diff --git a/src/actions/ctl/rule_remove_by_id.h b/src/actions/ctl/rule_remove_by_id.h index 54655d90..e3082b10 100644 --- a/src/actions/ctl/rule_remove_by_id.h +++ b/src/actions/ctl/rule_remove_by_id.h @@ -30,7 +30,8 @@ namespace ctl { class RuleRemoveById : public Action { public: explicit RuleRemoveById(std::string action) - : Action(action, RunTimeOnlyIfMatchKind) { } + : Action(action, RunTimeOnlyIfMatchKind), + m_id(0) { } bool init(std::string *error) override; bool evaluate(Rule *rule, Transaction *transaction) override; diff --git a/src/actions/ctl/rule_remove_target_by_id.h b/src/actions/ctl/rule_remove_target_by_id.h index 1ceeaf23..03941f4a 100644 --- a/src/actions/ctl/rule_remove_target_by_id.h +++ b/src/actions/ctl/rule_remove_target_by_id.h @@ -30,7 +30,9 @@ namespace ctl { class RuleRemoveTargetById : public Action { public: explicit RuleRemoveTargetById(std::string action) - : Action(action, RunTimeOnlyIfMatchKind) { } + : Action(action, RunTimeOnlyIfMatchKind), + m_id(0), + m_target("") { } bool init(std::string *error) override; bool evaluate(Rule *rule, Transaction *transaction) override; diff --git a/src/actions/phase.h b/src/actions/phase.h index c0637ccd..99f0176f 100644 --- a/src/actions/phase.h +++ b/src/actions/phase.h @@ -33,8 +33,8 @@ namespace actions { class Phase : public Action { public: explicit Phase(std::string action) : Action(action, ConfigurationKind), - m_secRulesPhase(0), - m_phase(0) { } + m_phase(0), + m_secRulesPhase(0) { } bool init(std::string *error) override; bool evaluate(Rule *rule, Transaction *transaction) override; diff --git a/src/actions/redirect.h b/src/actions/redirect.h index 0dd00946..a12f764d 100644 --- a/src/actions/redirect.h +++ b/src/actions/redirect.h @@ -31,7 +31,10 @@ namespace actions { class Redirect : public Action { public: explicit Redirect(const std::string &action) - : Action(action, RunTimeOnlyIfMatchKind) { } + : Action(action, RunTimeOnlyIfMatchKind), + m_status(0), + m_urlExpanded(""), + m_url("") { } bool evaluate(Rule *rule, Transaction *transaction) override; bool init(std::string *error) override; diff --git a/src/actions/set_var.h b/src/actions/set_var.h index c4b4b6b0..21e7bf16 100644 --- a/src/actions/set_var.h +++ b/src/actions/set_var.h @@ -29,7 +29,11 @@ namespace actions { class SetVar : public Action { public: - explicit SetVar(std::string action) : Action(action) { } + explicit SetVar(std::string action) : Action(action), + m_operation(SetVarOperation::setOperation), + m_collectionName(""), + m_variableName(""), + m_predicate("") { } bool evaluate(Rule *rule, Transaction *transaction) override; bool init(std::string *error) override; diff --git a/src/actions/status.h b/src/actions/status.h index 80c626fe..839670e1 100644 --- a/src/actions/status.h +++ b/src/actions/status.h @@ -30,7 +30,8 @@ namespace actions { class Status : public Action { public: - explicit Status(std::string action) : Action(action, 2) { } + explicit Status(std::string action) : Action(action, 2), + m_status(0) { } bool init(std::string *error) override; bool evaluate(Rule *rule, Transaction *transaction, RuleMessage *rm) diff --git a/src/audit_log/audit_log.cc b/src/audit_log/audit_log.cc index 84135819..523e9b4d 100644 --- a/src/audit_log/audit_log.cc +++ b/src/audit_log/audit_log.cc @@ -42,17 +42,17 @@ namespace modsecurity { namespace audit_log { AuditLog::AuditLog() - : m_status(OffAuditLogStatus), - m_path1(""), + : m_path1(""), m_path2(""), m_storage_dir(""), + m_filePermission(0600), + m_directoryPermission(0766), m_parts(AAuditLogPart | BAuditLogPart | CAuditLogPart | FAuditLogPart | HAuditLogPart | ZAuditLogPart), + m_status(OffAuditLogStatus), m_type(ParallelAuditLogType), - m_writer(NULL), m_relevant(""), - filePermission(0600), - directoryPermission(0766), + m_writer(NULL), m_refereceCount(0) { } AuditLog::~AuditLog() { @@ -74,13 +74,13 @@ void AuditLog::refCountDecreaseAndCheck() { } bool AuditLog::setStorageDirMode(int permission) { - this->directoryPermission = permission; + this->m_directoryPermission = permission; return true; } bool AuditLog::setFileMode(int permission) { - this->filePermission = permission; + this->m_filePermission = permission; return true; } diff --git a/src/audit_log/audit_log.h b/src/audit_log/audit_log.h index 3adcb26d..c2405146 100644 --- a/src/audit_log/audit_log.h +++ b/src/audit_log/audit_log.h @@ -166,8 +166,8 @@ class AuditLog { std::string m_path2; std::string m_storage_dir; - int filePermission; - int directoryPermission; + int m_filePermission; + int m_directoryPermission; int m_parts; diff --git a/src/audit_log/writer/parallel.cc b/src/audit_log/writer/parallel.cc index ac09176c..c3391684 100644 --- a/src/audit_log/writer/parallel.cc +++ b/src/audit_log/writer/parallel.cc @@ -114,13 +114,13 @@ bool Parallel::write(Transaction *transaction, int parts) { utils::createDir((logPath + logFilePath(&transaction->m_timeStamp, YearMonthDayDirectory)).c_str(), - m_audit->directoryPermission); + m_audit->m_directoryPermission); utils::createDir((logPath + logFilePath(&transaction->m_timeStamp, YearMonthDayDirectory | YearMonthDayAndTimeDirectory)).c_str(), - m_audit->directoryPermission); + m_audit->m_directoryPermission); - fd = open(fileName.c_str(), O_CREAT | O_WRONLY, m_audit->filePermission); + fd = open(fileName.c_str(), O_CREAT | O_WRONLY, m_audit->m_filePermission); if (fd < 0) { return false; } diff --git a/src/macro_expansion.cc b/src/macro_expansion.cc index 096f26b8..dcc41bca 100644 --- a/src/macro_expansion.cc +++ b/src/macro_expansion.cc @@ -49,7 +49,6 @@ std::string MacroExpansion::expand(const std::string& input, modsecurity::Rule *rule, Transaction *transaction) { std::string res; size_t pos = input.find("%{"); - std::string v; if (pos != std::string::npos) { res = input; @@ -73,23 +72,6 @@ std::string MacroExpansion::expand(const std::string& input, std::string var = std::string(variable, collection + 1, variable.length() - (collection + 1)); - /*if (utils::string::toupper(col) == "RULE") { - if (rule == NULL) { - transaction->debug(9, "macro expansion: cannot resolve " \ - "RULE variable without the Rule object"); - goto ops; - } - modsecurity::Variables::Rule r("RULE:" + var); - std::vector l; - r.evaluateInternal(transaction, rule, &l); - if (l.size() > 0) { - v = l[0]->m_value; - variableValue = &v; - } - for (auto *i : l) { - delete i; - } - }*/ if (utils::string::toupper(col) == "RULE") { variableValue = transaction->m_collections.resolveFirst( "RULE:" + var); @@ -113,7 +95,7 @@ std::string MacroExpansion::expand(const std::string& input, if (variableValue != NULL) { res.insert(start, *variableValue); } -ops: + pos = res.find("%{"); } diff --git a/src/operators/operator.h b/src/operators/operator.h index 5aef651d..857789e9 100644 --- a/src/operators/operator.h +++ b/src/operators/operator.h @@ -58,8 +58,8 @@ class Operator { return evaluate(transaction, str); } - bool m_negation; std::string m_match_message; + bool m_negation; std::string m_op; std::string m_param; diff --git a/src/operators/rx.h b/src/operators/rx.h index cabe8c22..6b197e7b 100644 --- a/src/operators/rx.h +++ b/src/operators/rx.h @@ -35,9 +35,8 @@ class Rx : public Operator { public: /** @ingroup ModSecurity_Operator */ Rx(std::string op, std::string param, bool negation) - : Operator(op, param, negation), - m_param(param) { - m_re = new Regex(param); + : Operator(op, param, negation) { + m_re = new Regex(param); } ~Rx() { @@ -51,7 +50,6 @@ class Rx : public Operator { } private: - std::string m_param; Regex *m_re; }; diff --git a/src/rule.cc b/src/rule.cc index 6bdf5d1c..e3615dcd 100644 --- a/src/rule.cc +++ b/src/rule.cc @@ -519,7 +519,6 @@ void Rule::executeActionsAfterFullMatch(Transaction *trasn, bool Rule::evaluate(Transaction *trasn) { - bool isThisAChainedRule = rule_id == 0; bool globalRet = false; std::vector *variables = this->variables; bool recursiveGlobalRet; @@ -571,13 +570,13 @@ bool Rule::evaluate(Transaction *trasn) { for (const collection::Variable *v : finalVars) { std::string value = v->m_value; std::vector values; - bool ret; bool multiMatch = getActionsByName("multimatch").size() > 0; values = executeSecDefaultActionTransofrmations(trasn, value, multiMatch); for (const std::string &valueTemp : values) { + bool ret; ret = executeOperatorAt(trasn, v->m_key, valueTemp); if (ret == true) { ruleMessage.m_match = resolveMatchMessage(v->m_key, value); @@ -659,7 +658,6 @@ std::vector Rule::getActionsByName(const std::string& name) { bool Rule::containsTag(const std::string& name, Transaction *t) { - std::vector ret; for (auto &z : this->m_actionsRuntimePos) { actions::Tag *tag = dynamic_cast (z); if (tag != NULL && tag->getName(t) == name) { diff --git a/src/utils/regex.cc b/src/utils/regex.cc index 704971d1..d8cc8cad 100644 --- a/src/utils/regex.cc +++ b/src/utils/regex.cc @@ -39,7 +39,8 @@ namespace Utils { Regex::Regex(const std::string& pattern_) - : pattern(pattern_) { + : pattern(pattern_), + m_ovector {0} { const char *errptr = NULL; int erroffset; @@ -86,7 +87,7 @@ std::list Regex::searchAll(const std::string& s) { int substring_length = ovector[2*i+1] - ovector[2*i]; match.match = std::string(subject, ovector[2*i], - ovector[2*i+1] - ovector[2*i]); + substring_length); retList.push_front(match); } diff --git a/test/cppcheck_suppressions.txt b/test/cppcheck_suppressions.txt index 7d8fcfa1..7416ed1a 100644 --- a/test/cppcheck_suppressions.txt +++ b/test/cppcheck_suppressions.txt @@ -28,11 +28,13 @@ unusedLabel:src/unique_id.cc:222 unusedLabel:src/unique_id.cc:224 leakReturnValNotUsed:src/debug_log_writer_agent.cc:31 postfixOperator:* -*:src/utils/mbedtls/base64.c -*:src/utils/mbedtls/sha1.c +*:others/mbedtls/base64.c +*:others/mbedtls/sha1.c +*:others/mbedtls/md5.c readdirCalled:test/common/modsecurity_test.cc:114 missingInclude:* unreadVariable:test/regression/regression.cc:380 shiftNegative:src/utils/msc_tree.cc nullPointerRedundantCheck:src/utils/msc_tree.cc:654 - +*:test/benchmark/owasp-v3/util/av-scanning/runAV/common.c +functionStatic:*