From: Ted Kremenek <kremenek@apple.com>
Date: Wed, 24 Mar 2010 22:39:45 +0000 (+0000)
Subject: Improve static analyzer diagnostic concerning the use of 'mktemp'
X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=431a2cb703af68b4c2cc2b6df08999fce7b0b689;p=clang

Improve static analyzer diagnostic concerning the use of 'mktemp'

git-svn-id: https://llvm.org/svn/llvm-project/cfe/trunk@99441 91177308-0d34-0410-b5e6-96231b3b80d8
---

diff --git a/lib/Checker/CheckSecuritySyntaxOnly.cpp b/lib/Checker/CheckSecuritySyntaxOnly.cpp
index 923baf50f3..98a739b07d 100644
--- a/lib/Checker/CheckSecuritySyntaxOnly.cpp
+++ b/lib/Checker/CheckSecuritySyntaxOnly.cpp
@@ -328,17 +328,16 @@ void WalkAST::CheckCall_mktemp(const CallExpr *CE, const FunctionDecl *FD) {
   // Verify that the argument is a 'char*'.
   if (PT->getPointeeType().getUnqualifiedType() != BR.getContext().CharTy)
     return;
-  
+
   // Issue a waring.
   SourceRange R = CE->getCallee()->getSourceRange();
   BR.EmitBasicReport("Potential insecure temporary file in call 'mktemp'",
 		     "Security",
 		     "Call to function 'mktemp' is insecure as it always "
-		     "creates or uses insecure temporary file",
+		     "creates or uses insecure temporary file.  Use 'mkstemp' instead",
 		     CE->getLocStart(), &R, 1);
 }
 
-
 //===----------------------------------------------------------------------===//
 // Check: Linear congruent random number generators should not be used
 // Originally: <rdar://problem/63371000>