github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-15 23:55:03 +03:00
Code Issues Packages Projects Releases Wiki Activity

Calculate sizes of strftime buffers based on format strings

Browse Source 
- Leverage std::size to determine buffer size at compile time.
- Simplified 'TimeMon::evaluate' implementation as it was using strftime
  to get the month, convert the string to int, and then decrement it by
  one to make it zero based. This same value is already available in
  the 'struct tm' previously generated with the call to localtime_r (and
  where the month is already zero-based)
This commit is contained in:
Eduardo Arias 2024-08-12 08:47:04 -07:00
parent 5e6fcbc60b
commit 23a341eb6a
11 changed files with 50 additions and 66 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

23
src/audit_log/writer/parallel.cc
View File

@ -51,28 +51,27 @@ Parallel::~Parallel() {
inline std::string Parallel::logFilePath(time_t *t, inline std::string Parallel::logFilePath(time_t *t,
int part) { int part) {
struct tm timeinfo; std::string name;
char tstr[300];
std::string name("");
struct tm timeinfo;
localtime_r(t, &timeinfo); localtime_r(t, &timeinfo);
if (part & YearMonthDayDirectory) { if (part & YearMonthDayDirectory) {
memset(tstr, '\0', 300); char tstr[std::size("/yyyymmdd")];
strftime(tstr, 299, "/%Y%m%d", &timeinfo); strftime(tstr, std::size(tstr), "/%Y%m%d", &timeinfo);
name = tstr; name.append(tstr);
} }
if (part & YearMonthDayAndTimeDirectory) { if (part & YearMonthDayAndTimeDirectory) {
memset(tstr, '\0', 300); char tstr[std::size("/yyyymmdd-hhmm")];
strftime(tstr, 299, "/%Y%m%d-%H%M", &timeinfo); strftime(tstr, std::size(tstr), "/%Y%m%d-%H%M", &timeinfo);
name = name + tstr; name.append(tstr);
} }
if (part & YearMonthDayAndTimeFileName) { if (part & YearMonthDayAndTimeFileName) {
memset(tstr, '\0', 300); char tstr[std::size("/yyyymmdd-hhmmss")];
strftime(tstr, 299, "/%Y%m%d-%H%M%S", &timeinfo); strftime(tstr, std::size(tstr), "/%Y%m%d-%H%M%S", &timeinfo);
name = name + tstr; name.append(tstr);
} }
return name; return name;

6
src/request_body_processor/multipart.cc
View File

@ -65,12 +65,12 @@ MultipartPartTmpFile::~MultipartPartTmpFile() {
} }
void MultipartPartTmpFile::Open() { void MultipartPartTmpFile::Open() {
struct tm timeinfo; time_t tt = time(nullptr);
time_t tt = time(NULL);
struct tm timeinfo;
localtime_r(&tt, &timeinfo); localtime_r(&tt, &timeinfo);
char tstr[17]; char tstr[std::size("/yyyymmdd-hhmmss")];
strftime(tstr, std::size(tstr), "/%Y%m%d-%H%M%S", &timeinfo); strftime(tstr, std::size(tstr), "/%Y%m%d-%H%M%S", &timeinfo);
std::string path = m_transaction->m_rules->m_uploadDirectory.m_value; std::string path = m_transaction->m_rules->m_uploadDirectory.m_value;

15
src/transaction.cc
View File

@ -1509,13 +1509,12 @@ bool Transaction::intervention(ModSecurityIntervention *it) {
std::string Transaction::toOldAuditLogFormatIndex(const std::string &filename, std::string Transaction::toOldAuditLogFormatIndex(const std::string &filename,
double size, const std::string &md5) { double size, const std::string &md5) {
std::stringstream ss; std::stringstream ss;
struct tm timeinfo;
char tstr[300];
memset(tstr, '\0', 300); struct tm timeinfo;
localtime_r(&this->m_timeStamp, &timeinfo); localtime_r(&this->m_timeStamp, &timeinfo);
strftime(tstr, 299, "[%d/%b/%Y:%H:%M:%S %z]", &timeinfo); char tstr[std::size("[dd/Mmm/yyyy:hh:mm:ss shhmm]")];
strftime(tstr, std::size(tstr), "[%d/%b/%Y:%H:%M:%S %z]", &timeinfo);
ss << utils::string::dash_if_empty( ss << utils::string::dash_if_empty(
m_variableRequestHeaders.resolveFirst("Host").get()) m_variableRequestHeaders.resolveFirst("Host").get())
@ -1572,14 +1571,14 @@ std::string Transaction::toOldAuditLogFormatIndex(const std::string &filename,
std::string Transaction::toOldAuditLogFormat(int parts, std::string Transaction::toOldAuditLogFormat(int parts,
const std::string &trailer) { const std::string &trailer) {
std::stringstream audit_log; std::stringstream audit_log;
struct tm timeinfo;
char tstr[300];
memset(tstr, '\0', 300); struct tm timeinfo;
localtime_r(&this->m_timeStamp, &timeinfo); localtime_r(&this->m_timeStamp, &timeinfo);
char tstr[std::size("[dd/Mmm/yyyy:hh:mm:ss shhmm]")];
strftime(tstr, std::size(tstr), "[%d/%b/%Y:%H:%M:%S %z]", &timeinfo);
audit_log << "--" << trailer << "-" << "A--" << std::endl; audit_log << "--" << trailer << "-" << "A--" << std::endl;
strftime(tstr, 299, "[%d/%b/%Y:%H:%M:%S %z]", &timeinfo);
audit_log << tstr; audit_log << tstr;
audit_log << " " << m_id->c_str(); audit_log << " " << m_id->c_str();
audit_log << " " << this->m_clientIpAddress->c_str(); audit_log << " " << this->m_clientIpAddress->c_str();

8
src/variables/time.cc
View File

@ -40,15 +40,13 @@ namespace variables {
void Time::evaluate(Transaction *transaction, void Time::evaluate(Transaction *transaction,
RuleWithActions *rule, RuleWithActions *rule,
std::vector<const VariableValue *> *l) { std::vector<const VariableValue *> *l) {
char tstr[200];
struct tm timeinfo;
time_t timer; time_t timer;
time(&timer); time(&timer);
memset(tstr, '\0', 200);
struct tm timeinfo;
localtime_r(&timer, &timeinfo); localtime_r(&timer, &timeinfo);
char tstr[std::size("hh:mm:ss")];
strftime(tstr, 200, "%H:%M:%S", &timeinfo); strftime(tstr, 200, "%H:%M:%S", &timeinfo);
transaction->m_variableTime.assign(tstr); transaction->m_variableTime.assign(tstr);

9
src/variables/time_day.cc
View File

@ -40,15 +40,14 @@ namespace variables {
void TimeDay::evaluate(Transaction *transaction, void TimeDay::evaluate(Transaction *transaction,
RuleWithActions *rule, RuleWithActions *rule,
std::vector<const VariableValue *> *l) { std::vector<const VariableValue *> *l) {
char tstr[200];
struct tm timeinfo;
time_t timer; time_t timer;
time(&timer); time(&timer);
memset(tstr, '\0', 200);
struct tm timeinfo;
localtime_r(&timer, &timeinfo); localtime_r(&timer, &timeinfo);
strftime(tstr, 200, "%d", &timeinfo);
char tstr[std::size("dd")];
strftime(tstr, std::size(tstr), "%d", &timeinfo);
transaction->m_variableTimeDay.assign(tstr); transaction->m_variableTimeDay.assign(tstr);

9
src/variables/time_hour.cc
View File

@ -40,15 +40,14 @@ namespace variables {
void TimeHour::evaluate(Transaction *transaction, void TimeHour::evaluate(Transaction *transaction,
RuleWithActions *rule, RuleWithActions *rule,
std::vector<const VariableValue *> *l) { std::vector<const VariableValue *> *l) {
char tstr[200];
struct tm timeinfo;
time_t timer; time_t timer;
time(&timer); time(&timer);
memset(tstr, '\0', 200);
struct tm timeinfo;
localtime_r(&timer, &timeinfo); localtime_r(&timer, &timeinfo);
strftime(tstr, 200, "%H", &timeinfo);
char tstr[std::size("hh")];
strftime(tstr, std::size(tstr), "%H", &timeinfo);
transaction->m_variableTimeHour.assign(tstr); transaction->m_variableTimeHour.assign(tstr);

9
src/variables/time_min.cc
View File

@ -40,15 +40,14 @@ namespace variables {
void TimeMin::evaluate(Transaction *transaction, void TimeMin::evaluate(Transaction *transaction,
RuleWithActions *rule, RuleWithActions *rule,
std::vector<const VariableValue *> *l) { std::vector<const VariableValue *> *l) {
char tstr[200];
struct tm timeinfo;
time_t timer; time_t timer;
time(&timer); time(&timer);
memset(tstr, '\0', 200);
struct tm timeinfo;
localtime_r(&timer, &timeinfo); localtime_r(&timer, &timeinfo);
strftime(tstr, 200, "%M", &timeinfo);
char tstr[std::size("mm")];
strftime(tstr, std::size(tstr), "%M", &timeinfo);
transaction->m_variableTimeMin.assign(tstr); transaction->m_variableTimeMin.assign(tstr);

10
src/variables/time_mon.cc
View File

@ -40,19 +40,13 @@ namespace variables {
void TimeMon::evaluate(Transaction *transaction, void TimeMon::evaluate(Transaction *transaction,
RuleWithActions *rule, RuleWithActions *rule,
std::vector<const VariableValue *> *l) { std::vector<const VariableValue *> *l) {
char tstr[200];
struct tm timeinfo;
time_t timer; time_t timer;
time(&timer); time(&timer);
memset(tstr, '\0', 200);
struct tm timeinfo;
localtime_r(&timer, &timeinfo); localtime_r(&timer, &timeinfo);
strftime(tstr, 200, "%m", &timeinfo);
int a = atoi(tstr);
a--;
transaction->m_variableTimeMin.assign(std::to_string(a)); transaction->m_variableTimeMin.assign(std::to_string(timeinfo.tm_mon));
l->push_back(new VariableValue(&m_retName, l->push_back(new VariableValue(&m_retName,
&transaction->m_variableTimeMin)); &transaction->m_variableTimeMin));

9
src/variables/time_sec.cc
View File

@ -40,15 +40,14 @@ namespace variables {
void TimeSec::evaluate(Transaction *transaction, void TimeSec::evaluate(Transaction *transaction,
RuleWithActions *rule, RuleWithActions *rule,
std::vector<const VariableValue *> *l) { std::vector<const VariableValue *> *l) {
char tstr[200];
struct tm timeinfo;
time_t timer; time_t timer;
time(&timer); time(&timer);
memset(tstr, '\0', 200);
struct tm timeinfo;
localtime_r(&timer, &timeinfo); localtime_r(&timer, &timeinfo);
strftime(tstr, 200, "%S", &timeinfo);
char tstr[std::size("ss")];
strftime(tstr, std::size(tstr), "%S", &timeinfo);
transaction->m_variableTimeSec.assign(tstr); transaction->m_variableTimeSec.assign(tstr);

9
src/variables/time_wday.cc
View File

@ -40,15 +40,14 @@ namespace variables {
void TimeWDay::evaluate(Transaction *transaction, void TimeWDay::evaluate(Transaction *transaction,
RuleWithActions *rule, RuleWithActions *rule,
std::vector<const VariableValue *> *l) { std::vector<const VariableValue *> *l) {
char tstr[200];
struct tm timeinfo;
time_t timer; time_t timer;
time(&timer); time(&timer);
memset(tstr, '\0', 200);
struct tm timeinfo;
localtime_r(&timer, &timeinfo); localtime_r(&timer, &timeinfo);
strftime(tstr, 200, "%u", &timeinfo);
char tstr[std::size("d")];
strftime(tstr, std::size(tstr), "%u", &timeinfo);
transaction->m_variableTimeWDay.assign(tstr); transaction->m_variableTimeWDay.assign(tstr);

9
src/variables/time_year.cc
View File

@ -40,15 +40,14 @@ namespace variables {
void TimeYear::evaluate(Transaction *transaction, void TimeYear::evaluate(Transaction *transaction,
RuleWithActions *rule, RuleWithActions *rule,
std::vector<const VariableValue *> *l) { std::vector<const VariableValue *> *l) {
char tstr[200];
struct tm timeinfo;
time_t timer; time_t timer;
time(&timer); time(&timer);
memset(tstr, '\0', 200);
struct tm timeinfo;
localtime_r(&timer, &timeinfo); localtime_r(&timer, &timeinfo);
strftime(tstr, 200, "%Y", &timeinfo);
char tstr[std::size("yyyy")];
strftime(tstr, std::size(tstr), "%Y", &timeinfo);
transaction->m_variableTimeYear.assign(tstr); transaction->m_variableTimeYear.assign(tstr);