cppcheck: make static analysis more pedantic

2025-08-13 21:36:00 +03:00 · 2020-01-17 11:41:05 -03:00 · 2020-01-17 11:41:05 -03:00 · 4f13fecbaf
commit 4f13fecbaf
parent cd9b8aa93b
23 changed files with 58 additions and 42 deletions
--- a/headers/modsecurity/rule.h
+++ b/headers/modsecurity/rule.h
@ -56,7 +56,7 @@ class Rule {
            std::vector<actions::Action *> *_actions,
            std::string fileName,
            int lineNumber);
-    explicit Rule(std::string marker);
+    explicit Rule(const std::string &marker);
    virtual ~Rule();

    virtual bool evaluate(Transaction *transaction,
@ -87,7 +87,7 @@ class Rule {
        std::shared_ptr<std::string>>> executeDefaultTransformations(
        Transaction *trasn, const std::string &value);

-    bool executeOperatorAt(Transaction *trasn, std::string key,
+    bool executeOperatorAt(Transaction *trasn, const std::string &key,
        std::string value, std::shared_ptr<RuleMessage> rm);
    void executeActionsIndependentOfChainedRuleResult(Transaction *trasn,
        bool *b, std::shared_ptr<RuleMessage> ruleMessage);
--- a/headers/modsecurity/transaction.h
+++ b/headers/modsecurity/transaction.h
@ -293,6 +293,10 @@ class Transaction : public TransactionAnchoredVariables {
        void *logCbData);
    ~Transaction();

+    Transaction ( const Transaction & ) = delete;
+    bool operator ==(const Transaction &b) const { return false; };
+    Transaction operator =(const Transaction &b) const = delete;
+
    /** TODO: Should be an structure that fits an IP address */
    int processConnection(const char *client, int cPort,
        const char *server, int sPort);
--- a/src/operators/contains_word.cc
+++ b/src/operators/contains_word.cc
@ -37,36 +37,36 @@ bool ContainsWord::acceptableChar(const std::string& a, size_t pos) {
 }

 bool ContainsWord::evaluate(Transaction *transaction, Rule *rule,
-    const std::string &input, std::shared_ptr<RuleMessage> ruleMessage) {
+    const std::string &str, std::shared_ptr<RuleMessage> ruleMessage) {
    std::string paramTarget(m_string->evaluate(transaction));

    if (paramTarget.empty()) {
        return true;
    }
-    if (input.empty()) {
+    if (str.empty()) {
        return false;
    }
-    if (input == paramTarget) {
+    if (str == paramTarget) {
        return true;
    }

-    size_t pos = input.find(paramTarget);
+    size_t pos = str.find(paramTarget);
    while (pos != std::string::npos) {
-        if (pos == 0 && acceptableChar(input, paramTarget.size())) {
+        if (pos == 0 && acceptableChar(str, paramTarget.size())) {
            logOffset(ruleMessage, 0, paramTarget.size());
            return true;
        }
-        if (pos + paramTarget.size() == input.size() &&
-            acceptableChar(input, pos - 1)) {
+        if (pos + paramTarget.size() == str.size() &&
+            acceptableChar(str, pos - 1)) {
            logOffset(ruleMessage, pos, paramTarget.size());
            return true;
        }
-        if (acceptableChar(input, pos - 1) &&
-            acceptableChar(input, pos + paramTarget.size())) {
+        if (acceptableChar(str, pos - 1) &&
+            acceptableChar(str, pos + paramTarget.size())) {
            logOffset(ruleMessage, pos, paramTarget.size());
            return true;
        }
-        pos = input.find(paramTarget, pos + 1);
+        pos = str.find(paramTarget, pos + 1);
    }

    return false;
--- a/src/operators/ends_with.cc
+++ b/src/operators/ends_with.cc
@ -24,15 +24,15 @@ namespace operators {


 bool EndsWith::evaluate(Transaction *transaction, Rule *rule,
-    const std::string &input, std::shared_ptr<RuleMessage> ruleMessage) {
+    const std::string &str, std::shared_ptr<RuleMessage> ruleMessage) {
    bool ret = false;
    std::string p(m_string->evaluate(transaction));

-    if (input.length() >= p.length()) {
-        ret = (0 == input.compare(input.length() - p.length(),
+    if (str.length() >= p.length()) {
+        ret = (0 == str.compare(str.length() - p.length(),
            p.length(), p));
        if (ret) {
-            logOffset(ruleMessage, input.length() - p.length(),
+            logOffset(ruleMessage, str.length() - p.length(),
                      p.size());
        }
    }
--- a/src/operators/fuzzy_hash.h
+++ b/src/operators/fuzzy_hash.h
@ -40,8 +40,8 @@ class FuzzyHash : public Operator {
    /** @ingroup ModSecurity_Operator */
    explicit FuzzyHash(std::unique_ptr<RunTimeString> param)
        : Operator("FuzzyHash", std::move(param)),
-        m_head(NULL),
-        m_threshold(0) { }
+        m_threshold(0),
+        m_head(NULL) { }
    ~FuzzyHash();

    bool evaluate(Transaction *transaction, const std::string &std) override;
--- a/src/operators/rbl.cc
+++ b/src/operators/rbl.cc
@ -34,7 +34,7 @@ std::string Rbl::mapIpToAddress(std::string ipStr, Transaction *trans) {
    std::string addr;
    int h0, h1, h2, h3;
    std::string key;
-    if (trans->m_rules->m_httpblKey.m_set == true) {
+    if (trans && trans->m_rules->m_httpblKey.m_set == true) {
        key = trans->m_rules->m_httpblKey.m_value;
    }

--- a/src/rule.cc
+++ b/src/rule.cc
@ -51,7 +51,7 @@ using variables::Variable;
 using actions::transformations::None;


-Rule::Rule(std::string marker)
+Rule::Rule(const std::string &marker)
    : m_accuracy(0),
    m_actionsRuntimePos(),
    m_actionsRuntimePre(),
@ -303,7 +303,7 @@ void Rule::executeActionsIndependentOfChainedRuleResult(Transaction *trans,
 }


-bool Rule::executeOperatorAt(Transaction *trans, std::string key,
+bool Rule::executeOperatorAt(Transaction *trans, const std::string &key,
    std::string value, std::shared_ptr<RuleMessage> ruleMessage) {
 #if MSC_EXEC_CLOCK_ENABLED
    clock_t begin = clock();
--- a/src/utils/base64.h
+++ b/src/utils/base64.h
@ -32,9 +32,10 @@ class Base64 {
    static std::string decode(const std::string& data);
    static std::string decode_forgiven(const std::string& data);

-    static void decode_forgiven_engine(unsigned char *output,
-        size_t output_size, size_t *aiming_size, const unsigned char *input,
-        size_t input_size);
+    static void decode_forgiven_engine(unsigned char *plain_text,
+        size_t plain_text_size, size_t *aiming_size,
+        const unsigned char *encoded,
+        size_t input_len);
 };


--- a/src/utils/geo_lookup.cc
+++ b/src/utils/geo_lookup.cc
@ -106,7 +106,7 @@ bool GeoLookup::setDataBase(const std::string& filePath,


 bool GeoLookup::lookup(const std::string& target, Transaction *trans,
-    std::function<bool(int, std::string)> debug) {
+    std::function<bool(int, std::string)> debug) const {

    if (m_version == NOT_LOADED) {
        if (debug) {
--- a/src/utils/geo_lookup.h
+++ b/src/utils/geo_lookup.h
@ -49,8 +49,8 @@ class GeoLookup {
    bool setDataBase(const std::string& filePath, std::string *err);
    void cleanUp();

-    bool lookup(const std::string& target, Transaction *t,
-        std::function<bool(int, std::string)> callback);
+    bool lookup(const std::string& target, Transaction *transaction,
+        std::function<bool(int, std::string)> debug) const;

 private:
    GeoLookup() :
--- a/src/utils/https_client.cc
+++ b/src/utils/https_client.cc
@ -50,8 +50,8 @@ void HttpsClient::setKey(const std::string& key) {
    m_key = "ModSec-key: " + key;
 }

-void HttpsClient::setRequestBody(const std::string& requestBody) {
-    m_requestBody = requestBody;
+void HttpsClient::setRequestBody(const std::string& requestType) {
+    m_requestBody = requestType;
 }

 void HttpsClient::setRequestType(const std::string& requestType) {
--- a/src/utils/regex.h
+++ b/src/utils/regex.h
@ -58,7 +58,7 @@ class Regex {
    Regex& operator=(const Regex&) = delete;

    std::list<SMatch> searchAll(const std::string& s) const;
-    int search(const std::string &s, SMatch *m) const;
+    int search(const std::string &s, SMatch *match) const;
    int search(const std::string &s) const;

    const std::string pattern;
--- a/src/utils/system.h
+++ b/src/utils/system.h
@ -29,7 +29,7 @@ namespace utils {


 double cpu_seconds(void);
-std::string find_resource(const std::string& file, const std::string& param,
+std::string find_resource(const std::string& file, const std::string& config,
    std::string *err);
 std::string get_path(const std::string& file);
 std::list<std::string> expandEnv(const std::string& var, int flags);
--- a/src/variables/variable.cc
+++ b/src/variables/variable.cc
@ -28,7 +28,7 @@ namespace modsecurity {
 namespace variables {


-Variable::Variable(std::string name)
+Variable::Variable(const std::string &name)
    : m_name(name),
    m_collectionName("") {
    size_t a = m_name.find(":");
--- a/src/variables/variable.h
+++ b/src/variables/variable.h
@ -539,7 +539,7 @@ class VariableMonkeyResolution {

 class Variable : public VariableMonkeyResolution {
 public:
-    explicit Variable(std::string _name);
+    explicit Variable(const std::string &name);
    explicit Variable(Variable *_name);
    virtual ~Variable() { }

--- a/src/variables/xml.h
+++ b/src/variables/xml.h
@ -42,7 +42,7 @@ class XML_NoDictElement : public Variable {
        m_var(&m_name, &m_plain) {
        }

-    void evaluate(Transaction *transaction,
+    void evaluate(Transaction *t,
        Rule *rule,
        std::vector<const VariableValue *> *l) override {
        l->push_back(new VariableValue(&m_var));
--- a/test/cppcheck_suppressions.txt
+++ b/test/cppcheck_suppressions.txt
@ -57,3 +57,14 @@ useStlAlgorithm:test/regression/regression.cc:493
 useStlAlgorithm:test/unit/unit.cc:174
 useStlAlgorithm:test/unit/unit.cc:209
 variableScope:src/operators/verify_cpf.cc:45
+unusedFunction
+funcArgNamesDifferent
+preprocessorErrorDirective
+useStlAlgorithm
+functionStatic:test/regression/regression_test.h:36
+missingInclude
+toomanyconfigs
+functionStatic:src/unique_id.h:49
+functionStatic:src/unique_id.h:50
+functionConst:src/utils/geo_lookup.h:49
+functionStatic:headers/modsecurity/transaction.h:374
--- a/test/regression/custom_debug_log.cc
+++ b/test/regression/custom_debug_log.cc
@ -36,13 +36,13 @@ void CustomDebugLog::write(int level, const std::string &id,
    m_log << msgf << std::endl;
 }

-bool CustomDebugLog::contains(const std::string& pattern) {
+bool const CustomDebugLog::contains(const std::string& pattern) const {
    modsecurity::Utils::Regex re(pattern);
    std::string s = m_log.str();
    return modsecurity::Utils::regex_search(s, re);
 }

-std::string CustomDebugLog::log_messages() {
+std::string const CustomDebugLog::log_messages() const {
    return m_log.str();
 }

--- a/test/regression/custom_debug_log.h
+++ b/test/regression/custom_debug_log.h
@ -31,8 +31,8 @@ class CustomDebugLog : public modsecurity::debug_log::DebugLog {
    void write(int level, const std::string& message) override;
    void write(int level, const std::string &id,
        const std::string &uri, const std::string &msg) override;
-    bool contains(const std::string& pattern);
-    std::string log_messages();
+    bool const contains(const std::string& pattern) const;
+    std::string const log_messages() const;
    std::string error_log_messages();
    int getDebugLogLevel() override;

--- a/test/regression/regression_test.cc
+++ b/test/regression/regression_test.cc
@ -23,7 +23,7 @@

 namespace modsecurity_test {

-std::string RegressionTest::print() {
+const std::string RegressionTest::print() {
    std::stringstream i;

 #if 0
--- a/test/regression/regression_test.h
+++ b/test/regression/regression_test.h
@ -33,7 +33,7 @@ class RegressionTest {
 public:
    static RegressionTest *from_yajl_node(const yajl_val &);

-    std::string print();
+    const std::string print();
    std::string filename;
    std::string name;
    std::string title;
--- a/test/unit/unit_test.cc
+++ b/test/unit/unit_test.cc
@ -119,7 +119,7 @@ std::string UnitTest::print() {
 }


-UnitTest *UnitTest::from_yajl_node(yajl_val &node) {
+UnitTest *UnitTest::from_yajl_node(const yajl_val &node) {
    size_t num_tests = node->u.object.len;
    UnitTest *u = new UnitTest();

--- a/test/unit/unit_test.h
+++ b/test/unit/unit_test.h
@ -27,7 +27,7 @@ namespace modsecurity_test {

 class UnitTest {
 public:
-    static UnitTest *from_yajl_node(yajl_val &);
+    static UnitTest *from_yajl_node(const yajl_val &);

    std::string print();