From 4aad8e0d061e0f6303c765d1b6605abba6985e8b Mon Sep 17 00:00:00 2001
From: Eduardo Arias <eduar_hte@hotmail.com>
Date: Sun, 28 Apr 2024 11:34:37 -0300
Subject: [PATCH] Inline cppcheck suppressions

---
 headers/modsecurity/transaction.h      |  2 +-
 src/engine/lua.h                       |  4 ++--
 src/operators/geo_lookup.h             |  1 +
 src/operators/rbl.h                    |  9 +++++----
 src/operators/validate_url_encoding.cc |  2 +-
 src/operators/verify_cpf.cc            |  2 +-
 src/operators/verify_svnr.cc           |  4 ++--
 src/rule_with_actions.cc               |  2 +-
 src/rule_with_operator.cc              |  3 ++-
 src/rules_set_properties.cc            |  4 ++--
 test/cppcheck_suppressions.txt         | 17 -----------------
 11 files changed, 18 insertions(+), 32 deletions(-)

diff --git a/headers/modsecurity/transaction.h b/headers/modsecurity/transaction.h
index b0dc4b71..83d85012 100644
--- a/headers/modsecurity/transaction.h
+++ b/headers/modsecurity/transaction.h
@@ -405,7 +405,7 @@ class Transaction : public TransactionAnchoredVariables, public TransactionSecMa
     size_t getRequestBodyLength();
 
 #ifndef NO_LOGS
-    void debug(int, const std::string&) const;
+    void debug(int, const std::string &) const; // cppcheck-suppress functionStatic
 #endif
     void serverLog(std::shared_ptr<RuleMessage> rm);
 
diff --git a/src/engine/lua.h b/src/engine/lua.h
index 9a678fd7..a33f28f8 100644
--- a/src/engine/lua.h
+++ b/src/engine/lua.h
@@ -67,8 +67,8 @@ class Lua {
  public:
     Lua() { }
 
-    bool load(const std::string &script, std::string *err);
-    int run(Transaction *t, const std::string &str="");
+    bool load(const std::string &script, std::string *err); // cppcheck-suppress functionStatic ; triggered when compiling without LUA
+    int run(Transaction *t, const std::string &str = "");   // cppcheck-suppress functionStatic ; triggered when compiling without LUA
     static bool isCompatible(const std::string &script, Lua *l, std::string *error);
 
 #ifdef WITH_LUA
diff --git a/src/operators/geo_lookup.h b/src/operators/geo_lookup.h
index e0193782..187a2f31 100644
--- a/src/operators/geo_lookup.h
+++ b/src/operators/geo_lookup.h
@@ -32,6 +32,7 @@ class GeoLookup : public Operator {
     bool evaluate(Transaction *transaction, const std::string &exp) override;
 
  protected:
+    // cppcheck-suppress functionStatic
     bool debug(Transaction *transaction, int x, const std::string &a) {
         ms_dbg_a(transaction, x, a);
         return true;
diff --git a/src/operators/rbl.h b/src/operators/rbl.h
index a35a6a7b..fb57d2d9 100644
--- a/src/operators/rbl.h
+++ b/src/operators/rbl.h
@@ -66,10 +66,11 @@ class Rbl : public Operator {
         m_demandsPassword(false),
         m_provider(RblProvider::UnknownProvider),
         Operator("Rbl", std::move(param)) {
-            m_service = m_string->evaluate();
-            if (m_service.find("httpbl.org") != std::string::npos) {
-                m_demandsPassword = true;
-                m_provider = RblProvider::httpbl;
+        m_service = m_string->evaluate(); // cppcheck-suppress useInitializationList
+        if (m_service.find("httpbl.org") != std::string::npos)
+        {
+            m_demandsPassword = true;
+            m_provider = RblProvider::httpbl;
             } else if (m_service.find("uribl.com") != std::string::npos) {
                 m_provider = RblProvider::uribl;
             } else if (m_service.find("spamhaus.org") != std::string::npos) {
diff --git a/src/operators/validate_url_encoding.cc b/src/operators/validate_url_encoding.cc
index 20a86eb6..502aa3d4 100644
--- a/src/operators/validate_url_encoding.cc
+++ b/src/operators/validate_url_encoding.cc
@@ -74,7 +74,7 @@ bool ValidateUrlEncoding::evaluate(Transaction *transaction, RuleWithActions *ru
     bool res = false;
 
     if (input.empty() == true) {
-        return res;
+        return res; // cppcheck-suppress knownConditionTrueFalse
     }
 
     int rc = validate_url_encoding(input.c_str(), input.size(), &offset);
diff --git a/src/operators/verify_cpf.cc b/src/operators/verify_cpf.cc
index 778584db..1dcf1844 100644
--- a/src/operators/verify_cpf.cc
+++ b/src/operators/verify_cpf.cc
@@ -74,7 +74,7 @@ bool VerifyCPF::verify(const char *cpfnumber, int len) {
     c = cpf_len;
 
     for (i = 0; i < 9; i++) {
-        sum += (cpf[i] * --c);
+        sum += (cpf[i] * --c); // cppcheck-suppress uninitvar
     }
 
     factor = (sum % cpf_len);
diff --git a/src/operators/verify_svnr.cc b/src/operators/verify_svnr.cc
index 248e6b4e..87834dd4 100644
--- a/src/operators/verify_svnr.cc
+++ b/src/operators/verify_svnr.cc
@@ -64,7 +64,7 @@ bool VerifySVNR::verify(const char *svnrnumber, int len) {
     }
     //Laufnummer mit 3, 7, 9
     //Geburtsdatum mit 5, 8, 4, 2, 1, 6
-    sum = svnr[0] * 3 + svnr[1] * 7 + svnr[2] * 9 + svnr[4] * 5 + svnr[5] * 8 + svnr[6] * 4 + svnr[7] * 2 + svnr[8] * 1 + svnr[9] * 6;
+    sum = svnr[0] * 3 + svnr[1] * 7 + svnr[2] * 9 + svnr[4] * 5 + svnr[5] * 8 + svnr[6] * 4 + svnr[7] * 2 + svnr[8] * 1 + svnr[9] * 6; // cppcheck-suppress uninitvar
     sum %= 11;
     if(sum == 10){
     	sum = 0;
@@ -84,7 +84,7 @@ bool VerifySVNR::evaluate(Transaction *t, RuleWithActions *rule,
     int i;
 
     if (m_param.empty()) {
-        return is_svnr;
+        return is_svnr; // cppcheck-suppress knownConditionTrueFalse
     }
 
     for (i = 0; i < input.size() - 1 && is_svnr == false; i++) {
diff --git a/src/rule_with_actions.cc b/src/rule_with_actions.cc
index 04ee219c..7c9471c1 100644
--- a/src/rule_with_actions.cc
+++ b/src/rule_with_actions.cc
@@ -241,7 +241,7 @@ void RuleWithActions::executeActionsAfterFullMatch(Transaction *trans,
     bool containsBlock, std::shared_ptr<RuleMessage> ruleMessage) {
     bool disruptiveAlreadyExecuted = false;
 
-    for (auto &a : trans->m_rules->m_defaultActions[getPhase()]) {
+    for (auto &a : trans->m_rules->m_defaultActions[getPhase()]) { // cppcheck-suppress ctunullpointer
         if (a.get()->action_kind != actions::Action::RunTimeOnlyIfMatchKind) {
             continue;
         }
diff --git a/src/rule_with_operator.cc b/src/rule_with_operator.cc
index 21d93628..d308443a 100644
--- a/src/rule_with_operator.cc
+++ b/src/rule_with_operator.cc
@@ -92,6 +92,7 @@ void RuleWithOperator::updateMatchedVars(Transaction *trans, const std::string &
 
 void RuleWithOperator::cleanMatchedVars(Transaction *trans) {
     ms_dbg_a(trans, 9, "Matched vars cleaned.");
+    // cppcheck-suppress ctunullpointer
     trans->m_variableMatchedVar.unset();
     trans->m_variableMatchedVars.unset();
     trans->m_variableMatchedVarName.unset();
@@ -132,7 +133,7 @@ bool RuleWithOperator::executeOperatorAt(Transaction *trans, const std::string &
 
 void RuleWithOperator::getVariablesExceptions(Transaction *t,
     variables::Variables *exclusion, variables::Variables *addition) {
-    for (auto &a : t->m_rules->m_exceptions.m_variable_update_target_by_tag) {
+    for (auto &a : t->m_rules->m_exceptions.m_variable_update_target_by_tag) { // cppcheck-suppress ctunullpointer
         if (containsTag(*a.first.get(), t) == false) {
             continue;
         }
diff --git a/src/rules_set_properties.cc b/src/rules_set_properties.cc
index ffb37e76..075e3e87 100644
--- a/src/rules_set_properties.cc
+++ b/src/rules_set_properties.cc
@@ -98,8 +98,8 @@ void ConfigUnicodeMap::loadConfig(std::string f, double configCodePage,
 
             if (mapping != NULL) {
                 ucode = strtok_r(mapping, ":", &hmap);
-                sscanf(ucode, "%x", &code);
-                sscanf(hmap, "%x", &Map);
+                sscanf(ucode, "%x", &code); // cppcheck-suppress invalidScanfArgType_int
+                sscanf(hmap, "%x", &Map);   // cppcheck-suppress invalidScanfArgType_int
                 if (code >= 0 && code <= 65535)    {
                     driver->m_unicodeMapTable.m_unicodeMapTable->change(code, Map);
                 }
diff --git a/test/cppcheck_suppressions.txt b/test/cppcheck_suppressions.txt
index c3a4cf49..be29218f 100644
--- a/test/cppcheck_suppressions.txt
+++ b/test/cppcheck_suppressions.txt
@@ -25,36 +25,19 @@
 shiftNegative:src/utils/msc_tree.cc
 *:src/utils/acmp.cc
 *:src/utils/msc_tree.cc
-invalidScanfArgType_int:src/rules_set_properties.cc:101
-invalidScanfArgType_int:src/rules_set_properties.cc:102
 
 
 // 
 // ModSecurity v3 code...
 // 
 useInitializationList:src/utils/shared_files.h:87
-functionStatic:headers/modsecurity/transaction.h:408
 duplicateBranch:src/audit_log/audit_log.cc:226
 unreadVariable:src/request_body_processor/multipart.cc:435
 stlcstrParam:src/audit_log/writer/parallel.cc:145
-functionStatic:src/engine/lua.h:70
-functionStatic:src/engine/lua.h:71
-functionConst:src/utils/geo_lookup.h:49
-useInitializationList:src/operators/rbl.h:69
-functionStatic:src/operators/geo_lookup.h:35
 syntaxError:src/transaction.cc:62
 noConstructor:src/variables/variable.h:152
-knownConditionTrueFalse:src/operators/validate_url_encoding.cc:77
-knownConditionTrueFalse:src/operators/verify_svnr.cc:87
 rethrowNoCurrentException:headers/modsecurity/transaction.h:313
 rethrowNoCurrentException:src/rule_with_actions.cc:127
-ctunullpointer:src/rule_with_actions.cc:244
-ctunullpointer:src/rule_with_operator.cc:135
-ctunullpointer:src/rule_with_operator.cc:95
-unreadVariable:src/rule_with_operator.cc:219
-
-uninitvar:src/operators/verify_cpf.cc:77
-uninitvar:src/operators/verify_svnr.cc:67
 
 variableScope:src/operators/rx.cc
 variableScope:src/operators/rx_global.cc