[clang-tidy] Rename cert-env33-c to bugprone-command-processor
#160275
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
@llvm/pr-subscribers-clang-tidy @llvm/pr-subscribers-clang-tools-extra Author: mitchell (zeyi2) ChangesMoves This is part of the cleanup described in #157287. Full diff: https://github.com/llvm/llvm-project/pull/160275.diff 11 Files Affected:
diff --git a/clang-tools-extra/clang-tidy/bugprone/BugproneTidyModule.cpp b/clang-tools-extra/clang-tidy/bugprone/BugproneTidyModule.cpp
index 8baa8f6b35d4c..e6115f67656bc 100644
--- a/clang-tools-extra/clang-tidy/bugprone/BugproneTidyModule.cpp
+++ b/clang-tools-extra/clang-tidy/bugprone/BugproneTidyModule.cpp
@@ -19,6 +19,7 @@
#include "CapturingThisInMemberVariableCheck.h"
#include "CastingThroughVoidCheck.h"
#include "ChainedComparisonCheck.h"
+#include "CommandProcessorCheck.h"
#include "ComparePointerToMemberVirtualFunctionCheck.h"
#include "CopyConstructorInitCheck.h"
#include "CrtpConstructorAccessibilityCheck.h"
@@ -130,6 +131,8 @@ class BugproneModule : public ClangTidyModule {
"bugprone-casting-through-void");
CheckFactories.registerCheck<ChainedComparisonCheck>(
"bugprone-chained-comparison");
+ CheckFactories.registerCheck<CommandProcessorCheck>(
+ "bugprone-command-processor");
CheckFactories.registerCheck<ComparePointerToMemberVirtualFunctionCheck>(
"bugprone-compare-pointer-to-member-virtual-function");
CheckFactories.registerCheck<CopyConstructorInitCheck>(
diff --git a/clang-tools-extra/clang-tidy/bugprone/CMakeLists.txt b/clang-tools-extra/clang-tidy/bugprone/CMakeLists.txt
index b0dbe84a16cd4..c8943e5b22ef8 100644
--- a/clang-tools-extra/clang-tidy/bugprone/CMakeLists.txt
+++ b/clang-tools-extra/clang-tidy/bugprone/CMakeLists.txt
@@ -15,6 +15,7 @@ add_clang_library(clangTidyBugproneModule STATIC
CapturingThisInMemberVariableCheck.cpp
CastingThroughVoidCheck.cpp
ChainedComparisonCheck.cpp
+ CommandProcessorCheck.cpp
ComparePointerToMemberVirtualFunctionCheck.cpp
CopyConstructorInitCheck.cpp
CrtpConstructorAccessibilityCheck.cpp
diff --git a/clang-tools-extra/clang-tidy/cert/CommandProcessorCheck.cpp b/clang-tools-extra/clang-tidy/bugprone/CommandProcessorCheck.cpp
similarity index 95%
rename from clang-tools-extra/clang-tidy/cert/CommandProcessorCheck.cpp
rename to clang-tools-extra/clang-tidy/bugprone/CommandProcessorCheck.cpp
index d87396f5189b1..a09c1a931cdb5 100644
--- a/clang-tools-extra/clang-tidy/cert/CommandProcessorCheck.cpp
+++ b/clang-tools-extra/clang-tidy/bugprone/CommandProcessorCheck.cpp
@@ -11,7 +11,7 @@
using namespace clang::ast_matchers;
-namespace clang::tidy::cert {
+namespace clang::tidy::bugprone {
void CommandProcessorCheck::registerMatchers(MatchFinder *Finder) {
Finder->addMatcher(
@@ -35,4 +35,4 @@ void CommandProcessorCheck::check(const MatchFinder::MatchResult &Result) {
diag(E->getExprLoc(), "calling %0 uses a command processor") << Fn;
}
-} // namespace clang::tidy::cert
+} // namespace clang::tidy::bugprone
diff --git a/clang-tools-extra/clang-tidy/cert/CommandProcessorCheck.h b/clang-tools-extra/clang-tidy/bugprone/CommandProcessorCheck.h
similarity index 72%
rename from clang-tools-extra/clang-tidy/cert/CommandProcessorCheck.h
rename to clang-tools-extra/clang-tidy/bugprone/CommandProcessorCheck.h
index c2f8b39faaab1..49d28a11c5d7d 100644
--- a/clang-tools-extra/clang-tidy/cert/CommandProcessorCheck.h
+++ b/clang-tools-extra/clang-tidy/bugprone/CommandProcessorCheck.h
@@ -6,12 +6,12 @@
//
//===----------------------------------------------------------------------===//
-#ifndef LLVM_CLANG_TOOLS_EXTRA_CLANG_TIDY_CERT_COMMAND_PROCESSOR_CHECK_H
-#define LLVM_CLANG_TOOLS_EXTRA_CLANG_TIDY_CERT_COMMAND_PROCESSOR_CHECK_H
+#ifndef LLVM_CLANG_TOOLS_EXTRA_CLANG_TIDY_BUGPRONE_COMMAND_PROCESSOR_CHECK_H
+#define LLVM_CLANG_TOOLS_EXTRA_CLANG_TIDY_BUGPRONE_COMMAND_PROCESSOR_CHECK_H
#include "../ClangTidyCheck.h"
-namespace clang::tidy::cert {
+namespace clang::tidy::bugprone {
/// Execution of a command processor can lead to security vulnerabilities,
/// and is generally not required. Instead, prefer to launch executables
@@ -19,7 +19,7 @@ namespace clang::tidy::cert {
/// actually launched.
///
/// For the user-facing documentation see:
-/// https://clang.llvm.org/extra/clang-tidy/checks/cert/env33-c.html
+/// https://clang.llvm.org/extra/clang-tidy/checks/bugprone/command-processor.html
class CommandProcessorCheck : public ClangTidyCheck {
public:
CommandProcessorCheck(StringRef Name, ClangTidyContext *Context)
@@ -28,6 +28,6 @@ class CommandProcessorCheck : public ClangTidyCheck {
void check(const ast_matchers::MatchFinder::MatchResult &Result) override;
};
-} // namespace clang::tidy::cert
+} // namespace clang::tidy::bugprone
-#endif // LLVM_CLANG_TOOLS_EXTRA_CLANG_TIDY_CERT_COMMAND_PROCESSOR_CHECK_H
+#endif // LLVM_CLANG_TOOLS_EXTRA_CLANG_TIDY_BUGPRONE_COMMAND_PROCESSOR_CHECK_H
diff --git a/clang-tools-extra/clang-tidy/cert/CERTTidyModule.cpp b/clang-tools-extra/clang-tidy/cert/CERTTidyModule.cpp
index 9ba62219afee9..c1ca2cec7a1eb 100644
--- a/clang-tools-extra/clang-tidy/cert/CERTTidyModule.cpp
+++ b/clang-tools-extra/clang-tidy/cert/CERTTidyModule.cpp
@@ -10,6 +10,7 @@
#include "../ClangTidyModule.h"
#include "../ClangTidyModuleRegistry.h"
#include "../bugprone/BadSignalToKillThreadCheck.h"
+#include "../bugprone/CommandProcessorCheck.h"
#include "../bugprone/PointerArithmeticOnPolymorphicObjectCheck.h"
#include "../bugprone/ReservedIdentifierCheck.h"
#include "../bugprone/SignalHandlerCheck.h"
@@ -33,7 +34,6 @@
#include "../performance/MoveConstructorInitCheck.h"
#include "../readability/EnumInitialValueCheck.h"
#include "../readability/UppercaseLiteralSuffixCheck.h"
-#include "CommandProcessorCheck.h"
#include "DefaultOperatorNewAlignmentCheck.h"
#include "DontModifyStdNamespaceCheck.h"
#include "FloatLoopCounter.h"
@@ -296,7 +296,8 @@ class CERTModule : public ClangTidyModule {
CheckFactories.registerCheck<bugprone::ReservedIdentifierCheck>(
"cert-dcl37-c");
// ENV
- CheckFactories.registerCheck<CommandProcessorCheck>("cert-env33-c");
+ CheckFactories.registerCheck<bugprone::CommandProcessorCheck>(
+ "cert-env33-c");
// ERR
CheckFactories.registerCheck<bugprone::UnusedReturnValueCheck>(
"cert-err33-c");
diff --git a/clang-tools-extra/clang-tidy/cert/CMakeLists.txt b/clang-tools-extra/clang-tidy/cert/CMakeLists.txt
index 4933763f03fb5..453d1d30921e9 100644
--- a/clang-tools-extra/clang-tidy/cert/CMakeLists.txt
+++ b/clang-tools-extra/clang-tidy/cert/CMakeLists.txt
@@ -5,7 +5,6 @@ set(LLVM_LINK_COMPONENTS
add_clang_library(clangTidyCERTModule STATIC
CERTTidyModule.cpp
- CommandProcessorCheck.cpp
DefaultOperatorNewAlignmentCheck.cpp
DontModifyStdNamespaceCheck.cpp
FloatLoopCounter.cpp
diff --git a/clang-tools-extra/docs/ReleaseNotes.rst b/clang-tools-extra/docs/ReleaseNotes.rst
index bc916396a14ca..5d4fd6e997267 100644
--- a/clang-tools-extra/docs/ReleaseNotes.rst
+++ b/clang-tools-extra/docs/ReleaseNotes.rst
@@ -211,6 +211,11 @@ New check aliases
<clang-tidy/checks/modernize/avoid-variadic-functions>`
keeping initial check as an alias to the new one.
+- Renamed :doc:`cert-env33-c <clang-tidy/checks/cert/env33-c>` to
+ :doc:`bugprone-command-processor
+ <clang-tidy/checks/bugprone/command-processor>`
+ keeping initial check as an alias to the new one.
+
- Renamed :doc:`cert-err34-c <clang-tidy/checks/cert/err34-c>` to
:doc:`bugprone-unchecked-string-to-number-conversion
<clang-tidy/checks/bugprone/unchecked-string-to-number-conversion>`
diff --git a/clang-tools-extra/docs/clang-tidy/checks/bugprone/command-processor.rst b/clang-tools-extra/docs/clang-tidy/checks/bugprone/command-processor.rst
new file mode 100644
index 0000000000000..cbffe7dddae04
--- /dev/null
+++ b/clang-tools-extra/docs/clang-tidy/checks/bugprone/command-processor.rst
@@ -0,0 +1,16 @@
+.. title:: clang-tidy - bugprone-command-processor
+
+bugprone-command-processor
+==========================
+
+Flags calls to ``system()``, ``popen()``, and ``_popen()``, which
+execute a command processor. It does not flag calls to ``system()`` with a null
+pointer argument, as such a call checks for the presence of a command processor
+but does not actually attempt to execute a command.
+
+References
+----------
+
+This check corresponds to the CERT C Coding Standard rule
+`ENV33-C. Do not call system()
+<https://www.securecoding.cert.org/confluence/display/c/ENV33-C.+Do+not+call+system()>`_.
diff --git a/clang-tools-extra/docs/clang-tidy/checks/cert/env33-c.rst b/clang-tools-extra/docs/clang-tidy/checks/cert/env33-c.rst
index 9271c9ecccc00..751bccfaee8f2 100644
--- a/clang-tools-extra/docs/clang-tidy/checks/cert/env33-c.rst
+++ b/clang-tools-extra/docs/clang-tidy/checks/cert/env33-c.rst
@@ -3,10 +3,9 @@
cert-env33-c
============
-This check flags calls to ``system()``, ``popen()``, and ``_popen()``, which
-execute a command processor. It does not flag calls to ``system()`` with a null
-pointer argument, as such a call checks for the presence of a command processor
-but does not actually attempt to execute a command.
+The `cert-env33-c` check is an alias, please see
+`bugprone-command-processor <../bugprone/command-processor.html>`_
+for more information.
This check corresponds to the CERT C Coding Standard rule
`ENV33-C. Do not call system()
diff --git a/clang-tools-extra/docs/clang-tidy/checks/list.rst b/clang-tools-extra/docs/clang-tidy/checks/list.rst
index 472d509101cdb..e705958f9033f 100644
--- a/clang-tools-extra/docs/clang-tidy/checks/list.rst
+++ b/clang-tools-extra/docs/clang-tidy/checks/list.rst
@@ -87,6 +87,7 @@ Clang-Tidy Checks
:doc:`bugprone-capturing-this-in-member-variable <bugprone/capturing-this-in-member-variable>`,
:doc:`bugprone-casting-through-void <bugprone/casting-through-void>`,
:doc:`bugprone-chained-comparison <bugprone/chained-comparison>`,
+ :doc:`bugprone-command-processor <bugprone/command-processor>`,
:doc:`bugprone-compare-pointer-to-member-virtual-function <bugprone/compare-pointer-to-member-virtual-function>`,
:doc:`bugprone-copy-constructor-init <bugprone/copy-constructor-init>`, "Yes"
:doc:`bugprone-crtp-constructor-accessibility <bugprone/crtp-constructor-accessibility>`, "Yes"
@@ -173,7 +174,6 @@ Clang-Tidy Checks
:doc:`bugprone-use-after-move <bugprone/use-after-move>`,
:doc:`bugprone-virtual-near-miss <bugprone/virtual-near-miss>`, "Yes"
:doc:`cert-dcl58-cpp <cert/dcl58-cpp>`,
- :doc:`cert-env33-c <cert/env33-c>`,
:doc:`cert-err33-c <cert/err33-c>`,
:doc:`cert-err60-cpp <cert/err60-cpp>`,
:doc:`cert-flp30-c <cert/flp30-c>`,
@@ -440,6 +440,7 @@ Check aliases
:doc:`cert-dcl54-cpp <cert/dcl54-cpp>`, :doc:`misc-new-delete-overloads <misc/new-delete-overloads>`,
:doc:`cert-dcl59-cpp <cert/dcl59-cpp>`, :doc:`google-build-namespaces <google/build-namespaces>`,
:doc:`cert-err09-cpp <cert/err09-cpp>`, :doc:`misc-throw-by-value-catch-by-reference <misc/throw-by-value-catch-by-reference>`,
+ :doc:`cert-env33-c <cert/env33-c>`, :doc:`bugprone-command-processor <bugprone/command-processor>`,
:doc:`cert-err34-c <cert/err34-c>`, :doc:`bugprone-unchecked-string-to-number-conversion <bugprone/unchecked-string-to-number-conversion>`,
:doc:`cert-err52-cpp <cert/err52-cpp>`, :doc:`modernize-avoid-setjmp-longjmp <modernize/avoid-setjmp-longjmp>`,
:doc:`cert-err58-cpp <cert/err58-cpp>`, :doc:`bugprone-throwing-static-initialization <bugprone/throwing-static-initialization>`,
diff --git a/clang-tools-extra/test/clang-tidy/checkers/cert/env33-c.c b/clang-tools-extra/test/clang-tidy/checkers/bugprone/command-processor.c
similarity index 83%
rename from clang-tools-extra/test/clang-tidy/checkers/cert/env33-c.c
rename to clang-tools-extra/test/clang-tidy/checkers/bugprone/command-processor.c
index 5846b496242c5..e592b57c9fb29 100644
--- a/clang-tools-extra/test/clang-tidy/checkers/cert/env33-c.c
+++ b/clang-tools-extra/test/clang-tidy/checkers/bugprone/command-processor.c
@@ -1,4 +1,4 @@
-// RUN: %check_clang_tidy %s cert-env33-c %t
+// RUN: %check_clang_tidy %s bugprone-command-processor %t
typedef struct FILE {} FILE;
@@ -11,7 +11,7 @@ void f(void) {
system(0);
system("test");
- // CHECK-MESSAGES: :[[@LINE-1]]:3: warning: calling 'system' uses a command processor [cert-env33-c]
+ // CHECK-MESSAGES: :[[@LINE-1]]:3: warning: calling 'system' uses a command processor [bugprone-command-processor]
popen("test", "test");
// CHECK-MESSAGES: :[[@LINE-1]]:3: warning: calling 'popen' uses a command processor
|
|
✅ With the latest revision this PR passed the C/C++ code linter. |
EugeneZelenko
requested review from
vbvictor,
carlosgalvezp,
localspook and
HerrCai0907
HerrCai0907
approved these changes
Sep 24, 2025
vbvictor
approved these changes
Sep 24, 2025
mahesh-attarde
pushed a commit
to mahesh-attarde/llvm-project
that referenced
this pull request
Oct 3, 2025
…lvm#160275) Moves `cert-env33-c` check into `bugprone` module and gives it a clearer name: `bugprone-command-processor` This is part of the cleanup described in llvm#157287. Closes llvm#157288
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Moves
cert-env33-ccheck intobugpronemodule and gives it a clearer name:bugprone-command-processorThis is part of the cleanup described in #157287.
Closes #157288