diff --git a/headers/modsecurity/rule.h b/headers/modsecurity/rule.h index 0660c626..f9552e73 100644 --- a/headers/modsecurity/rule.h +++ b/headers/modsecurity/rule.h @@ -56,7 +56,7 @@ class Rule { std::vector *_actions, std::string fileName, int lineNumber); - explicit Rule(std::string marker); + explicit Rule(const std::string &marker); virtual ~Rule(); virtual bool evaluate(Transaction *transaction, @@ -87,7 +87,7 @@ class Rule { std::shared_ptr>> executeDefaultTransformations( Transaction *trasn, const std::string &value); - bool executeOperatorAt(Transaction *trasn, std::string key, + bool executeOperatorAt(Transaction *trasn, const std::string &key, std::string value, std::shared_ptr rm); void executeActionsIndependentOfChainedRuleResult(Transaction *trasn, bool *b, std::shared_ptr ruleMessage); diff --git a/headers/modsecurity/transaction.h b/headers/modsecurity/transaction.h index dd2e9cf8..b6161aba 100644 --- a/headers/modsecurity/transaction.h +++ b/headers/modsecurity/transaction.h @@ -293,6 +293,10 @@ class Transaction : public TransactionAnchoredVariables { void *logCbData); ~Transaction(); + Transaction ( const Transaction & ) = delete; + bool operator ==(const Transaction &b) const { return false; }; + Transaction operator =(const Transaction &b) const = delete; + /** TODO: Should be an structure that fits an IP address */ int processConnection(const char *client, int cPort, const char *server, int sPort); diff --git a/src/operators/contains_word.cc b/src/operators/contains_word.cc index 5b548739..3254e273 100644 --- a/src/operators/contains_word.cc +++ b/src/operators/contains_word.cc @@ -37,36 +37,36 @@ bool ContainsWord::acceptableChar(const std::string& a, size_t pos) { } bool ContainsWord::evaluate(Transaction *transaction, Rule *rule, - const std::string &input, std::shared_ptr ruleMessage) { + const std::string &str, std::shared_ptr ruleMessage) { std::string paramTarget(m_string->evaluate(transaction)); if (paramTarget.empty()) { return true; } - if (input.empty()) { + if (str.empty()) { return false; } - if (input == paramTarget) { + if (str == paramTarget) { return true; } - size_t pos = input.find(paramTarget); + size_t pos = str.find(paramTarget); while (pos != std::string::npos) { - if (pos == 0 && acceptableChar(input, paramTarget.size())) { + if (pos == 0 && acceptableChar(str, paramTarget.size())) { logOffset(ruleMessage, 0, paramTarget.size()); return true; } - if (pos + paramTarget.size() == input.size() && - acceptableChar(input, pos - 1)) { + if (pos + paramTarget.size() == str.size() && + acceptableChar(str, pos - 1)) { logOffset(ruleMessage, pos, paramTarget.size()); return true; } - if (acceptableChar(input, pos - 1) && - acceptableChar(input, pos + paramTarget.size())) { + if (acceptableChar(str, pos - 1) && + acceptableChar(str, pos + paramTarget.size())) { logOffset(ruleMessage, pos, paramTarget.size()); return true; } - pos = input.find(paramTarget, pos + 1); + pos = str.find(paramTarget, pos + 1); } return false; diff --git a/src/operators/ends_with.cc b/src/operators/ends_with.cc index f1f20247..d967ecf5 100644 --- a/src/operators/ends_with.cc +++ b/src/operators/ends_with.cc @@ -24,15 +24,15 @@ namespace operators { bool EndsWith::evaluate(Transaction *transaction, Rule *rule, - const std::string &input, std::shared_ptr ruleMessage) { + const std::string &str, std::shared_ptr ruleMessage) { bool ret = false; std::string p(m_string->evaluate(transaction)); - if (input.length() >= p.length()) { - ret = (0 == input.compare(input.length() - p.length(), + if (str.length() >= p.length()) { + ret = (0 == str.compare(str.length() - p.length(), p.length(), p)); if (ret) { - logOffset(ruleMessage, input.length() - p.length(), + logOffset(ruleMessage, str.length() - p.length(), p.size()); } } diff --git a/src/operators/fuzzy_hash.h b/src/operators/fuzzy_hash.h index cafe5780..2a1e7df8 100644 --- a/src/operators/fuzzy_hash.h +++ b/src/operators/fuzzy_hash.h @@ -40,8 +40,8 @@ class FuzzyHash : public Operator { /** @ingroup ModSecurity_Operator */ explicit FuzzyHash(std::unique_ptr param) : Operator("FuzzyHash", std::move(param)), - m_head(NULL), - m_threshold(0) { } + m_threshold(0), + m_head(NULL) { } ~FuzzyHash(); bool evaluate(Transaction *transaction, const std::string &std) override; diff --git a/src/operators/rbl.cc b/src/operators/rbl.cc index 5cf794d9..dc7e0f6e 100644 --- a/src/operators/rbl.cc +++ b/src/operators/rbl.cc @@ -34,7 +34,7 @@ std::string Rbl::mapIpToAddress(std::string ipStr, Transaction *trans) { std::string addr; int h0, h1, h2, h3; std::string key; - if (trans->m_rules->m_httpblKey.m_set == true) { + if (trans && trans->m_rules->m_httpblKey.m_set == true) { key = trans->m_rules->m_httpblKey.m_value; } diff --git a/src/rule.cc b/src/rule.cc index 071526e6..561ef537 100644 --- a/src/rule.cc +++ b/src/rule.cc @@ -51,7 +51,7 @@ using variables::Variable; using actions::transformations::None; -Rule::Rule(std::string marker) +Rule::Rule(const std::string &marker) : m_accuracy(0), m_actionsRuntimePos(), m_actionsRuntimePre(), @@ -303,7 +303,7 @@ void Rule::executeActionsIndependentOfChainedRuleResult(Transaction *trans, } -bool Rule::executeOperatorAt(Transaction *trans, std::string key, +bool Rule::executeOperatorAt(Transaction *trans, const std::string &key, std::string value, std::shared_ptr ruleMessage) { #if MSC_EXEC_CLOCK_ENABLED clock_t begin = clock(); diff --git a/src/utils/base64.h b/src/utils/base64.h index ab63449e..8d3d91c0 100644 --- a/src/utils/base64.h +++ b/src/utils/base64.h @@ -32,9 +32,10 @@ class Base64 { static std::string decode(const std::string& data); static std::string decode_forgiven(const std::string& data); - static void decode_forgiven_engine(unsigned char *output, - size_t output_size, size_t *aiming_size, const unsigned char *input, - size_t input_size); + static void decode_forgiven_engine(unsigned char *plain_text, + size_t plain_text_size, size_t *aiming_size, + const unsigned char *encoded, + size_t input_len); }; diff --git a/src/utils/geo_lookup.cc b/src/utils/geo_lookup.cc index 2e95244b..2be7e8f9 100644 --- a/src/utils/geo_lookup.cc +++ b/src/utils/geo_lookup.cc @@ -106,7 +106,7 @@ bool GeoLookup::setDataBase(const std::string& filePath, bool GeoLookup::lookup(const std::string& target, Transaction *trans, - std::function debug) { + std::function debug) const { if (m_version == NOT_LOADED) { if (debug) { diff --git a/src/utils/geo_lookup.h b/src/utils/geo_lookup.h index c1e3ab49..28384605 100644 --- a/src/utils/geo_lookup.h +++ b/src/utils/geo_lookup.h @@ -49,8 +49,8 @@ class GeoLookup { bool setDataBase(const std::string& filePath, std::string *err); void cleanUp(); - bool lookup(const std::string& target, Transaction *t, - std::function callback); + bool lookup(const std::string& target, Transaction *transaction, + std::function debug) const; private: GeoLookup() : diff --git a/src/utils/https_client.cc b/src/utils/https_client.cc index 5db88a2c..6192de77 100644 --- a/src/utils/https_client.cc +++ b/src/utils/https_client.cc @@ -50,8 +50,8 @@ void HttpsClient::setKey(const std::string& key) { m_key = "ModSec-key: " + key; } -void HttpsClient::setRequestBody(const std::string& requestBody) { - m_requestBody = requestBody; +void HttpsClient::setRequestBody(const std::string& requestType) { + m_requestBody = requestType; } void HttpsClient::setRequestType(const std::string& requestType) { diff --git a/src/utils/regex.h b/src/utils/regex.h index 92eb118b..2a52bfb1 100644 --- a/src/utils/regex.h +++ b/src/utils/regex.h @@ -58,7 +58,7 @@ class Regex { Regex& operator=(const Regex&) = delete; std::list searchAll(const std::string& s) const; - int search(const std::string &s, SMatch *m) const; + int search(const std::string &s, SMatch *match) const; int search(const std::string &s) const; const std::string pattern; diff --git a/src/utils/system.h b/src/utils/system.h index 04ef35a9..c80a6ced 100644 --- a/src/utils/system.h +++ b/src/utils/system.h @@ -29,7 +29,7 @@ namespace utils { double cpu_seconds(void); -std::string find_resource(const std::string& file, const std::string& param, +std::string find_resource(const std::string& file, const std::string& config, std::string *err); std::string get_path(const std::string& file); std::list expandEnv(const std::string& var, int flags); diff --git a/src/variables/variable.cc b/src/variables/variable.cc index 84b9d632..4565ef1d 100644 --- a/src/variables/variable.cc +++ b/src/variables/variable.cc @@ -28,7 +28,7 @@ namespace modsecurity { namespace variables { -Variable::Variable(std::string name) +Variable::Variable(const std::string &name) : m_name(name), m_collectionName("") { size_t a = m_name.find(":"); diff --git a/src/variables/variable.h b/src/variables/variable.h index 7f00a698..4f6c627c 100644 --- a/src/variables/variable.h +++ b/src/variables/variable.h @@ -539,7 +539,7 @@ class VariableMonkeyResolution { class Variable : public VariableMonkeyResolution { public: - explicit Variable(std::string _name); + explicit Variable(const std::string &name); explicit Variable(Variable *_name); virtual ~Variable() { } diff --git a/src/variables/xml.h b/src/variables/xml.h index 1ffae96f..eba59561 100644 --- a/src/variables/xml.h +++ b/src/variables/xml.h @@ -42,7 +42,7 @@ class XML_NoDictElement : public Variable { m_var(&m_name, &m_plain) { } - void evaluate(Transaction *transaction, + void evaluate(Transaction *t, Rule *rule, std::vector *l) override { l->push_back(new VariableValue(&m_var)); diff --git a/test/cppcheck_suppressions.txt b/test/cppcheck_suppressions.txt index 114543d4..16c9269e 100644 --- a/test/cppcheck_suppressions.txt +++ b/test/cppcheck_suppressions.txt @@ -57,3 +57,14 @@ useStlAlgorithm:test/regression/regression.cc:493 useStlAlgorithm:test/unit/unit.cc:174 useStlAlgorithm:test/unit/unit.cc:209 variableScope:src/operators/verify_cpf.cc:45 +unusedFunction +funcArgNamesDifferent +preprocessorErrorDirective +useStlAlgorithm +functionStatic:test/regression/regression_test.h:36 +missingInclude +toomanyconfigs +functionStatic:src/unique_id.h:49 +functionStatic:src/unique_id.h:50 +functionConst:src/utils/geo_lookup.h:49 +functionStatic:headers/modsecurity/transaction.h:374 \ No newline at end of file diff --git a/test/regression/custom_debug_log.cc b/test/regression/custom_debug_log.cc index bffcfa7d..093d8175 100644 --- a/test/regression/custom_debug_log.cc +++ b/test/regression/custom_debug_log.cc @@ -36,13 +36,13 @@ void CustomDebugLog::write(int level, const std::string &id, m_log << msgf << std::endl; } -bool CustomDebugLog::contains(const std::string& pattern) { +bool const CustomDebugLog::contains(const std::string& pattern) const { modsecurity::Utils::Regex re(pattern); std::string s = m_log.str(); return modsecurity::Utils::regex_search(s, re); } -std::string CustomDebugLog::log_messages() { +std::string const CustomDebugLog::log_messages() const { return m_log.str(); } diff --git a/test/regression/custom_debug_log.h b/test/regression/custom_debug_log.h index 5ec1849c..a4cfaf83 100644 --- a/test/regression/custom_debug_log.h +++ b/test/regression/custom_debug_log.h @@ -31,8 +31,8 @@ class CustomDebugLog : public modsecurity::debug_log::DebugLog { void write(int level, const std::string& message) override; void write(int level, const std::string &id, const std::string &uri, const std::string &msg) override; - bool contains(const std::string& pattern); - std::string log_messages(); + bool const contains(const std::string& pattern) const; + std::string const log_messages() const; std::string error_log_messages(); int getDebugLogLevel() override; diff --git a/test/regression/regression_test.cc b/test/regression/regression_test.cc index 881ba872..453b1ca9 100644 --- a/test/regression/regression_test.cc +++ b/test/regression/regression_test.cc @@ -23,7 +23,7 @@ namespace modsecurity_test { -std::string RegressionTest::print() { +const std::string RegressionTest::print() { std::stringstream i; #if 0 diff --git a/test/regression/regression_test.h b/test/regression/regression_test.h index 557271f9..bde672a2 100644 --- a/test/regression/regression_test.h +++ b/test/regression/regression_test.h @@ -33,7 +33,7 @@ class RegressionTest { public: static RegressionTest *from_yajl_node(const yajl_val &); - std::string print(); + const std::string print(); std::string filename; std::string name; std::string title; diff --git a/test/unit/unit_test.cc b/test/unit/unit_test.cc index 23bbcb23..bface739 100644 --- a/test/unit/unit_test.cc +++ b/test/unit/unit_test.cc @@ -119,7 +119,7 @@ std::string UnitTest::print() { } -UnitTest *UnitTest::from_yajl_node(yajl_val &node) { +UnitTest *UnitTest::from_yajl_node(const yajl_val &node) { size_t num_tests = node->u.object.len; UnitTest *u = new UnitTest(); diff --git a/test/unit/unit_test.h b/test/unit/unit_test.h index 34aa5914..213c1b5c 100644 --- a/test/unit/unit_test.h +++ b/test/unit/unit_test.h @@ -27,7 +27,7 @@ namespace modsecurity_test { class UnitTest { public: - static UnitTest *from_yajl_node(yajl_val &); + static UnitTest *from_yajl_node(const yajl_val &); std::string print();