Google Git
Sign in
llvm / llvm-project / ef49ed4829bc1b111e31a08d70b0ccae66427ebf / . / clang / test / Analysis / setgid-setuid-order-notes.c
blob: 03402413581c6408c82f4172001f0d95124c07fe [file] [log] [blame]
// RUN: %clang_analyze_cc1 -analyzer-checker=core,security.SetgidSetuidOrder -analyzer-output=text -verify %s
typedef int uid_t;
typedef int gid_t;
int setuid(uid_t);
int setgid(gid_t);
uid_t getuid();
gid_t getgid();
void test_note_1() {
if (setuid(getuid()) == -1) // expected-note{{Assuming the condition is false}} \
// expected-note{{Taking false branch}}
return;
if (setuid(getuid()) == -1) // expected-note{{Call to 'setuid' found here that removes superuser privileges}} \
// expected-note{{Assuming the condition is false}} \
// expected-note{{Taking false branch}}
return;
if (setgid(getgid()) == -1) // expected-warning{{A 'setgid(getgid())' call following a 'setuid(getuid())' call is likely to fail}} \
// expected-note{{A 'setgid(getgid())' call following a 'setuid(getuid())' call is likely to fail}}
return;
}
void test_note_2() {
if (setuid(getuid()) == -1) // expected-note{{Call to 'setuid' found here that removes superuser privileges}} \
// expected-note 2 {{Assuming the condition is false}} \
// expected-note 2 {{Taking false branch}}
return;
if (setgid(getgid()) == -1) // expected-warning{{A 'setgid(getgid())' call following a 'setuid(getuid())' call is likely to fail}} \
// expected-note{{A 'setgid(getgid())' call following a 'setuid(getuid())' call is likely to fail}} \
// expected-note{{Assuming the condition is false}} \
// expected-note{{Taking false branch}}
return;
if (setuid(getuid()) == -1) // expected-note{{Call to 'setuid' found here that removes superuser privileges}} \
// expected-note{{Assuming the condition is false}} \
// expected-note{{Taking false branch}}
return;
if (setgid(getgid()) == -1) // expected-warning{{A 'setgid(getgid())' call following a 'setuid(getuid())' call is likely to fail}} \
// expected-note{{A 'setgid(getgid())' call following a 'setuid(getuid())' call is likely to fail}}
return;
}
int f_setuid() {
return setuid(getuid()); // expected-note{{Call to 'setuid' found here that removes superuser privileges}}
}
int f_setgid() {
return setgid(getgid()); // expected-warning{{A 'setgid(getgid())' call following a 'setuid(getuid())' call is likely to fail}} \
// expected-note{{A 'setgid(getgid())' call following a 'setuid(getuid())' call is likely to fail}}
}
void test_note_3() {
if (f_setuid() == -1) // expected-note{{Assuming the condition is false}} \
// expected-note{{Calling 'f_setuid'}} \
// expected-note{{Returning from 'f_setuid'}} \
// expected-note{{Taking false branch}}
return;
if (f_setgid() == -1) // expected-note{{Calling 'f_setgid'}}
return;
}
void test_note_4() {
if (setuid(getuid()) == 0) { // expected-note{{Assuming the condition is true}} \
// expected-note{{Call to 'setuid' found here that removes superuser privileges}} \
// expected-note{{Taking true branch}}
if (setgid(getgid()) == 0) { // expected-warning{{A 'setgid(getgid())' call following a 'setuid(getuid())' call is likely to fail}} \
// expected-note{{A 'setgid(getgid())' call following a 'setuid(getuid())' call is likely to fail}}
}
}
}