github_mirrors/ModSecurity
3
0
Fork 1
mirror of https://github.com/owasp-modsecurity/ModSecurity.git synced 2025-08-14 05:45:59 +03:00
Code Issues Packages Projects Releases Wiki Activity

Merge e879711d87adf554b8e4d66575d00ba00119c21c into 0ac551b070b96877e4dd73e489a39603c1935513

Browse Source
This commit is contained in:
Ervin Hegedus 2025-08-11 21:05:43 +00:00 committed by GitHub
commit d5835c4128
No known key found for this signature in database
GPG Key ID: B5690EEEBB952194
7 changed files with 49 additions and 38 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
src/operators/fuzzy_hash.cc
View File

@ -27,7 +27,7 @@ bool FuzzyHash::init(const std::string &param2, std::string *error) {
#ifdef WITH_SSDEEP #ifdef WITH_SSDEEP
std::string digit; std::string digit;
std::string file; std::string file;
std::istream *iss; std::ifstream *iss;
std::shared_ptr<fuzzy_hash_chunk> chunk, t; std::shared_ptr<fuzzy_hash_chunk> chunk, t;
std::string err; std::string err;
@ -48,7 +48,7 @@ bool FuzzyHash::init(const std::string &param2, std::string *error) {
std::string resource = utils::find_resource(file, param2, &err); std::string resource = utils::find_resource(file, param2, &err);
iss = new std::ifstream(resource, std::ios::in); iss = new std::ifstream(resource, std::ios::in);
if (((std::ifstream *)iss)->is_open() == false) { if (iss->is_open() == false) {
error->assign("Failed to open file: " + m_param + ". " + err); error->assign("Failed to open file: " + m_param + ". " + err);
delete iss; delete iss;
return false; return false;

4
src/operators/inspect_file.cc
View File

@ -31,14 +31,14 @@ namespace modsecurity {
namespace operators { namespace operators {
bool InspectFile::init(const std::string &param2, std::string *error) { bool InspectFile::init(const std::string &param2, std::string *error) {
std::istream *iss; std::ifstream *iss;
std::string err; std::string err;
std::string err_lua; std::string err_lua;
m_file = utils::find_resource(m_param, param2, &err); m_file = utils::find_resource(m_param, param2, &err);
iss = new std::ifstream(m_file, std::ios::in); iss = new std::ifstream(m_file, std::ios::in);
if (((std::ifstream *)iss)->is_open() == false) { if (iss->is_open() == false) {
error->assign("Failed to open file: " + m_param + ". " + err); error->assign("Failed to open file: " + m_param + ". " + err);
delete iss; delete iss;
return false; return false;

51
src/operators/pm_from_file.cc
View File

@ -49,37 +49,34 @@ bool PmFromFile::init(const std::string &config, std::string *error) {
std::vector<std::string> tokens = split(m_param, ' '); std::vector<std::string> tokens = split(m_param, ' ');
for (const auto& token : tokens) { for (const auto& token : tokens) {
if (! token.empty()) { if (token.empty()) {
continue;
}
std::istream *iss; std::unique_ptr<std::istream> iss;
if (token.compare(0, 8, "https://") == 0) { if (token.compare(0, 8, "https://") == 0) {
Utils::HttpsClient client; Utils::HttpsClient client;
bool ret = client.download(token); bool ret = client.download(token);
if (ret == false) { if (ret == false) {
error->assign(client.error); error->assign(client.error);
return false; return false;
}
iss = new std::stringstream(client.content);
} else {
std::string err;
std::string resource = utils::find_resource(token, config, &err);
iss = new std::ifstream(resource, std::ios::in);
if (((std::ifstream *)iss)->is_open() == false) {
error->assign("Failed to open file: '" + token + "'. " + err);
delete iss;
return false;
}
} }
iss = std::make_unique<std::stringstream>(client.content);
for (std::string line; std::getline(*iss, line); ) { } else {
if (isComment(line) == false) { std::string err;
acmp_add_pattern(m_p, line.c_str(), NULL, NULL, line.length()); std::string resource = utils::find_resource(token, config, &err);
} auto file = std::make_unique<std::ifstream>(resource, std::ios::in);
if (file->is_open() == false) {
error->assign("Failed to open file: '" + token + "'. " + err);
return false;
}
iss = std::move(file);
}
for (std::string line; std::getline(*iss, line); ) {
if (isComment(line) == false) {
acmp_add_pattern(m_p, line.c_str(), NULL, NULL, line.length());
} }
delete iss;
} }
} }

15
src/operators/rbl.cc
View File

@ -226,9 +226,20 @@ bool Rbl::evaluate(Transaction *t, RuleWithActions *rule,
return false; return false;
} }
// NOSONAR
// SonarCloud suggested to use the init-statement to declare "addr" inside the if statement.
// I think that's not good here, because we need that in the else block
struct sockaddr *addr = info->ai_addr; struct sockaddr *addr = info->ai_addr;
struct sockaddr_in *sin = (struct sockaddr_in *) addr; // NOSONAR
furtherInfo(sin, ipStr, t, m_provider); if (addr->sa_family == AF_INET) { // only IPv4 address is allowed
auto sin = (struct sockaddr_in *) addr; // cppcheck-suppress[dangerousTypeCast]
furtherInfo(sin, ipStr, t, m_provider);
}
else {
ms_dbg_a(t, 7, "Unsupported address family: " + std::to_string(addr->sa_family));
freeaddrinfo(info);
return false;
}
freeaddrinfo(info); freeaddrinfo(info);
if (rule && t && rule->hasCaptureAction()) { if (rule && t && rule->hasCaptureAction()) {

2
src/operators/validate_dtd.cc
View File

@ -45,7 +45,7 @@ bool ValidateDTD::init(const std::string &file, std::string *error) {
bool ValidateDTD::evaluate(Transaction *transaction, const std::string &str) { bool ValidateDTD::evaluate(Transaction *transaction, const std::string &str) {
XmlDtdPtrManager dtd(xmlParseDTD(NULL, (const xmlChar *)m_resource.c_str())); XmlDtdPtrManager dtd(xmlParseDTD(NULL, reinterpret_cast<const xmlChar *>(m_resource.c_str())));
if (dtd.get() == NULL) { if (dtd.get() == NULL) {
std::string err = std::string("XML: Failed to load DTD: ") \ std::string err = std::string("XML: Failed to load DTD: ") \
+ m_resource; + m_resource;

8
src/variables/xml.cc
View File

@ -79,7 +79,7 @@ void XML::evaluate(Transaction *t,
} }
/* Process the XPath expression. */ /* Process the XPath expression. */
xpathExpr = (const xmlChar*)param.c_str(); xpathExpr = reinterpret_cast<const xmlChar*>(param.c_str());
xpathCtx = xmlXPathNewContext(t->m_xml->m_data.doc); xpathCtx = xmlXPathNewContext(t->m_xml->m_data.doc);
if (xpathCtx == NULL) { if (xpathCtx == NULL) {
ms_dbg_a(t, 1, "XML: Unable to create new XPath context. : "); ms_dbg_a(t, 1, "XML: Unable to create new XPath context. : ");
@ -91,9 +91,9 @@ void XML::evaluate(Transaction *t,
} else { } else {
std::vector<actions::Action *> acts = rule->getActionsByName("xmlns", t); std::vector<actions::Action *> acts = rule->getActionsByName("xmlns", t);
for (auto &x : acts) { for (auto &x : acts) {
actions::XmlNS *z = (actions::XmlNS *)x; actions::XmlNS *z = static_cast<actions::XmlNS *>(x);
if (xmlXPathRegisterNs(xpathCtx, (const xmlChar*)z->m_scope.c_str(), if (xmlXPathRegisterNs(xpathCtx, reinterpret_cast<const xmlChar*>(z->m_scope.c_str()),
(const xmlChar*)z->m_href.c_str()) != 0) { reinterpret_cast<const xmlChar*>(z->m_href.c_str())) != 0) {
ms_dbg_a(t, 1, "Failed to register XML namespace href \"" + \ ms_dbg_a(t, 1, "Failed to register XML namespace href \"" + \
z->m_href + "\" prefix \"" + z->m_scope + "\"."); z->m_href + "\" prefix \"" + z->m_scope + "\".");
return; return;

3
test/cppcheck_suppressions.txt
View File

@ -31,6 +31,8 @@ accessMoved:seclang-parser.hh
returnTempReference:seclang-parser.hh returnTempReference:seclang-parser.hh
duplInheritedMember:seclang-parser.hh duplInheritedMember:seclang-parser.hh
constVariableReference:seclang-parser.hh constVariableReference:seclang-parser.hh
uninitMemberVar:seclang-parser.hh
unreadVariable:src/operators/rx.cc unreadVariable:src/operators/rx.cc
unreadVariable:src/operators/rx_global.cc unreadVariable:src/operators/rx_global.cc
@ -59,3 +61,4 @@ uselessCallsSubstr
// Examples // Examples
memleak:examples/using_bodies_in_chunks/simple_request.cc memleak:examples/using_bodies_in_chunks/simple_request.cc