2017-08-08 19:48:53 +03:00
|
|
|
/* This Source Code Form is subject to the terms of the Mozilla Public
|
|
|
|
* License, v. 2.0. If a copy of the MPL was not distributed with this
|
|
|
|
* file, You can obtain one at http://mozilla.org/MPL/2.0/. */
|
|
|
|
|
|
|
|
#include "CanRunScriptChecker.h"
|
|
|
|
#include "CustomMatchers.h"
|
|
|
|
|
2017-10-20 20:11:50 +03:00
|
|
|
void CanRunScriptChecker::registerMatchers(MatchFinder *AstMatcher) {
|
2018-03-09 19:51:59 +03:00
|
|
|
auto Refcounted = qualType(hasDeclaration(cxxRecordDecl(isRefCounted())));
|
2017-08-08 19:48:53 +03:00
|
|
|
auto InvalidArg =
|
|
|
|
// We want to find any expression,
|
|
|
|
ignoreTrivials(expr(
|
|
|
|
// which has a refcounted pointer type,
|
2018-03-09 19:51:59 +03:00
|
|
|
anyOf(
|
|
|
|
hasType(Refcounted),
|
|
|
|
hasType(pointsTo(Refcounted)),
|
|
|
|
hasType(references(Refcounted))
|
|
|
|
),
|
2017-08-08 19:48:53 +03:00
|
|
|
// and which is not this,
|
|
|
|
unless(cxxThisExpr()),
|
|
|
|
// and which is not a method call on a smart ptr,
|
|
|
|
unless(cxxMemberCallExpr(on(hasType(isSmartPtrToRefCounted())))),
|
2018-03-09 19:51:59 +03:00
|
|
|
// and which is not calling operator* on a smart ptr.
|
|
|
|
unless(
|
|
|
|
allOf(
|
|
|
|
cxxOperatorCallExpr(hasOverloadedOperatorName("*")),
|
|
|
|
callExpr(allOf(
|
|
|
|
hasAnyArgument(hasType(isSmartPtrToRefCounted())),
|
|
|
|
argumentCountIs(1)
|
|
|
|
))
|
|
|
|
)
|
|
|
|
),
|
2017-08-08 19:48:53 +03:00
|
|
|
// and which is not a parameter of the parent function,
|
|
|
|
unless(declRefExpr(to(parmVarDecl()))),
|
|
|
|
// and which is not a MOZ_KnownLive wrapped value.
|
2017-10-20 20:11:50 +03:00
|
|
|
unless(callExpr(callee(functionDecl(hasName("MOZ_KnownLive"))))),
|
2017-08-08 19:48:53 +03:00
|
|
|
expr().bind("invalidArg")));
|
|
|
|
|
2017-10-20 20:11:50 +03:00
|
|
|
auto OptionalInvalidExplicitArg = anyOf(
|
|
|
|
// We want to find any argument which is invalid.
|
|
|
|
hasAnyArgument(InvalidArg),
|
2017-08-08 19:48:53 +03:00
|
|
|
|
2017-10-20 20:11:50 +03:00
|
|
|
// This makes this matcher optional.
|
|
|
|
anything());
|
2017-08-08 19:48:53 +03:00
|
|
|
|
2018-01-30 00:08:15 +03:00
|
|
|
// Please note that the hasCanRunScriptAnnotation() matchers are not present
|
2017-08-08 19:48:53 +03:00
|
|
|
// directly in the cxxMemberCallExpr, callExpr and constructExpr matchers
|
|
|
|
// because we check that the corresponding functions can run script later in
|
|
|
|
// the checker code.
|
|
|
|
AstMatcher->addMatcher(
|
|
|
|
expr(
|
|
|
|
anyOf(
|
|
|
|
// We want to match a method call expression,
|
|
|
|
cxxMemberCallExpr(
|
|
|
|
// which optionally has an invalid arg,
|
|
|
|
OptionalInvalidExplicitArg,
|
|
|
|
// or which optionally has an invalid implicit this argument,
|
|
|
|
anyOf(
|
|
|
|
// which derefs into an invalid arg,
|
|
|
|
on(cxxOperatorCallExpr(
|
2017-10-20 20:11:50 +03:00
|
|
|
anyOf(hasAnyArgument(InvalidArg), anything()))),
|
2017-08-08 19:48:53 +03:00
|
|
|
// or is an invalid arg.
|
|
|
|
on(InvalidArg),
|
|
|
|
|
|
|
|
anything()),
|
|
|
|
expr().bind("callExpr")),
|
|
|
|
// or a regular call expression,
|
|
|
|
callExpr(
|
|
|
|
// which optionally has an invalid arg.
|
2017-10-20 20:11:50 +03:00
|
|
|
OptionalInvalidExplicitArg, expr().bind("callExpr")),
|
2017-08-08 19:48:53 +03:00
|
|
|
// or a construct expression,
|
|
|
|
cxxConstructExpr(
|
|
|
|
// which optionally has an invalid arg.
|
2017-10-20 20:11:50 +03:00
|
|
|
OptionalInvalidExplicitArg, expr().bind("constructExpr"))),
|
2017-08-08 19:48:53 +03:00
|
|
|
|
|
|
|
anyOf(
|
|
|
|
// We want to match the parent function.
|
|
|
|
forFunction(functionDecl().bind("nonCanRunScriptParentFunction")),
|
|
|
|
|
|
|
|
// ... optionally.
|
|
|
|
anything())),
|
|
|
|
this);
|
|
|
|
}
|
|
|
|
|
|
|
|
void CanRunScriptChecker::onStartOfTranslationUnit() {
|
|
|
|
IsFuncSetBuilt = false;
|
|
|
|
CanRunScriptFuncs.clear();
|
|
|
|
}
|
|
|
|
|
|
|
|
namespace {
|
2017-10-20 20:11:50 +03:00
|
|
|
/// This class is a callback used internally to match function declarations
|
|
|
|
/// with the MOZ_CAN_RUN_SCRIPT annotation, adding these functions and all
|
|
|
|
/// the methods they override to the can-run-script function set.
|
|
|
|
class FuncSetCallback : public MatchFinder::MatchCallback {
|
|
|
|
public:
|
|
|
|
FuncSetCallback(std::unordered_set<const FunctionDecl *> &FuncSet)
|
2017-08-08 19:48:53 +03:00
|
|
|
: CanRunScriptFuncs(FuncSet) {}
|
|
|
|
|
2017-10-20 20:11:50 +03:00
|
|
|
void run(const MatchFinder::MatchResult &Result) override;
|
2017-08-08 19:48:53 +03:00
|
|
|
|
2017-10-20 20:11:50 +03:00
|
|
|
private:
|
|
|
|
/// This method recursively adds all the methods overriden by the given
|
|
|
|
/// paremeter.
|
|
|
|
void addAllOverriddenMethodsRecursively(const CXXMethodDecl *Method);
|
2017-08-08 19:48:53 +03:00
|
|
|
|
2017-10-20 20:11:50 +03:00
|
|
|
std::unordered_set<const FunctionDecl *> &CanRunScriptFuncs;
|
|
|
|
};
|
2017-08-08 19:48:53 +03:00
|
|
|
|
2017-10-20 20:11:50 +03:00
|
|
|
void FuncSetCallback::run(const MatchFinder::MatchResult &Result) {
|
2018-01-30 00:08:15 +03:00
|
|
|
const FunctionDecl *Func;
|
|
|
|
if (auto *Lambda = Result.Nodes.getNodeAs<LambdaExpr>("lambda")) {
|
|
|
|
Func = Lambda->getCallOperator();
|
|
|
|
if (!Func || !hasCustomAnnotation(Func, "moz_can_run_script"))
|
|
|
|
return;
|
|
|
|
} else {
|
|
|
|
Func = Result.Nodes.getNodeAs<FunctionDecl>("canRunScriptFunction");
|
|
|
|
}
|
2017-08-08 19:48:53 +03:00
|
|
|
|
2017-10-20 20:11:50 +03:00
|
|
|
CanRunScriptFuncs.insert(Func);
|
2017-08-08 19:48:53 +03:00
|
|
|
|
2017-10-20 20:11:50 +03:00
|
|
|
// If this is a method, we check the methods it overrides.
|
|
|
|
if (auto *Method = dyn_cast<CXXMethodDecl>(Func)) {
|
|
|
|
addAllOverriddenMethodsRecursively(Method);
|
2017-08-08 19:48:53 +03:00
|
|
|
}
|
2017-10-20 20:11:50 +03:00
|
|
|
}
|
2017-08-08 19:48:53 +03:00
|
|
|
|
2017-10-20 20:11:50 +03:00
|
|
|
void FuncSetCallback::addAllOverriddenMethodsRecursively(
|
|
|
|
const CXXMethodDecl *Method) {
|
|
|
|
for (auto OverriddenMethod : Method->overridden_methods()) {
|
|
|
|
CanRunScriptFuncs.insert(OverriddenMethod);
|
2017-08-08 19:48:53 +03:00
|
|
|
|
2017-10-20 20:11:50 +03:00
|
|
|
// If this is not the definition, we also add the definition (if it
|
|
|
|
// exists) to the set.
|
|
|
|
if (!OverriddenMethod->isThisDeclarationADefinition()) {
|
|
|
|
if (auto Def = OverriddenMethod->getDefinition()) {
|
|
|
|
CanRunScriptFuncs.insert(Def);
|
|
|
|
}
|
2017-08-08 19:48:53 +03:00
|
|
|
}
|
2017-10-20 20:11:50 +03:00
|
|
|
|
|
|
|
addAllOverriddenMethodsRecursively(OverriddenMethod);
|
2017-08-08 19:48:53 +03:00
|
|
|
}
|
2017-10-20 20:11:50 +03:00
|
|
|
}
|
2017-08-08 19:48:53 +03:00
|
|
|
} // namespace
|
|
|
|
|
|
|
|
void CanRunScriptChecker::buildFuncSet(ASTContext *Context) {
|
|
|
|
// We create a match finder.
|
|
|
|
MatchFinder Finder;
|
|
|
|
// We create the callback which will be called when we find a function with
|
|
|
|
// a MOZ_CAN_RUN_SCRIPT annotation.
|
|
|
|
FuncSetCallback Callback(CanRunScriptFuncs);
|
|
|
|
// We add the matcher to the finder, linking it to our callback.
|
2017-10-20 20:11:50 +03:00
|
|
|
Finder.addMatcher(
|
|
|
|
functionDecl(hasCanRunScriptAnnotation()).bind("canRunScriptFunction"),
|
|
|
|
&Callback);
|
2018-01-30 00:08:15 +03:00
|
|
|
Finder.addMatcher(
|
|
|
|
lambdaExpr().bind("lambda"),
|
|
|
|
&Callback);
|
2017-08-08 19:48:53 +03:00
|
|
|
// We start the analysis, given the ASTContext our main checker is in.
|
|
|
|
Finder.matchAST(*Context);
|
|
|
|
}
|
|
|
|
|
2017-10-20 20:11:50 +03:00
|
|
|
void CanRunScriptChecker::check(const MatchFinder::MatchResult &Result) {
|
2017-08-08 19:48:53 +03:00
|
|
|
|
|
|
|
// If the set of functions which can run script is not yet built, then build
|
|
|
|
// it.
|
|
|
|
if (!IsFuncSetBuilt) {
|
|
|
|
buildFuncSet(Result.Context);
|
|
|
|
IsFuncSetBuilt = true;
|
|
|
|
}
|
|
|
|
|
2017-10-20 20:11:50 +03:00
|
|
|
const char *ErrorInvalidArg =
|
2017-08-08 19:48:53 +03:00
|
|
|
"arguments must all be strong refs or parent parameters when calling a "
|
|
|
|
"function marked as MOZ_CAN_RUN_SCRIPT (including the implicit object "
|
|
|
|
"argument)";
|
|
|
|
|
2017-10-20 20:11:50 +03:00
|
|
|
const char *ErrorNonCanRunScriptParent =
|
2017-08-08 19:48:53 +03:00
|
|
|
"functions marked as MOZ_CAN_RUN_SCRIPT can only be called from "
|
|
|
|
"functions also marked as MOZ_CAN_RUN_SCRIPT";
|
2017-10-20 20:11:50 +03:00
|
|
|
const char *NoteNonCanRunScriptParent = "parent function declared here";
|
2017-08-08 19:48:53 +03:00
|
|
|
|
2017-10-20 20:11:50 +03:00
|
|
|
const Expr *InvalidArg = Result.Nodes.getNodeAs<Expr>("invalidArg");
|
2017-08-08 19:48:53 +03:00
|
|
|
|
2017-10-20 20:11:50 +03:00
|
|
|
const CallExpr *Call = Result.Nodes.getNodeAs<CallExpr>("callExpr");
|
2017-08-08 19:48:53 +03:00
|
|
|
// If we don't find the FunctionDecl linked to this call or if it's not marked
|
|
|
|
// as can-run-script, consider that we didn't find a match.
|
|
|
|
if (Call && (!Call->getDirectCallee() ||
|
2017-10-20 20:11:50 +03:00
|
|
|
!CanRunScriptFuncs.count(Call->getDirectCallee()))) {
|
2017-08-08 19:48:53 +03:00
|
|
|
Call = nullptr;
|
|
|
|
}
|
|
|
|
|
2017-10-20 20:11:50 +03:00
|
|
|
const CXXConstructExpr *Construct =
|
2017-08-08 19:48:53 +03:00
|
|
|
Result.Nodes.getNodeAs<CXXConstructExpr>("constructExpr");
|
|
|
|
|
|
|
|
// If we don't find the CXXConstructorDecl linked to this construct expression
|
|
|
|
// or if it's not marked as can-run-script, consider that we didn't find a
|
|
|
|
// match.
|
|
|
|
if (Construct && (!Construct->getConstructor() ||
|
2017-10-20 20:11:50 +03:00
|
|
|
!CanRunScriptFuncs.count(Construct->getConstructor()))) {
|
2017-08-08 19:48:53 +03:00
|
|
|
Construct = nullptr;
|
|
|
|
}
|
|
|
|
|
2017-10-20 20:11:50 +03:00
|
|
|
const FunctionDecl *ParentFunction =
|
2017-08-08 19:48:53 +03:00
|
|
|
Result.Nodes.getNodeAs<FunctionDecl>("nonCanRunScriptParentFunction");
|
|
|
|
// If the parent function can run script, consider that we didn't find a match
|
|
|
|
// because we only care about parent functions which can't run script.
|
2017-11-17 23:12:36 +03:00
|
|
|
//
|
|
|
|
// In addition, If the parent function is annotated as a
|
|
|
|
// CAN_RUN_SCRIPT_BOUNDARY, we don't want to complain about it calling a
|
|
|
|
// CAN_RUN_SCRIPT function. This is a mechanism to opt out of the infectious
|
|
|
|
// nature of CAN_RUN_SCRIPT which is necessary in some tricky code like
|
|
|
|
// Bindings.
|
|
|
|
if (ParentFunction &&
|
|
|
|
(CanRunScriptFuncs.count(ParentFunction) ||
|
|
|
|
hasCustomAnnotation(ParentFunction, "moz_can_run_script_boundary"))) {
|
2017-08-08 19:48:53 +03:00
|
|
|
ParentFunction = nullptr;
|
|
|
|
}
|
|
|
|
|
|
|
|
// Get the call range from either the CallExpr or the ConstructExpr.
|
|
|
|
SourceRange CallRange;
|
|
|
|
if (Call) {
|
|
|
|
CallRange = Call->getSourceRange();
|
|
|
|
} else if (Construct) {
|
|
|
|
CallRange = Construct->getSourceRange();
|
|
|
|
} else {
|
|
|
|
// If we have neither a Call nor a Construct, we have nothing do to here.
|
|
|
|
return;
|
|
|
|
}
|
|
|
|
|
|
|
|
// If we have an invalid argument in the call, we emit the diagnostic to
|
|
|
|
// signal it.
|
|
|
|
if (InvalidArg) {
|
2018-03-09 21:37:58 +03:00
|
|
|
diag(InvalidArg->getExprLoc(), ErrorInvalidArg, DiagnosticIDs::Error)
|
2017-08-08 19:48:53 +03:00
|
|
|
<< CallRange;
|
|
|
|
}
|
|
|
|
|
|
|
|
// If the parent function is not marked as MOZ_CAN_RUN_SCRIPT, we emit an
|
|
|
|
// error and a not indicating it.
|
|
|
|
if (ParentFunction) {
|
2018-01-30 00:08:15 +03:00
|
|
|
assert(!hasCustomAnnotation(ParentFunction, "moz_can_run_script") &&
|
|
|
|
"Matcher missed something");
|
|
|
|
|
2017-08-08 19:48:53 +03:00
|
|
|
diag(CallRange.getBegin(), ErrorNonCanRunScriptParent, DiagnosticIDs::Error)
|
|
|
|
<< CallRange;
|
|
|
|
|
|
|
|
diag(ParentFunction->getLocation(), NoteNonCanRunScriptParent,
|
|
|
|
DiagnosticIDs::Note);
|
|
|
|
}
|
|
|
|
}
|