Merge e879711d87adf554b8e4d66575d00ba00119c21c into 0ac551b070b96877e4dd73e489a39603c1935513

2025-08-13 21:36:00 +03:00 · 2025-08-11 21:05:43 +00:00 · 2025-08-11 21:05:43 +00:00 · d5835c4128
commit d5835c4128
parent 0ac551b070 e879711d87
7 changed files with 49 additions and 38 deletions
--- a/src/operators/fuzzy_hash.cc
+++ b/src/operators/fuzzy_hash.cc
@ -27,7 +27,7 @@ bool FuzzyHash::init(const std::string &param2, std::string *error) {
 #ifdef WITH_SSDEEP
    std::string digit;
    std::string file;
-    std::istream *iss;
+    std::ifstream *iss;
    std::shared_ptr<fuzzy_hash_chunk> chunk, t;
    std::string err;

@ -48,7 +48,7 @@ bool FuzzyHash::init(const std::string &param2, std::string *error) {
    std::string resource = utils::find_resource(file, param2, &err);
    iss = new std::ifstream(resource, std::ios::in);

-    if (((std::ifstream *)iss)->is_open() == false) {
+    if (iss->is_open() == false) {
        error->assign("Failed to open file: " + m_param + ". " + err);
        delete iss;
        return false;
--- a/src/operators/inspect_file.cc
+++ b/src/operators/inspect_file.cc
@ -31,14 +31,14 @@ namespace modsecurity {
 namespace operators {

 bool InspectFile::init(const std::string &param2, std::string *error) {
-    std::istream *iss;
+    std::ifstream *iss;
    std::string err;
    std::string err_lua;

    m_file = utils::find_resource(m_param, param2, &err);
    iss = new std::ifstream(m_file, std::ios::in);

-    if (((std::ifstream *)iss)->is_open() == false) {
+    if (iss->is_open() == false) {
        error->assign("Failed to open file: " + m_param + ". " + err);
        delete iss;
        return false;
--- a/src/operators/pm_from_file.cc
+++ b/src/operators/pm_from_file.cc
@ -49,37 +49,34 @@ bool PmFromFile::init(const std::string &config, std::string *error) {
    std::vector<std::string> tokens = split(m_param, ' ');

    for (const auto& token : tokens) {
-        if (! token.empty()) {
+        if (token.empty()) {
+            continue;
+        }

-            std::istream *iss;
+        std::unique_ptr<std::istream> iss;

-            if (token.compare(0, 8, "https://") == 0) {
-                Utils::HttpsClient client;
-                bool ret = client.download(token);
-                if (ret == false) {
-                    error->assign(client.error);
-                    return false;
-                }
-                iss = new std::stringstream(client.content);
-            } else {
-                std::string err;
-                std::string resource = utils::find_resource(token, config, &err);
-                iss = new std::ifstream(resource, std::ios::in);
-
-                if (((std::ifstream *)iss)->is_open() == false) {
-                    error->assign("Failed to open file: '" + token + "'. " + err);
-                    delete iss;
-                    return false;
-                }
+        if (token.compare(0, 8, "https://") == 0) {
+            Utils::HttpsClient client;
+            bool ret = client.download(token);
+            if (ret == false) {
+                error->assign(client.error);
+                return false;
            }
-
-            for (std::string line; std::getline(*iss, line); ) {
-                if (isComment(line) == false) {
-                    acmp_add_pattern(m_p, line.c_str(), NULL, NULL, line.length());
-                }
+            iss = std::make_unique<std::stringstream>(client.content);
+        } else {
+            std::string err;
+            std::string resource = utils::find_resource(token, config, &err);
+            auto file = std::make_unique<std::ifstream>(resource, std::ios::in);
+            if (file->is_open() == false) {
+                error->assign("Failed to open file: '" + token + "'. " + err);
+                return false;
+            }
+            iss = std::move(file);
+        }
+        for (std::string line; std::getline(*iss, line); ) {
+            if (isComment(line) == false) {
+                acmp_add_pattern(m_p, line.c_str(), NULL, NULL, line.length());
            }
-
-            delete iss;
        }
    }

--- a/src/operators/rbl.cc
+++ b/src/operators/rbl.cc
@ -226,9 +226,20 @@ bool Rbl::evaluate(Transaction *t, RuleWithActions *rule,
        return false;
    }

+    // NOSONAR
+    // SonarCloud suggested to use the init-statement to declare "addr" inside the if statement.
+    // I think that's not good here, because we need that in the else block
    struct sockaddr *addr = info->ai_addr;
-    struct sockaddr_in *sin = (struct sockaddr_in *) addr;
-    furtherInfo(sin, ipStr, t, m_provider);
+    // NOSONAR
+    if (addr->sa_family == AF_INET) { // only IPv4 address is allowed
+        auto sin = (struct sockaddr_in *) addr; // cppcheck-suppress[dangerousTypeCast]
+        furtherInfo(sin, ipStr, t, m_provider);
+    }
+    else {
+        ms_dbg_a(t, 7,  "Unsupported address family: " + std::to_string(addr->sa_family));
+        freeaddrinfo(info);
+        return false;
+    }

    freeaddrinfo(info);
    if (rule && t && rule->hasCaptureAction()) {
--- a/src/operators/validate_dtd.cc
+++ b/src/operators/validate_dtd.cc
@ -45,7 +45,7 @@ bool ValidateDTD::init(const std::string &file, std::string *error) {

 bool ValidateDTD::evaluate(Transaction *transaction, const std::string &str) {

-    XmlDtdPtrManager dtd(xmlParseDTD(NULL, (const xmlChar *)m_resource.c_str()));
+    XmlDtdPtrManager dtd(xmlParseDTD(NULL, reinterpret_cast<const xmlChar *>(m_resource.c_str())));
    if (dtd.get() == NULL) {
        std::string err = std::string("XML: Failed to load DTD: ") \
            + m_resource;
--- a/src/variables/xml.cc
+++ b/src/variables/xml.cc
@ -79,7 +79,7 @@ void XML::evaluate(Transaction *t,
    }

    /* Process the XPath expression. */
-    xpathExpr = (const xmlChar*)param.c_str();
+    xpathExpr = reinterpret_cast<const xmlChar*>(param.c_str());
    xpathCtx = xmlXPathNewContext(t->m_xml->m_data.doc);
    if (xpathCtx == NULL) {
        ms_dbg_a(t, 1, "XML: Unable to create new XPath context. : ");
@ -91,9 +91,9 @@ void XML::evaluate(Transaction *t,
    } else {
        std::vector<actions::Action *> acts = rule->getActionsByName("xmlns", t);
        for (auto &x : acts) {
-            actions::XmlNS *z = (actions::XmlNS *)x;
-            if (xmlXPathRegisterNs(xpathCtx, (const xmlChar*)z->m_scope.c_str(),
-                    (const xmlChar*)z->m_href.c_str()) != 0) {
+            actions::XmlNS *z = static_cast<actions::XmlNS *>(x);
+            if (xmlXPathRegisterNs(xpathCtx, reinterpret_cast<const xmlChar*>(z->m_scope.c_str()),
+                    reinterpret_cast<const xmlChar*>(z->m_href.c_str())) != 0) {
                ms_dbg_a(t, 1, "Failed to register XML namespace href \"" + \
                    z->m_href + "\" prefix \"" + z->m_scope + "\".");
                return;
--- a/test/cppcheck_suppressions.txt
+++ b/test/cppcheck_suppressions.txt
@ -31,6 +31,8 @@ accessMoved:seclang-parser.hh
 returnTempReference:seclang-parser.hh
 duplInheritedMember:seclang-parser.hh
 constVariableReference:seclang-parser.hh
+uninitMemberVar:seclang-parser.hh
+

 unreadVariable:src/operators/rx.cc
 unreadVariable:src/operators/rx_global.cc
@ -59,3 +61,4 @@ uselessCallsSubstr

 // Examples
 memleak:examples/using_bodies_in_chunks/simple_request.cc
+