boga95 marked an inline comment as done. boga95 added a comment. In D71524#2291925 <https://reviews.llvm.org/D71524#2291925>, @steakhal wrote:
> In D71524#2284386 <https://reviews.llvm.org/D71524#2284386>, @Szelethus wrote: > >> I figured you're still working on this, sorry! I'd really like to chat about >> my earlier comment D71524#1917251 <https://reviews.llvm.org/D71524#1917251>, >> as it kind of challenges the high level idea. > > What about marking the `std::cin` object itself as tainted and any object > created by `ifstream::ifstream(const char*)` or similar functions. > Then propagate taint via the extraction operator (`operator>>`) only if the > stream was tainted. > This way we could reduce the false-positives of this crude heuristic. What do > you think? As far as I remember I tried to make `std::cin` tainted, but it was complicated. I run the checker against many projects and there wasn't any false positive related to this heuristic. We can restrict the `operator>>` to `std::basic_stream` and cover only the standard library. I think most of the programmers will use this in a conventional way, therefore it should work for their implementation too. CHANGES SINCE LAST ACTION https://reviews.llvm.org/D71524/new/ https://reviews.llvm.org/D71524 _______________________________________________ cfe-commits mailing list cfe-commits@lists.llvm.org https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits