Cosmetics: fix some cppcheck complains to please QA

2025-09-30 03:34:29 +03:00 · 2020-04-29 10:19:49 -03:00
parent 310cbf899b
commit 9b40a045bb
26 changed files with 244 additions and 77 deletions
--- a/src/actions/tag.cc
+++ b/src/actions/tag.cc
@@ -24,6 +24,7 @@
 #include "modsecurity/rule.h"
 #include "modsecurity/rule_message.h"

+#ifdef MSC_DOCUMENTATION
 /**
 * Description: Assigns a tag (category) to a rule or a chain.
 *
@@ -44,7 +45,7 @@
 *
 *
 */
-
+#endif

 namespace modsecurity {
 namespace actions {
--- a/src/actions/transformations/remove_whitespace.cc
+++ b/src/actions/transformations/remove_whitespace.cc
@@ -41,11 +41,12 @@ std::string RemoveWhitespace::evaluate(const std::string &val,
    std::string value(val);

    int64_t i = 0;
+    char nonBreakingSpaces = 0xa0;

    // loop through all the chars
    while (i < value.size()) {
        // remove whitespaces and non breaking spaces (NBSP)
-        if (isspace(value[i]) || (value[i] == NBSP)) {
+        if (isspace(value[i]) || (value[i] == nonBreakingSpaces)) {
            value.erase(i, 1);
        } else {
          /* if the space is not a whitespace char, increment counter
--- a/src/actions/transformations/trim.cc
+++ b/src/actions/transformations/trim.cc
@@ -32,15 +32,25 @@ namespace transformations {


 std::string *Trim::ltrim(std::string *s) {
-    s->erase(s->begin(), std::find_if(s->begin(), s->end(),
-        std::not1(std::ptr_fun<int, int>(std::isspace))));
+    s->erase(
+        s->begin(),
+        std::find_if(s->begin(), s->end(), [](unsigned char c) {
+            return !std::isspace(c);
+        })
+    );
+
    return s;
 }


 std::string *Trim::rtrim(std::string *s) {
-    s->erase(std::find_if(s->rbegin(), s->rend(),
-        std::not1(std::ptr_fun<int, int>(std::isspace))).base(), s->end());
+    s->erase(
+        std::find_if(s->rbegin(), s->rend(), [](unsigned char c) {
+            return !std::isspace(c);
+        }).base(),
+        s->end()
+    );
+
    return s;
 }

--- a/src/actions/transformations/url_decode.cc
+++ b/src/actions/transformations/url_decode.cc
@@ -39,7 +39,7 @@ UrlDecode::UrlDecode(const std::string &action)

 std::string UrlDecode::evaluate(const std::string &value,
    Transaction *transaction) {
-    unsigned char *val = NULL;
+    unsigned char *val(NULL);
    int invalid_count = 0;
    int changed;

--- a/src/engine/lua.cc
+++ b/src/engine/lua.cc
@@ -65,8 +65,7 @@ bool Lua::isCompatible(const std::string &script, Lua *l, std::string *error) {

 bool Lua::load(const std::string &script, std::string *err) {
 #ifdef WITH_LUA
-    lua_State *L = NULL;
-    L = luaL_newstate();
+    lua_State *L = luaL_newstate();
    luaL_openlibs(L);

    m_scriptName = script;
@@ -234,7 +233,7 @@ err:

 #ifdef WITH_LUA
 int Lua::log(lua_State *L) {
-    const Transaction *t = NULL;
+    const Transaction *t(NULL);
    const char *text;
    int level;

@@ -256,9 +255,9 @@ int Lua::log(lua_State *L) {


 int Lua::getvar(lua_State *L) {
-    const char *varname = NULL;
-    Transaction *t = NULL;
-    void *z = NULL;
+    const char *varname(NULL);
+    Transaction *t(NULL);
+    void *z(NULL);

    /* Retrieve parameters. */
    varname = reinterpret_cast<const char *>(luaL_checkstring(L, 1));
@@ -282,9 +281,9 @@ int Lua::getvar(lua_State *L) {


 int Lua::getvars(lua_State *L) {
-    const char *varname = NULL;
-    Transaction *t = NULL;
-    void *z = NULL;
+    const char *varname(NULL);
+    Transaction *t(NULL);
+    void *z(NULL);
    std::vector<const VariableValue *> l;
    int idx = 1;

@@ -323,16 +322,16 @@ int Lua::getvars(lua_State *L) {


 int Lua::setvar(lua_State *L) {
-    Transaction *t = NULL;
-    const char *var_value = NULL;
-    const char *var_name = NULL;
+    Transaction *t(NULL);
+    const char *var_value(NULL);
+    const char *var_name(NULL);
    std::string vname;
    std::string collection;
    std::string variableName;
    int nargs = lua_gettop(L);
    char *chr = NULL;
    size_t pos;
-    void *z = NULL;
+    void *z(NULL);

    lua_getglobal(L, "__transaction");
    z = const_cast<void *>(lua_topointer(L, -1));
@@ -453,7 +452,7 @@ std::string Lua::applyTransformations(lua_State *L, Transaction *t,
    }

    if (lua_isstring(L, idx)) {
-        const char *name = NULL;
+        const char *name(NULL);
        name = reinterpret_cast<const char *>(luaL_checkstring(L, idx));

        actions::transformations::Transformation *tfn = \
--- a/src/engine/lua.h
+++ b/src/engine/lua.h
@@ -45,8 +45,7 @@ class LuaScriptBlob {


    void write(const void *data, size_t len) {
-        unsigned char *d = NULL;
-        d = (unsigned char *)realloc((unsigned char *)m_data, len + m_len);
+        unsigned char *d = (unsigned char *)realloc((unsigned char *)m_data, len + m_len);
        std::memcpy(d + m_len, data, len);
        m_len = m_len + len;
        m_data = d;
--- a/src/operators/detect_sqli.cc
+++ b/src/operators/detect_sqli.cc
@@ -32,26 +32,27 @@ bool DetectSQLi::evaluate(Transaction *t, RuleWithActions *rule,

    issqli = libinjection_sqli(input.c_str(), input.length(), fingerprint);

-    if (issqli) {
-        if (t) {
-            t->m_matched.push_back(fingerprint);
-            ms_dbg_a(t, 4, "detected SQLi using libinjection with " \
-                "fingerprint '" + std::string(fingerprint) + "' at: '" +
-                input + "'");
-            if (rule && rule->hasCaptureAction()) {
-                t->m_collections.m_tx_collection->storeOrUpdateFirst(
-                    "0", std::string(fingerprint));
-                ms_dbg_a(t, 7, "Added DetectSQLi match TX.0: " + \
-                    std::string(fingerprint));
-                }
-        }
-    } else {
-        if (t) {
-            ms_dbg_a(t, 9, "detected SQLi: not able to find an " \
-                "inject on '" + input + "'");
-        }
+    if (!t) {
+        goto tisempty;
    }

+    if (issqli) {
+        t->m_matched.push_back(fingerprint);
+        ms_dbg_a(t, 4, "detected SQLi using libinjection with " \
+            "fingerprint '" + std::string(fingerprint) + "' at: '" +
+            input + "'");
+        if (rule && rule->hasCaptureAction()) {
+            t->m_collections.m_tx_collection->storeOrUpdateFirst(
+                "0", std::string(fingerprint));
+            ms_dbg_a(t, 7, "Added DetectSQLi match TX.0: " + \
+                std::string(fingerprint));
+        }
+    } else {
+        ms_dbg_a(t, 9, "detected SQLi: not able to find an " \
+            "inject on '" + input + "'");
+    }
+
+tisempty:
    return issqli != 0;
 }

--- a/src/operators/rx.cc
+++ b/src/operators/rx.cc
@@ -69,12 +69,12 @@ bool Rx::evaluate(Transaction *transaction, RuleWithActions *rule,
        logOffset(ruleMessage, capture.m_offset, capture.m_length);
    }

-    if (m_string->m_containsMacro) {
-        delete re;
+    if (!captures.empty()) {
+        return true;
    }

-    if (captures.size() > 0) {
-        return true;
+    if (m_string->m_containsMacro) {
+        delete re;
    }

    return false;
--- a/src/rule_script.h
+++ b/src/rule_script.h
@@ -50,7 +50,8 @@ class RuleScript : public RuleWithActions {
        std::unique_ptr<std::string> fileName,
        int lineNumber)
            : RuleWithActions(actions, t, std::move(fileName), lineNumber),
-        m_name(name) { }
+        m_name(name),
+        m_lua() { }

    bool init(std::string *err);
    bool evaluate(Transaction *trans,
--- a/src/transaction.cc
+++ b/src/transaction.cc
@@ -340,7 +340,6 @@ bool Transaction::extractArguments(const std::string &orig,

    for (std::string t : key_value_sets) {
        char sep2 = '=';
-        int i = 0;
        size_t key_s = 0;
        size_t value_s = 0;
        int invalid = 0;
@@ -1307,14 +1306,13 @@ int Transaction::appendResponseBody(const unsigned char *buf, size_t len) {
 * contents of the response body, otherwise there is no need to call this
 * method.
 *
+ * WARN: This is a skeleton that it is not in use yet.
+ *
 * @return It returns a buffer (const char *)
- * @retval >0   body was update and available.
- * @retval NULL Nothing was updated.
 *
 */
 const char *Transaction::getResponseBody() const {
-    // int there_is_update = this->rules->loadResponseBodyFromJS(this);
-    return this->m_responseBody.str().c_str();
+    return strdup(this->m_responseBody.str().c_str());
 }


--- a/src/utils/geo_lookup.cc
+++ b/src/utils/geo_lookup.cc
@@ -56,8 +56,12 @@ void GeoLookup::cleanUp() {

 bool GeoLookup::setDataBase(const std::string& filePath,
    std::string *err) {
+#ifdef WITH_MAXMIND
    std::string intMax;
+#endif
+#ifdef WITH_GEOIP
    std::string intGeo;
+#endif

 #ifdef WITH_MAXMIND
    int status = MMDB_open(filePath.c_str(), MMDB_MODE_MMAP, &mmdb);
@@ -85,19 +89,22 @@ bool GeoLookup::setDataBase(const std::string& filePath,
 #ifdef WITH_MAXMIND
        err->append(" libMaxMind");
 #endif
-
 #ifdef WITH_GEOIP
        err->append(" GeoIP");
 #endif
        err->append(".");

+#ifdef WITH_MAXMIND
        if (!intMax.empty()) {
            err->append(" " + intMax);
-
        }
+#endif
+#ifdef WITH_GEOIP
        if (!intGeo.empty()) {
            err->append(" " + intGeo);
        }
+#endif
+
        return false;
    }

--- a/src/utils/msc_tree.cc
+++ b/src/utils/msc_tree.cc
@@ -290,7 +290,7 @@ TreeNode *CPTAddElement(unsigned char *ipdata, unsigned int ip_bitmask, CPTTree
    unsigned char *buffer = NULL;
    unsigned char bitlen = 0;
    int bit_validation = 0, test_bit = 0;
-    int i = 0;
+    size_t i = 0;
    unsigned int x, y;
    TreeNode *node = NULL, *new_node = NULL;
    TreeNode *parent = NULL, *i_node = NULL;
--- a/src/utils/shared_files.h
+++ b/src/utils/shared_files.h
@@ -81,7 +81,7 @@ class SharedFiles {
    {
 #ifdef MODSEC_USE_GENERAL_LOCK
        int shm_id;
-        bool toBeCreated;
+        bool toBeCreated(false);
        bool err = false;

        m_memKeyStructure = ftok(".", 1);