================
Comment at: clang-tidy/cert/CommandProcessorCheck.h:19
@@ +18,3 @@
+
+/// Execution of a command processor is can lead to security vulnerabilities,
+/// and is generally not required. Instead, prefer to launch executables
----------------
typo: is can


http://reviews.llvm.org/D17447



_______________________________________________
cfe-commits mailing list
cfe-commits@lists.llvm.org
http://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits

Re: [PATCH] D17447: Add check for CERT ENV33-C

Reply via email to