| 1 | //===- TaintManager.h - Managing taint --------------------------*- C++ -*-===// |
|---|---|
| 2 | // |
| 3 | // Part of the LLVM Project, under the Apache License v2.0 with LLVM Exceptions. |
| 4 | // See https://llvm.org/LICENSE.txt for license information. |
| 5 | // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception |
| 6 | // |
| 7 | //===----------------------------------------------------------------------===// |
| 8 | // |
| 9 | // This file provides APIs for adding, removing, querying symbol taint. |
| 10 | // |
| 11 | //===----------------------------------------------------------------------===// |
| 12 | |
| 13 | #ifndef LLVM_CLANG_STATICANALYZER_CORE_PATHSENSITIVE_TAINTMANAGER_H |
| 14 | #define LLVM_CLANG_STATICANALYZER_CORE_PATHSENSITIVE_TAINTMANAGER_H |
| 15 | |
| 16 | #include "clang/StaticAnalyzer/Core/PathSensitive/ProgramState.h" |
| 17 | #include "clang/StaticAnalyzer/Core/PathSensitive/ProgramStateTrait.h" |
| 18 | #include "clang/StaticAnalyzer/Core/PathSensitive/SymExpr.h" |
| 19 | #include "clang/StaticAnalyzer/Core/PathSensitive/TaintTag.h" |
| 20 | #include "llvm/ADT/ImmutableMap.h" |
| 21 | |
| 22 | namespace clang { |
| 23 | namespace ento { |
| 24 | |
| 25 | /// The GDM component containing the tainted root symbols. We lazily infer the |
| 26 | /// taint of the dependent symbols. Currently, this is a map from a symbol to |
| 27 | /// tag kind. TODO: Should support multiple tag kinds. |
| 28 | // FIXME: This does not use the nice trait macros because it must be accessible |
| 29 | // from multiple translation units. |
| 30 | struct TaintMap {}; |
| 31 | |
| 32 | using TaintMapImpl = llvm::ImmutableMap<SymbolRef, TaintTagType>; |
| 33 | |
| 34 | template<> struct ProgramStateTrait<TaintMap> |
| 35 | : public ProgramStatePartialTrait<TaintMapImpl> { |
| 36 | static void *GDMIndex(); |
| 37 | }; |
| 38 | |
| 39 | /// The GDM component mapping derived symbols' parent symbols to their |
| 40 | /// underlying regions. This is used to efficiently check whether a symbol is |
| 41 | /// tainted when it represents a sub-region of a tainted symbol. |
| 42 | struct DerivedSymTaint {}; |
| 43 | |
| 44 | using DerivedSymTaintImpl = llvm::ImmutableMap<SymbolRef, TaintedSubRegions>; |
| 45 | |
| 46 | template<> struct ProgramStateTrait<DerivedSymTaint> |
| 47 | : public ProgramStatePartialTrait<DerivedSymTaintImpl> { |
| 48 | static void *GDMIndex(); |
| 49 | }; |
| 50 | |
| 51 | class TaintManager { |
| 52 | TaintManager() = default; |
| 53 | }; |
| 54 | |
| 55 | } // namespace ento |
| 56 | } // namespace clang |
| 57 | |
| 58 | #endif // LLVM_CLANG_STATICANALYZER_CORE_PATHSENSITIVE_TAINTMANAGER_H |
| 59 |