Tweak insecureAPI analyzer checks to have the ability to be individually disabled.

The solution is a bit inefficient: it creates N checkers, one for each check, and
each check does a dispatch on the function name.  This is redundant, but we can fix
this once we have the proper ability to enable/disable subchecks.

Fixes <rdar://problem/11780180>.

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@159459 91177308-0d34-0410-b5e6-96231b3b80d8

diff --git a/lib/StaticAnalyzer/Checkers/CheckSecuritySyntaxOnly.cpp b/lib/StaticAnalyzer/Checkers/CheckSecuritySyntaxOnly.cpp
index dde90713ce18241da3c16cfce25eec70ae8fdb34..053b83f894dc542d97e6ab4ef056eda98feca74a 100644 (file)
--- a/lib/StaticAnalyzer/Checkers/CheckSecuritySyntaxOnly.cpp
+++ b/lib/StaticAnalyzer/Checkers/CheckSecuritySyntaxOnly.cpp
@@ -379,13 +379,6 @@ void WalkAST::checkCall_getpw(const CallExpr *CE, const FunctionDecl *FD) {
 //===----------------------------------------------------------------------===//
 
 void WalkAST::checkCall_mktemp(const CallExpr *CE, const FunctionDecl *FD) {
-  if (!filter.check_mktemp) {
-    // Fall back to the security check of looking for enough 'X's in the
-    // format string, since that is a less severe warning.
-    checkCall_mkstemp(CE, FD);
-    return;
-  }
-
   const FunctionProtoType *FPT
     = dyn_cast<FunctionProtoType>(FD->getType().IgnoreParens());
   if(!FPT)
@@ -769,8 +762,9 @@ public:
 }
 
 #define REGISTER_CHECKER(name) \
+namespace { class Checker_##name : public SecuritySyntaxChecker {}; }\
 void ento::register##name(CheckerManager &mgr) {\
-  mgr.registerChecker<SecuritySyntaxChecker>()->filter.check_##name = true;\
+  mgr.registerChecker<Checker_##name>()->filter.check_##name = true;\
 }
 
 REGISTER_CHECKER(gets)