1 files changed, 46 insertions, 0 deletions

diff --git a/test/Analysis/taint-tester.c b/test/Analysis/taint-tester.c
index a769a3d904..2908e60fe8 100644
--- a/test/Analysis/taint-tester.c
+++ b/test/Analysis/taint-tester.c
@@ -76,3 +76,49 @@ void BitwiseOp(int in, char inn) {
     m = inn;
   int mm = m; // expected-warning   {{tainted}}
 }
+
+// Test getenv.
+char *getenv(const char *name);
+void getenvTest(char *home) {
+  home = getenv("HOME"); // expected-warning 2 {{tainted}}
+  if (home != 0) { // expected-warning 2 {{tainted}}
+      char d = home[0]; // expected-warning 2 {{tainted}}
+    }
+}
+
+typedef struct _FILE FILE;
+extern FILE *stdin;
+extern FILE *stdout;
+extern FILE *stderr;
+int fscanf(FILE *restrict stream, const char *restrict format, ...);
+int fprintf(FILE *stream, const char *format, ...);
+int fclose(FILE *stream);
+FILE *fopen(const char *path, const char *mode);
+
+int fscanfTest(void) {
+  FILE *fp;
+  char s[80];
+  int t;
+
+  // Check if stdin is treated as tainted.
+  fscanf(stdin, "%s %d", s, &t);
+  // Note, here, s is not tainted, but the data s points to is tainted.
+  char *ts = s;
+  char tss = s[0]; // expected-warning 1 {{tainted}}
+  int tt = t; // expected-warning 1 {{tainted}}
+  if((fp=fopen("test", "w")) == 0) // expected-warning 3 {{tainted}}
+    return 1;
+  fprintf(fp, "%s %d", s, t); // expected-warning 2 {{tainted}}
+  fclose(fp); // expected-warning 1 {{tainted}}
+
+  // Check if we propagate taint from stdin when it's used in an assignment.
+  FILE *pfstd = stdin;
+  fscanf(pfstd, "%s %d", s, &t); // TODO: This should be tainted as well.
+
+  // Test fscanf and fopen.
+  if((fp=fopen("test","r")) == 0) // expected-warning 3 {{tainted}}
+    return 1;
+  fscanf(fp, "%s%d", s, &t); // expected-warning 1 {{tainted}}
+  fprintf(stdout, "%s %d", s, t); // expected-warning 1 {{tainted}}
+  return 0;
+}