Přemysl Eric Janouch
4bb9449e47
Adjust its query so that it doesn't cause a particular false positive.
23 lines
765 B
Bash
Executable File
23 lines
765 B
Bash
Executable File
#!/bin/sh
|
|
# We don't use printf's percent notation with our custom logging mechanism,
|
|
# so the compiler cannot check it for us like it usually does.
|
|
#
|
|
# In clang-query terms, the string we're interested in can be found through:
|
|
# set traversal IgnoreUnlessSpelledInSource
|
|
# set output dump
|
|
# match callExpr(callee(functionDecl(
|
|
# hasName("log_full"))),
|
|
# hasArgument(5, stringLiteral().bind("format")))
|
|
# However, the tool is too restricted to be useful in a shell script.
|
|
perl -n0777 - "$(dirname "$0")"/xC.c <<-'END'
|
|
while (/\blog_[^ ]+\s*\([^"()]*"[^"]*%\w[^"]*"/gm) {
|
|
my ($p, $m) = ($`, $&);
|
|
printf "$ARGV:%d: suspicious log format string: %s...\n",
|
|
(1 + $p =~ tr/\n//), ($m =~ s/\s+/ /rg);
|
|
$status = 1;
|
|
}
|
|
END {
|
|
exit $status;
|
|
}
|
|
END
|