cicada/libinjection_test.py

ihacku · Apr 13, 2014 · 7185140 · 7185140
1 parent 9c102bf
commit 7185140
Show file tree

Hide file tree

Showing 3 changed files with 40 additions and 38 deletions.
diff --git a/cicada/libinjection_test.py b/cicada/libinjection_test.py
@@ -548,7 +548,7 @@
     'libinjection-clang-static-analyzer': {
         'listen' : LISTEN,
         'source' : CheckoutGit('https://github.com/client9/libinjection.git', 'libinjection'),
-        'exec'   : ExecuteShell('clang --version && cd libinjection && ./autogen.sh && cd src && ./clang-static-analyzer.sh'),
+        'exec'   : ExecuteShell('cd libjinection && ./run-clang-static-analyzer.sh'),
         'publish': [
             PublishArtifact('console.txt', PUBDIR, 'console.txt', 'console'),
         ]

diff --git a/run-clang-static-analyzer.sh b/run-clang-static-analyzer.sh
@@ -0,0 +1,39 @@
+#!/bin/bash
+clang --version
+
+./autogen.sh
+scan-build ./configure
+cd src
+scan-build --status-bugs \
+    -enable-checker alpha.core.BoolAssignment \
+    -enable-checker alpha.core.CastSize \
+    -enable-checker alpha.core.CastToStruct \
+    -enable-checker alpha.core.FixedAddr \
+    -enable-checker alpha.core.PointerArithm \
+    -enable-checker alpha.core.SizeofPtr \
+    -enable-checker alpha.deadcode.IdempotentOperations \
+    -enable-checker alpha.deadcode.UnreachableCode \
+    -enable-checker alpha.security.ArrayBound \
+    -enable-checker alpha.security.MallocOverflow \
+    -enable-checker alpha.security.ReturnPtrRange \
+    -enable-checker alpha.unix.cstring.BufferOverlap \
+    -enable-checker alpha.unix.cstring.OutOfBounds \
+    -enable-checker security.FloatLoopCounter \
+    -enable-checker security.insecureAPI.rand \
+    make testdriver
+
+# notes 2013-10-24
+
+# do not understand
+# -no-failure-reports
+
+# seems broken or I don't understand it
+# -enable-checker alpha.core.PointerSub
+
+#
+# probably good.. used in testdriver as a hack
+#-enable-checker security.insecureAPI.strcpy
+
+# has problem with "backwards array iteration"
+# used in is_backslash_escaped
+#-enable-checker alpha.security.ArrayBoundV2
diff --git a/src/clang-static-analyzer.sh b/src/clang-static-analyzer.sh