Author: Daniel Krupp Date: 2026-01-30T19:54:28+01:00 New Revision: 042c839873c7f67c1fc1eace4b34d4953b16b3a0
URL: https://github.com/llvm/llvm-project/commit/042c839873c7f67c1fc1eace4b34d4953b16b3a0 DIFF: https://github.com/llvm/llvm-project/commit/042c839873c7f67c1fc1eace4b34d4953b16b3a0.diff LOG: [clang][analyzer]Add TaintPropagation:EnableDefaultConfig config parameter (#176185) The new optin.taint.TaintPropagation:EnableDefaultConfig checker configuration parameter makes it possible for the users to disable the built-in taint configuration and use a full custom configuration instead. Added: Modified: clang/docs/analyzer/checkers.rst clang/include/clang/StaticAnalyzer/Checkers/Checkers.td clang/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp clang/test/Analysis/analyzer-config.c Removed: ################################################################################ diff --git a/clang/docs/analyzer/checkers.rst b/clang/docs/analyzer/checkers.rst index f6c37656c9fe2..499b78895392b 100644 --- a/clang/docs/analyzer/checkers.rst +++ b/clang/docs/analyzer/checkers.rst @@ -1413,8 +1413,12 @@ For a more detailed description of configuration options, please see the **Configuration** -* `Config` Specifies the name of the YAML configuration file. The user can - define their own taint sources and sinks. +* ``optin.taint.TaintPropagation:Config`` Specifies the name of the YAML + configuration file. The user can define their own taint sources and sinks. +* ``optin.taint.TaintPropagation:EnableDefaultConfig`` If set to false, + the default source, sink and propagation rules are not loaded. This way, + advanced users can fully customize their taint configuration model. + Default: ``true``. **Related Guidelines** diff --git a/clang/include/clang/StaticAnalyzer/Checkers/Checkers.td b/clang/include/clang/StaticAnalyzer/Checkers/Checkers.td index 6a409944849e6..3af694ceda1e3 100644 --- a/clang/include/clang/StaticAnalyzer/Checkers/Checkers.td +++ b/clang/include/clang/StaticAnalyzer/Checkers/Checkers.td @@ -1634,6 +1634,14 @@ def TaintPropagationChecker : Checker<"TaintPropagation">, // Modelling checker "Config", "Specifies the name of the configuration file.", "", + Released>, + CmdLineOption<Boolean, + "EnableDefaultConfig", + "If set to false, the default source, " + "sink and propagation rules are not loaded." + "This way, advanced users can fully customize " + "their taint configuration model.", + "true", Released> ]>, Documentation<NotDocumented>, diff --git a/clang/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp b/clang/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp index bea8f3f13ba21..6637d044a98af 100644 --- a/clang/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp +++ b/clang/lib/StaticAnalyzer/Checkers/GenericTaintChecker.cpp @@ -801,14 +801,16 @@ void GenericTaintChecker::initTaintRules(CheckerContext &C) const { GlobalCRules.push_back( {{CDM::CLibrary, {"getenv"}}, TR::Source({{ReturnValueIndex}})}); } + CheckerManager *Mgr = C.getAnalysisManager().getCheckerManager(); - StaticTaintRules.emplace(std::make_move_iterator(GlobalCRules.begin()), - std::make_move_iterator(GlobalCRules.end())); + StaticTaintRules = RuleLookupTy{}; + if (Mgr->getAnalyzerOptions().getCheckerBooleanOption(this, + "EnableDefaultConfig")) + StaticTaintRules.emplace(std::make_move_iterator(GlobalCRules.begin()), + std::make_move_iterator(GlobalCRules.end())); // User-provided taint configuration. - CheckerManager *Mgr = C.getAnalysisManager().getCheckerManager(); - assert(Mgr); - GenericTaintRuleParser ConfigParser{*Mgr}; + const GenericTaintRuleParser ConfigParser{*Mgr}; std::string Option{"Config"}; StringRef ConfigFile = Mgr->getAnalyzerOptions().getCheckerStringOption(this, Option); diff --git a/clang/test/Analysis/analyzer-config.c b/clang/test/Analysis/analyzer-config.c index 96b0c12821746..04dc8c24421bc 100644 --- a/clang/test/Analysis/analyzer-config.c +++ b/clang/test/Analysis/analyzer-config.c @@ -114,6 +114,7 @@ // CHECK-NEXT: optin.osx.cocoa.localizability.NonLocalizedStringChecker:AggressiveReport = false // CHECK-NEXT: optin.performance.Padding:AllowedPad = 24 // CHECK-NEXT: optin.taint.TaintPropagation:Config = "" +// CHECK-NEXT: optin.taint.TaintPropagation:EnableDefaultConfig = true // CHECK-NEXT: osx.NumberObjectConversion:Pedantic = false // CHECK-NEXT: osx.cocoa.RetainCount:TrackNSCFStartParam = false // CHECK-NEXT: prune-paths = true _______________________________________________ cfe-commits mailing list [email protected] https://lists.llvm.org/cgi-bin/mailman/listinfo/cfe-commits
