diff --git a/examples/multiprocess_c/multi.c b/examples/multiprocess_c/multi.c index c30e7be0..a881428a 100644 --- a/examples/multiprocess_c/multi.c +++ b/examples/multiprocess_c/multi.c @@ -83,7 +83,7 @@ void process_request (int j) { int main (int argc, char **argv) { - int ret = 1; + int ret; const char *error = NULL; int i = 0; pid_t pid; diff --git a/examples/simple_example_using_c/test.c b/examples/simple_example_using_c/test.c index ad66bc64..d4df506e 100644 --- a/examples/simple_example_using_c/test.c +++ b/examples/simple_example_using_c/test.c @@ -24,7 +24,7 @@ char main_rule_uri[] = "basic_rules.conf"; int main (int argc, char **argv) { - int ret = 1; + int ret; const char *error = NULL; ModSecurity *modsec = NULL; Transaction *transaction = NULL; diff --git a/src/actions/action.h b/src/actions/action.h index f9846518..3057ca8c 100644 --- a/src/actions/action.h +++ b/src/actions/action.h @@ -35,21 +35,36 @@ class Action { public: explicit Action(const std::string& _action) : action_kind(2), + m_isNone(false), m_name(""), m_parser_payload(""), - m_isNone(false), temporaryAction(false) { set_name_and_payload(_action); } explicit Action(const std::string& _action, int kind) : action_kind(kind), + m_isNone(false), m_name(""), m_parser_payload(""), - m_isNone(false), temporaryAction(false) { set_name_and_payload(_action); } + virtual ~Action() { } + + virtual std::string evaluate(std::string exp, + Transaction *transaction); + virtual bool evaluate(Rule *rule, Transaction *transaction); + virtual bool evaluate(Rule *rule, Transaction *transaction, + RuleMessage *ruleMessage) { + return evaluate(rule, transaction); + } + virtual bool init(std::string *error) { return true; } + virtual bool isDisruptive() { return false; } + virtual void fillIntervention(ModSecurityIntervention *intervention); + static Action *instantiate(const std::string& name); + + void set_name_and_payload(const std::string& data) { size_t pos = data.find(":"); std::string t = "t:"; @@ -72,7 +87,12 @@ class Action { } } - virtual ~Action() { } + bool m_isNone; + bool temporaryAction; + int action_kind; + std::string m_name; + std::string m_parser_payload; + /** * * Define the action kind regarding to the execution time. @@ -106,27 +126,6 @@ class Action { }; - virtual std::string evaluate(std::string exp, - Transaction *transaction); - virtual bool evaluate(Rule *rule, Transaction *transaction); - virtual bool evaluate(Rule *rule, Transaction *transaction, - RuleMessage *ruleMessage) { - return evaluate(rule, transaction); - } - - virtual bool init(std::string *error) { return true; } - - virtual bool isDisruptive() { return false; } - - virtual void fillIntervention(ModSecurityIntervention *intervention); - - static Action *instantiate(const std::string& name); - - bool temporaryAction; - std::string m_name; - std::string m_parser_payload; - bool m_isNone; - int action_kind; }; diff --git a/src/actions/msg.cc b/src/actions/msg.cc index 5b3b6247..582c328f 100644 --- a/src/actions/msg.cc +++ b/src/actions/msg.cc @@ -47,9 +47,8 @@ namespace actions { bool Msg::evaluate(Rule *rule, Transaction *transaction) { - std::string msg = MacroExpansion::expand(m_parser_payload, transaction); - #ifndef NO_LOGS + std::string msg = MacroExpansion::expand(m_parser_payload, transaction); transaction->debug(9, "Saving msg: " + msg); #endif diff --git a/src/actions/transformations/html_entity_decode.cc b/src/actions/transformations/html_entity_decode.cc index c2c273f7..a0476ea9 100644 --- a/src/actions/transformations/html_entity_decode.cc +++ b/src/actions/transformations/html_entity_decode.cc @@ -100,9 +100,8 @@ int HtmlEntityDecode::inplace(unsigned char *input, u_int64_t input_len) { if (j > k) { /* Do we have at least one digit? */ /* Decode the entity. */ char *x = NULL; - x = reinterpret_cast(malloc(sizeof(char) * + x = reinterpret_cast(calloc(sizeof(char), ((j - k) + 1))); - memset(x, '\0', (j - k) + 1); memcpy(x, (const char *)&input[k], j - k); *d++ = (unsigned char)strtol(x, NULL, 16); free(x); @@ -127,9 +126,8 @@ int HtmlEntityDecode::inplace(unsigned char *input, u_int64_t input_len) { if (j > k) { /* Do we have at least one digit? */ /* Decode the entity. */ char *x = NULL; - x = reinterpret_cast(malloc(sizeof(char) * + x = reinterpret_cast(calloc(sizeof(char), ((j - k) + 1))); - memset(x, '\0', (j - k) + 1); memcpy(x, (const char *)&input[k], j - k); *d++ = (unsigned char)strtol(x, NULL, 10); free(x); @@ -154,9 +152,8 @@ int HtmlEntityDecode::inplace(unsigned char *input, u_int64_t input_len) { } if (j > k) { /* Do we have at least one digit? */ char *x = NULL; - x = reinterpret_cast(malloc(sizeof(char) * + x = reinterpret_cast(calloc(sizeof(char), ((j - k) + 1))); - memset(x, '\0', (j - k) + 1); memcpy(x, (const char *)&input[k], j - k); /* Decode the entity. */ diff --git a/src/actions/transformations/remove_comments.cc b/src/actions/transformations/remove_comments.cc index 8d6afcac..9ed0c6fa 100644 --- a/src/actions/transformations/remove_comments.cc +++ b/src/actions/transformations/remove_comments.cc @@ -47,14 +47,12 @@ std::string RemoveComments::evaluate(std::string value, u_int64_t input_len = value.size(); u_int64_t i, j, incomment; - int changed = 0; i = j = incomment = 0; while (i < input_len) { if (incomment == 0) { if ((input[i] == '/') && (i + 1 < input_len) && (input[i + 1] == '*')) { - changed = 1; incomment = 1; i += 2; } else if ((input[i] == '<') && (i + 1 < input_len) @@ -62,15 +60,12 @@ std::string RemoveComments::evaluate(std::string value, && (input[i+2] == '-') && (i + 3 < input_len) && (input[i + 3] == '-') && (incomment == 0)) { incomment = 1; - changed = 1; i += 4; } else if ((input[i] == '-') && (i + 1 < input_len) && (input[i + 1] == '-') && (incomment == 0)) { - changed = 1; input[i] = ' '; break; } else if (input[i] == '#' && (incomment == 0)) { - changed = 1; input[i] = ' '; break; } else { diff --git a/src/actions/transformations/utf8_to_unicode.cc b/src/actions/transformations/utf8_to_unicode.cc index e934191a..4f2778e4 100644 --- a/src/actions/transformations/utf8_to_unicode.cc +++ b/src/actions/transformations/utf8_to_unicode.cc @@ -59,10 +59,10 @@ std::string Utf8ToUnicode::evaluate(std::string value, char *Utf8ToUnicode::inplace(unsigned char *input, uint64_t input_len, int *changed) { - int unicode_len = 0, length = 0; - unsigned int d = 0, count = 0; - unsigned char c, *utf; - char *rval, *data; + int length = 0; + unsigned int count = 0; + unsigned char c; + char *data; unsigned int i, len, j; unsigned int bytes_left = input_len; unsigned char unicode[8]; @@ -75,12 +75,14 @@ char *Utf8ToUnicode::inplace(unsigned char *input, } if (input == NULL) { + free(data); return NULL; } for (i = 0; i < bytes_left;) { - unicode_len = 0; d = 0; - utf = (unsigned char *)&input[i]; + int unicode_len = 0; + unsigned int d = 0; + unsigned char *utf = (unsigned char *)&input[i]; c = *utf; @@ -293,7 +295,7 @@ char *Utf8ToUnicode::inplace(unsigned char *input, *data ='\0'; - return NULL; + return data; } diff --git a/src/collection/backend/lmdb.cc b/src/collection/backend/lmdb.cc index 703def23..fff6153e 100644 --- a/src/collection/backend/lmdb.cc +++ b/src/collection/backend/lmdb.cc @@ -562,7 +562,7 @@ void LMDB::resolveRegularExpression(const std::string& var, int rc; MDB_stat mst; MDB_cursor *cursor; - size_t pos = std::string::npos; + size_t pos; pos = var.find(":"); if (pos == std::string::npos) { diff --git a/src/debug_log_writer.cc b/src/debug_log_writer.cc index 69e0bdab..e5290f31 100644 --- a/src/debug_log_writer.cc +++ b/src/debug_log_writer.cc @@ -41,9 +41,9 @@ void DebugLogWriter::open(const std::string& fileName) { void DebugLogWriter::close(const std::string& fileName) { std::map::iterator it; - DebugLogWriterAgent *agent; it = agents.find(fileName); if (it != agents.end()) { + DebugLogWriterAgent *agent; agent = it->second; if (agent->refCountDecreaseAndCheck()) { delete agent; diff --git a/src/operators/operator.h b/src/operators/operator.h index a422fd18..72e44f34 100644 --- a/src/operators/operator.h +++ b/src/operators/operator.h @@ -29,7 +29,10 @@ namespace operators { class Operator { public: /** @ingroup ModSecurity_Operator */ - Operator() { } + Operator() + : op(""), + param(""), + negation(false) { } Operator(std::string op, std::string param, bool negation) : op(op), param(param), diff --git a/src/operators/pm.cc b/src/operators/pm.cc index bb6376f9..c368e336 100644 --- a/src/operators/pm.cc +++ b/src/operators/pm.cc @@ -34,7 +34,6 @@ Pm::~Pm() { acmp_node_t *root = m_p->root_node; acmp_node_t *node = root; - node = root; cleanup(root); free(m_p); diff --git a/src/operators/rbl.cc b/src/operators/rbl.cc index fc716e60..ea89a9c6 100644 --- a/src/operators/rbl.cc +++ b/src/operators/rbl.cc @@ -32,7 +32,7 @@ namespace operators { std::string Rbl::mapIpToAddress(std::string ipStr, Transaction *trans) { std::string addr; - unsigned int h0, h1, h2, h3; + int h0, h1, h2, h3; std::string key = trans->m_rules->m_httpbl_key; if (sscanf(ipStr.c_str(), "%d.%d.%d.%d", &h0, &h1, &h2, &h3) != 4) { diff --git a/src/request_body_processor/multipart.cc b/src/request_body_processor/multipart.cc index 6e40263d..35a74125 100644 --- a/src/request_body_processor/multipart.cc +++ b/src/request_body_processor/multipart.cc @@ -594,7 +594,7 @@ int Multipart::process_part_data(std::string *error) { int Multipart::process_part_header(std::string *error) { - int i, len, rc; + int i, len; /* Check for nul bytes. */ len = MULTIPART_BUF_SIZE - m_bufleft; @@ -623,6 +623,7 @@ int Multipart::process_part_header(std::string *error) { if (((m_buf[0] == '\r') && (m_buf[1] == '\n') && (m_buf[2] == '\0')) || ((m_buf[0] == '\n') && (m_buf[1] == '\0'))) { /* Empty line. */ std::string header_value(""); + int rc; if (m_mpp->m_headers.count("Content-Disposition") == 0) { debug(1, "Multipart: Part missing Content-Disposition header."); diff --git a/src/transaction.cc b/src/transaction.cc index 8609af55..f4de863f 100644 --- a/src/transaction.cc +++ b/src/transaction.cc @@ -268,11 +268,8 @@ bool Transaction::extractArguments(const std::string &orig, key_s = (key.length() + 1); value_s = (value.length() + 1); - unsigned char *key_c = (unsigned char *) malloc(sizeof(char) * key_s); - unsigned char *value_c = (unsigned char *) malloc(sizeof(char) * value_s); - - memset(key_c, '\0', sizeof(char) * key_s); - memset(value_c, '\0', sizeof(char) * value_s); + unsigned char *key_c = (unsigned char *) calloc(sizeof(char), key_s); + unsigned char *value_c = (unsigned char *) calloc(sizeof(char), value_s); memcpy(key_c, key.c_str(), key_s); memcpy(value_c, value.c_str(), value_s); @@ -1267,13 +1264,13 @@ std::string Transaction::toOldAuditLogFormatIndex(const std::string &filename, strftime(tstr, 299, "[%d/%b/%Y:%H:%M:%S %z]", &timeinfo); ss << dash_if_empty( - *this->m_collections.resolveFirst("REQUEST_HEADERS:Host")) << " "; + this->m_collections.resolveFirst("REQUEST_HEADERS:Host")) << " "; ss << dash_if_empty(this->m_clientIpAddress) << " "; /** TODO: Check variable */ - ss << dash_if_empty(*this->m_collections.resolveFirst("REMOTE_USER")); + ss << dash_if_empty(this->m_collections.resolveFirst("REMOTE_USER")); ss << " "; /** TODO: Check variable */ - ss << dash_if_empty(*this->m_collections.resolveFirst("LOCAL_USER")); + ss << dash_if_empty(this->m_collections.resolveFirst("LOCAL_USER")); ss << " "; ss << tstr << " "; @@ -1286,14 +1283,14 @@ std::string Transaction::toOldAuditLogFormatIndex(const std::string &filename, ss << this->m_httpCodeReturned << " "; ss << this->m_responseBody.tellp(); /** TODO: Check variable */ - ss << dash_if_empty(*this->m_collections.resolveFirst("REFERER")) << " "; + ss << dash_if_empty(this->m_collections.resolveFirst("REFERER")) << " "; ss << "\""; ss << dash_if_empty( - *this->m_collections.resolveFirst("REQUEST_HEADERS:User-Agent")); + this->m_collections.resolveFirst("REQUEST_HEADERS:User-Agent")); ss << "\" "; ss << this->m_id << " "; /** TODO: Check variable */ - ss << dash_if_empty(*this->m_collections.resolveFirst("REFERER")) << " "; + ss << dash_if_empty(this->m_collections.resolveFirst("REFERER")) << " "; ss << filename << " "; ss << "0" << " "; diff --git a/src/unique_id.cc b/src/unique_id.cc index 2458e98f..0c62742d 100644 --- a/src/unique_id.cc +++ b/src/unique_id.cc @@ -70,7 +70,7 @@ void UniqueId::fillUniqueId() { // Based on: // http://stackoverflow.com/questions/16858782/how-to-obtain-almost-unique-system-identifier-in-a-cross-platform-way -std::string UniqueId::machineName() { +std::string const UniqueId::machineName() { char machine_name[MAX_MACHINE_NAME_SIZE]; size_t len = MAX_MACHINE_NAME_SIZE; #ifdef WIN32 @@ -101,7 +101,7 @@ failed: return std::string(""); } -std::string UniqueId::ethernetMacAddress() { +std::string const UniqueId::ethernetMacAddress() { char mac[MAC_ADDRESS_SIZE]; memset(mac, '\0', sizeof(char)*(MAC_ADDRESS_SIZE)); #ifdef DARWIN diff --git a/src/unique_id.h b/src/unique_id.h index 619d1d44..f39bedd0 100644 --- a/src/unique_id.h +++ b/src/unique_id.h @@ -45,8 +45,8 @@ class UniqueId { } void fillUniqueId(); - std::string machineName(); - std::string ethernetMacAddress(); + std::string const machineName(); + std::string const ethernetMacAddress(); std::string uniqueId_str; diff --git a/src/utils.cc b/src/utils.cc index f409e66f..daa2f229 100644 --- a/src/utils.cc +++ b/src/utils.cc @@ -164,12 +164,21 @@ double random_number(const double from, const double to) { } -std::string dash_if_empty(const std::string& str) { - if (&str == NULL || str.empty()) { +std::string dash_if_empty(const std::string *str) { + if (str == NULL || str->empty()) { return "-"; } - return str; + return *str; +} + + +std::string dash_if_empty(const char *str) { + if (str == NULL || strlen(str) == 0) { + return "-"; + } + + return std::string(str); } diff --git a/src/utils.h b/src/utils.h index 60cc6023..ae57435d 100644 --- a/src/utils.h +++ b/src/utils.h @@ -37,7 +37,8 @@ namespace modsecurity { double generate_transaction_unique_id(); std::string ascTime(time_t *t); void createDir(std::string dir, int mode); - std::string dash_if_empty(const std::string& str); + std::string dash_if_empty(const std::string *str); + std::string dash_if_empty(const char *str); void chomp(std::string *str); std::string uri_decode(const std::string & sSrc); std::string tolower(std::string str); diff --git a/src/utils/acmp.cc b/src/utils/acmp.cc index f714d496..25b6c68d 100644 --- a/src/utils/acmp.cc +++ b/src/utils/acmp.cc @@ -39,7 +39,7 @@ char *parse_pm_content(const char *op_parm, unsigned short int op_len, const cha char *parm = NULL; char *content = NULL; unsigned short int offset = 0; - char converted = 0; +// char converted = 0; int i, x; unsigned char bin = 0, esc = 0, bin_offset = 0; unsigned char bin_parm[3], c = 0; @@ -84,6 +84,7 @@ char *parse_pm_content(const char *op_parm, unsigned short int op_len, const cha if (op_len == 0) { *error_msg = "Content length is 0."; + free(parm); return NULL; } @@ -116,7 +117,7 @@ char *parse_pm_content(const char *op_parm, unsigned short int op_len, const cha bin_offset = 0; parm[x] = c; x++; - converted = 1; + //converted = 1; } } else if (parm[i] == ' ') { } @@ -133,7 +134,7 @@ char *parse_pm_content(const char *op_parm, unsigned short int op_len, const cha return NULL; } esc = 0; - converted = 1; + //converted = 1; } else { parm[x] = parm[i]; x++; @@ -141,9 +142,11 @@ char *parse_pm_content(const char *op_parm, unsigned short int op_len, const cha } } +#if 0 if (converted) { op_len = x; } +#endif //processed = memcpy(processed, parm, op_len); processed = strdup(parm); @@ -188,11 +191,8 @@ static void acmp_strtoucs(ACMP *parser, const char *str, long *ucs_chars, int le int i; const char *c = str; - - { - for (i = 0; i < len; i++) { - *(ucs_chars++) = *(c++); - } + for (i = 0; i < len; i++) { + *(ucs_chars++) = *(c++); } } @@ -295,7 +295,7 @@ static void acmp_add_btree_leaves(acmp_btree_node_t *node, acmp_node_t *nodes[], int left = 0, right = 0; if ((pos - lb) > 1) { left = lb + (pos - lb) / 2; - node->left =(acmp_btree_node_t *) calloc(1, sizeof(acmp_btree_node_t)); + node->left = reinterpret_cast(calloc(1, sizeof(acmp_btree_node_t))); /* ENH: Check alloc succeded */ node->left->node = nodes[left]; node->left->letter = nodes[left]->letter; @@ -305,7 +305,7 @@ static void acmp_add_btree_leaves(acmp_btree_node_t *node, acmp_node_t *nodes[], } if ((rb - pos) > 1) { right = pos + (rb - pos) / 2; - node->right = (acmp_btree_node_t *)calloc(1, sizeof(acmp_btree_node_t)); + node->right = reinterpret_cast(calloc(1, sizeof(acmp_btree_node_t))); /* ENH: Check alloc succeded */ node->right->node = nodes[right]; node->right->letter = nodes[right]->letter; @@ -355,7 +355,7 @@ static void acmp_build_binary_tree(ACMP *parser, acmp_node_t *node) { nodes[j] = tmp; } if (node->btree) { free (node->btree); node->btree = NULL; } - node->btree = (acmp_btree_node_t *)calloc(1, sizeof(acmp_btree_node_t)); + node->btree = reinterpret_cast(calloc(1, sizeof(acmp_btree_node_t))); /* ENH: Check alloc succeded */ pos = count / 2; node->btree->node = nodes[pos]; @@ -433,13 +433,12 @@ static int acmp_connect_fail_branches(ACMP *parser) { * flags - OR-ed values of ACMP_FLAG constants */ ACMP *acmp_create(int flags) { - int rc; ACMP *parser; - parser = (ACMP *)calloc(1, sizeof(ACMP)); + parser = reinterpret_cast(calloc(1, sizeof(ACMP))); /* ENH: Check alloc succeded */ parser->is_case_sensitive = (flags & ACMP_FLAG_CASE_SENSITIVE) == 0 ? 0 : 1; - parser->root_node = (acmp_node_t *)calloc(1, sizeof(acmp_node_t)); + parser->root_node = reinterpret_cast(calloc(1, sizeof(acmp_node_t))); /* ENH: Check alloc succeded */ return parser; } @@ -494,7 +493,7 @@ if (parser->is_active != 0) return -1; } child = acmp_child_for_code(parent, letter); if (child == NULL) { - child = (acmp_node_t *) calloc(1, sizeof(acmp_node_t)); + child = reinterpret_cast(calloc(1, sizeof(acmp_node_t))); /* ENH: Check alloc succeded */ child->pattern = (char *)""; child->letter = letter; @@ -537,7 +536,7 @@ int acmp_process_quick(ACMPT *acmpt, const char **match, const char *data, size_ parser = acmpt->parser; if (acmpt->ptr == NULL) acmpt->ptr = parser->root_node; - node = (acmp_node_t *)acmpt->ptr; + node = reinterpret_cast(acmpt->ptr); end = data + len; while (data < end) { diff --git a/src/utils/base64.cc b/src/utils/base64.cc index bb97aaf0..ce57d690 100644 --- a/src/utils/base64.cc +++ b/src/utils/base64.cc @@ -148,7 +148,7 @@ void Base64::decode_forgiven_engine(unsigned char *plain_text, } ch = b64_reverse_t[ch]; - if (ch < 0 || ch == -1) { + if (ch < 0) { continue; } else if (ch == -2) { *aiming_size = 0; diff --git a/src/utils/msc_tree.cc b/src/utils/msc_tree.cc index 4e22a3c9..ec03396c 100644 --- a/src/utils/msc_tree.cc +++ b/src/utils/msc_tree.cc @@ -26,7 +26,7 @@ extern "C" { CPTTree *CPTCreateRadixTree() { CPTTree *tree = NULL; - tree = (CPTTree *)malloc(sizeof(CPTTree)); + tree = reinterpret_cast(malloc(sizeof(CPTTree))); if(tree == NULL) return NULL; @@ -38,12 +38,12 @@ CPTTree *CPTCreateRadixTree() { void ConvertIPNetmask(unsigned char *buffer, unsigned char netmask, unsigned int ip_bitmask) { int aux = 0, bytes = 0; - int mask = 0, mask_bit = 0; + int mask = 0; bytes = ip_bitmask/8; while(aux < bytes) { - mask_bit = ((1+aux) * 8); + int mask_bit = ((1+aux) * 8); if (mask_bit > netmask) { mask = 0; @@ -62,7 +62,7 @@ void ConvertIPNetmask(unsigned char *buffer, unsigned char netmask, unsigned int TreeNode *CPTCreateNode() { TreeNode *node = NULL; - node = (TreeNode *)malloc(sizeof(TreeNode)); + node = reinterpret_cast(malloc(sizeof(TreeNode))); if(node == NULL) return NULL; @@ -73,7 +73,7 @@ TreeNode *CPTCreateNode() { CPTData *CPTCreateCPTData(unsigned char netmask) { - CPTData *prefix_data = (CPTData *)malloc(sizeof(CPTData)); + CPTData *prefix_data = reinterpret_cast(malloc(sizeof(CPTData))); if (prefix_data == NULL) { return NULL; @@ -113,16 +113,18 @@ TreePrefix *CPTCreatePrefix(unsigned char *ipdata, unsigned int ip_bitmask, return NULL; } - prefix = (TreePrefix *)malloc(sizeof(TreePrefix)); + prefix = reinterpret_cast(malloc(sizeof(TreePrefix))); if (prefix == NULL) return NULL; memset(prefix, 0, sizeof(TreePrefix)); - prefix->buffer = (unsigned char *)malloc(bytes); + prefix->buffer = reinterpret_cast(malloc(bytes)); - if(prefix->buffer == NULL) + if (prefix->buffer == NULL) { + free(prefix); return NULL; + } memset(prefix->buffer, 0, bytes); @@ -216,7 +218,7 @@ TreeNode *CPTCreateHead(TreePrefix *prefix, TreeNode *node, CPTTree *tree, unsig return node; node->count++; - node->netmasks = (unsigned char *)malloc(node->count * sizeof(unsigned char)); + node->netmasks = reinterpret_cast(malloc(node->count * sizeof(unsigned char))); if(node->netmasks) node->netmasks[0] = netmask; @@ -244,11 +246,9 @@ TreeNode *SetParentNode(TreeNode *node, TreeNode *new_node, CPTTree *tree) { int InsertNetmask(TreeNode *node, TreeNode *parent, TreeNode *new_node, CPTTree *tree, unsigned char netmask, unsigned char bitlen) { - int i; - if (netmask != NETMASK_256-1 && netmask != NETMASK_128) { if ((netmask != NETMASK_32 || (netmask == NETMASK_32 && bitlen != NETMASK_32))) { - + int i; node = new_node; parent = new_node->parent; @@ -258,7 +258,7 @@ int InsertNetmask(TreeNode *node, TreeNode *parent, TreeNode *new_node, } node->count++; - node->netmasks = (unsigned char *) malloc(node->count * sizeof(unsigned char)); + node->netmasks = reinterpret_cast(malloc(node->count * sizeof(unsigned char))); if(node->netmasks == NULL) return 0; @@ -290,7 +290,7 @@ TreeNode *CPTAddElement(unsigned char *ipdata, unsigned int ip_bitmask, CPTTree unsigned char *buffer = NULL; unsigned char bitlen = 0; int bit_validation = 0, test_bit = 0; - int i = 0, j = 0, temp = 0; + int i = 0; unsigned int x, y; TreeNode *node = NULL, *new_node = NULL; TreeNode *parent = NULL, *i_node = NULL; @@ -351,6 +351,7 @@ TreeNode *CPTAddElement(unsigned char *ipdata, unsigned int ip_bitmask, CPTTree for (i = 0; (i * NETMASK_8) < bit_validation; i++) { int net = 0, div = 0; int cnt = 0; + int temp; if ((temp = (buffer[i] ^ bottom_node->prefix->buffer[i])) == 0) { test_bit = (i + 1) * NETMASK_8; @@ -408,7 +409,7 @@ TreeNode *CPTAddElement(unsigned char *ipdata, unsigned int ip_bitmask, CPTTree node->count++; new_node = node; - node->netmasks = (unsigned char *)malloc(node->count * sizeof(unsigned char)); + node->netmasks = reinterpret_cast(malloc(node->count * sizeof(unsigned char))); if ((node->count -1) == 0) { node->netmasks[0] = netmask; @@ -469,13 +470,14 @@ TreeNode *CPTAddElement(unsigned char *ipdata, unsigned int ip_bitmask, CPTTree if (node->netmasks != NULL) { i = 0; + int j; while(i < node->count) { if (node->netmasks[i] < test_bit + 1) break; i++; } - i_node->netmasks = (unsigned char *)malloc((node->count - i) * sizeof(unsigned char)); + i_node->netmasks = reinterpret_cast(malloc((node->count - i) * sizeof(unsigned char))); if(i_node->netmasks == NULL) { return NULL; @@ -567,7 +569,6 @@ int TreePrefixNetmask(TreePrefix *prefix, unsigned int netmask, int flag) { } TreeNode *CPTRetriveNode(unsigned char *buffer, unsigned int ip_bitmask, TreeNode *node) { - unsigned int x, y; if(node == NULL) { //if (msr && msr->txcfg->debuglog_level >= 9) { @@ -584,8 +585,8 @@ TreeNode *CPTRetriveNode(unsigned char *buffer, unsigned int ip_bitmask, TreeNod } while (node->bit < ip_bitmask) { - - x = SHIFT_RIGHT_MASK(node->bit, 3); y = SHIFT_RIGHT_MASK(NETMASK_128, (node->bit % 8)); + unsigned int x = SHIFT_RIGHT_MASK(node->bit, 3); + unsigned int y = SHIFT_RIGHT_MASK(NETMASK_128, (node->bit % 8)); if (TREE_CHECK(buffer[x], y)) { node = node->right; @@ -614,7 +615,7 @@ TreeNode *CPTRetriveParentNode(TreeNode *node) { TreeNode *CPTFindElementIPNetblock(unsigned char *ipdata, unsigned char ip_bitmask, TreeNode *node) { TreeNode *netmask_node = NULL; - int mask = 0, bytes = 0; + int mask = 0; int i = 0, j = 0; int mask_bits = 0; @@ -630,7 +631,7 @@ TreeNode *CPTFindElementIPNetblock(unsigned char *ipdata, unsigned char ip_bitma netmask_node = node; while(j < netmask_node->count) { - bytes = ip_bitmask / 8; + int bytes = ip_bitmask / 8; while( i < bytes ) { @@ -808,7 +809,8 @@ TreeNode *CPTIpMatch(unsigned char *ipdata, CPTTree *tree, int type) { } TreeNode *TreeAddIP(const char *buffer, CPTTree *tree, int type) { - unsigned long ip, ret; + unsigned long ip; + int ret; unsigned char netmask_v4 = NETMASK_32, netmask_v6 = NETMASK_128; char ip_strv4[NETMASK_32], ip_strv6[NETMASK_128]; struct in_addr addr4; @@ -1005,6 +1007,7 @@ int ip_tree_from_param( if (create_radix_tree(rtree, error_msg)) { + free(param_copy); return -1; } @@ -1045,12 +1048,12 @@ int ip_tree_from_param( unsigned char is_netmask_v4(char *ip_strv4) { unsigned char netmask_v4 = 32; char *mask_str = NULL; - int cidr; if(ip_strv4 == NULL) return netmask_v4; if ((mask_str = strchr(ip_strv4, '/'))) { + int cidr; *(mask_str++) = '\0'; if (strchr(mask_str, '.') != NULL) { @@ -1077,12 +1080,12 @@ unsigned char is_netmask_v4(char *ip_strv4) { unsigned char is_netmask_v6(char *ip_strv6) { unsigned char netmask_v6 = 128; char *mask_str = NULL; - int cidr; if(ip_strv6 == NULL) return netmask_v6; if ((mask_str = strchr(ip_strv6, '/'))) { + int cidr; *(mask_str++) = '\0'; if (strchr(mask_str, ':') != NULL) { @@ -1102,7 +1105,7 @@ unsigned char is_netmask_v6(char *ip_strv6) { int create_radix_tree(TreeRoot **rtree, char **error_msg) { - *rtree = (TreeRoot *)malloc(sizeof(TreeRoot)); + *rtree = reinterpret_cast(malloc(sizeof(TreeRoot))); if (*rtree == NULL) { //*error_msg = apr_psprintf(mp, "Failed allocating " \ diff --git a/src/utils/regex.h b/src/utils/regex.h index 3f119620..5a0e0044 100644 --- a/src/utils/regex.h +++ b/src/utils/regex.h @@ -42,8 +42,8 @@ class Regex { class SMatch { public: SMatch() : size_(0) { } - size_t size() { return size_; } - std::string str() { return match; } + size_t size() const { return size_; } + std::string str() const { return match; } int size_; std::string match; }; diff --git a/src/variables/xml.cc b/src/variables/xml.cc index dafd89b9..876595c2 100644 --- a/src/variables/xml.cc +++ b/src/variables/xml.cc @@ -50,7 +50,6 @@ void XML::evaluateInternal(Transaction *t, xmlXPathContextPtr xpathCtx; xmlXPathObjectPtr xpathObj; xmlNodeSetPtr nodes; - std::string key; std::string param; const xmlChar* xpathExpr = NULL; int i; @@ -58,10 +57,8 @@ void XML::evaluateInternal(Transaction *t, pos = m_name.find_first_of(":"); if (pos == std::string::npos) { - key = std::string(m_name, 0); param = ""; } else { - key = std::string(m_name, 0, pos); param = std::string(m_name, pos+1, m_name.length() - (pos + 1)); } diff --git a/test/cppcheck_suppressions.txt b/test/cppcheck_suppressions.txt index baad7622..8455f6e5 100644 --- a/test/cppcheck_suppressions.txt +++ b/test/cppcheck_suppressions.txt @@ -11,6 +11,8 @@ unusedFunction:test/optimization/optimization.cc unusedFunction:src/utils.cc *:src/parser/seclang-parser.hh *:src/parser/seclang-scanner.cc +*:parser/seclang-parser.hh +*:parser/seclang-scanner.cc *:others/libinjection/src/libinjection_html5.c *:others/libinjection/src/libinjection_sqli.c *:others/libinjection/src/libinjection_xss.c @@ -20,5 +22,16 @@ unusedFunction:src/utils.cc *:others/libinjection/src/test_speed_sqli.c *:others/libinjection/src/test_speed_xss.c *:others/libinjection/src/testdriver.c - - +initializerList:src/actions/action.h:90 +initializerList:src/actions/action.h:91 +unusedLabel:src/unique_id.cc:222 +unusedLabel:src/unique_id.cc:224 +leakReturnValNotUsed:src/debug_log_writer_agent.cc:31 +postfixOperator:* +*:src/utils/mbedtls/base64.c +*:src/utils/mbedtls/sha1.c +readdirCalled:test/common/modsecurity_test.cc:114 +missingInclude:* +unreadVariable:test/regression/regression.cc:380 +shiftNegative:src/utils/msc_tree.cc +nullPointerRedundantCheck::src/utils/msc_tree.cc diff --git a/test/optimization/optimization.cc b/test/optimization/optimization.cc index 2a77c4c8..5c638d50 100644 --- a/test/optimization/optimization.cc +++ b/test/optimization/optimization.cc @@ -55,6 +55,7 @@ int main(int argc, char **argv) { if (modsecRules->loadFromUri(x.c_str()) < 0) { std::cout << "Not able to load the rules" << std::endl; std::cout << modsecRules->getParserError() << std::endl; + delete modsecRules; return -1; } } @@ -145,7 +146,7 @@ int main(int argc, char **argv) { std::cout << std::endl; std::cout << std::endl; - + delete modsecRules; return 0; } diff --git a/test/regression/regression.cc b/test/regression/regression.cc index d7905667..e6cdd4e1 100644 --- a/test/regression/regression.cc +++ b/test/regression/regression.cc @@ -310,7 +310,9 @@ void perform_unit_test(ModSecurityTest *test, } #endif +#if 0 end: +#endif modsec_transaction->processLogging(); CustomDebugLog *d = reinterpret_cast @@ -416,7 +418,7 @@ int main(int argc, char **argv) { for (std::string &a : keyList) { test_number++; if ((test.m_test_number == 0) - || (test.m_test_number != 0 && test_number == test.m_test_number)) { + || (test_number == test.m_test_number)) { std::vector *tests = test[a]; perform_unit_test(&test, tests, &res, &counter); }