Are there any Clang Static Analyzer checkers for sqlite issues?

Question

The Clang Static Analyzer used by Xcode uses checkers to identify warnings and errors in source code. I'd like to use a checker to detect when sqlite is used with sqlite3_prepare_v2 being called without calling sqlite3_finalize .

Here is a list of existing checkers.

http://clang-analyzer.llvm.org/available_checks.html

And here is a list of potential checkers.

http://clang-analyzer.llvm.org/potential_checkers.html

Are there any checkers out there specific to sqlite which could address this issue? Is there another way to automatically detect missing/unbalanced calls?

Answer 1

Unfortunately No way.

Only you can do is, make sure you have written the sqlite3_finalize inside the sqlite3_prepare block instead of writing outside. This will handle sqlite3_prepare failure issues.

if(sqlite3_prepare(dbfile,query,-1,&statement,0)==SQLITE_OK)
{
   int res=sqlite3_step(statement);
   result=res;
   sqlite3_finalize(statement);
}

If you are wtitten sqlite3_finalize outside the sqlite3_prepare block, it will cause issues while sqlite3_prepare statement fails.

Please look at this example: Accessing a SQLite Database with C++

Answer 2

有一个Clang静态分析器，您可以在https://github.com/XSecurity/XSecurity中找到它