Summary:
A common source of security bugs is code that opens a file descriptors without using the O_CLOEXEC flag. (Without that flag, an opened sensitive file would remain open across a fork+exec to a lower-privileged SELinux domain, leaking that sensitive data.).
Add a new Android module and one checks in clang-tidy.
-- open(), openat(), and open64() should include O_CLOEXEC in their flags argument. [android-file-open-flag]
Links to part2 and part3:
https://reviews.llvm.org/D33745https://reviews.llvm.org/D33747
Reviewers: chh, alexfh, aaron.ballman, hokein
Reviewed By: alexfh, hokein
Subscribers: jbcoe, joerg, malcolm.parsons, Eugene.Zelenko, srhines, mgorny, xazax.hun, cfe-commits, krytarowski
Tags: #clang-tools-extra
Differential Revision: https://reviews.llvm.org/D33304
llvm-svn: 306165
Summary:
The documentation assumed expertise with FileCheck; many clang-tidy check
authors may not have significant exposure to FileCheck, and so it's worth
spending a few more words here to spell things out.
Reviewers: alexfh
Subscribers: cfe-commits, JDevlieghere
Differential Revision: https://reviews.llvm.org/D28189
llvm-svn: 290838
Summary: I came across an outstanding FIXME to make the format style customizable. Inspired by the include fixer, I added an new option `-style` to configure the fallback style in case no clang-format configuration file is found. The default remains "llvm".
Reviewers: Prazek, aaron.ballman, hokein, alexfh
Subscribers: cfe-commits, malcolm.parsons
Tags: #clang-tools-extra
Differential Revision: https://reviews.llvm.org/D27142
llvm-svn: 288258
Use table to avoid tautology. List all existing checks groups. Use alphabetical order.
Differential revision: https://reviews.llvm.org/D23471
llvm-svn: 278686
Summary: We have 2 scripts add_new_check.py and rename_check.py to bootstrap a new check creation. There is also clang-query to aid with the matcher creation. These were not mentioned in the current document, add them so it's available to the masses.
Reviewers: alexfh
Patch by Deniz Türkoglu!
Differential Revision: http://reviews.llvm.org/D16944
llvm-svn: 260098
Similar in format to the `-checks=` argument, this new `-warnings-as-errors=`
argument upgrades any warnings emitted by the former to errors.
http://reviews.llvm.org/D15528
llvm-svn: 257642
The doc files for checks have been generated from the corresponding header files
using the docs/clang-tidy/tools/dump_check_docs.py script. Committing the script
as well, but the intention is to move all the user-facing docs from header files
to the rST files and add links to .h files appropriately.
llvm-svn: 246173
Yan Wang