In this paper, we describe the development and usage of clang static analyzer checker for detecting tainted data in C, C++ and Objective C source programs. The checker is user configurable, so it can be used to check tainted data for any user provided API. It also include subsets of C/C++ APIs commonly used as memory and string handling and file input-output. Taint checking is a widely used technique as source code review tools to detect possible security vulnerabilities for attacks as code injection and buffer overflows. We describe the clang static analyzer architecture, the taint checker design considerations, some implementation details and some test cases to show the capability for detecting security vulnerabilities as the hearthbleed in a real and big open source project such as OpenSSL.