Cosmetics: address cppcheck warnings

src/anchored_set_variable.cc

@@ -28,7 +28,8 @@
 namespace modsecurity {
 
 
-AnchoredSetVariable::AnchoredSetVariable(Transaction *t, std::string name)
+AnchoredSetVariable::AnchoredSetVariable(Transaction *t,
+    const std::string &name)
     : m_transaction(t),
     m_name(name) {
         reserve(10);

src/anchored_variable.cc

@@ -28,7 +28,7 @@ namespace modsecurity {
 
 
 AnchoredVariable::AnchoredVariable(Transaction *t,
-    std::string name)
+    const std::string &name)
     : m_transaction(t),
     m_offset(0),
     m_name(""),

src/audit_log/audit_log.cc

@@ -54,12 +54,12 @@ AuditLog::AuditLog()
     : m_path1(""),
     m_path2(""),
     m_storage_dir(""),
+    m_format(NotSetAuditLogFormat),
+    m_parts(-1),
     m_filePermission(-1),
     m_directoryPermission(-1),
-    m_parts(-1),
     m_status(NotSetLogStatus),
     m_type(NotSetAuditLogType),
-    m_format(NotSetAuditLogFormat),
     m_relevant(""),
     m_writer(NULL),
     m_refereceCount(1) { }
@@ -85,7 +85,7 @@ bool AuditLog::setFileMode(int permission) {
 }
 
 
-int AuditLog::getFilePermission() {
+int AuditLog::getFilePermission() const {
     if (m_filePermission == -1) {
         return m_defaultFilePermission;
     }
@@ -93,7 +93,7 @@ int AuditLog::getFilePermission() {
     return m_filePermission;
 }
 
-int AuditLog::getDirectoryPermission() {
+int AuditLog::getDirectoryPermission() const {
     if (m_directoryPermission == -1) {
         return m_defaultDirectoryPermission;
     }
@@ -192,7 +192,7 @@ bool AuditLog::setParts(const std::basic_string<char>& new_parts) {
 }
 
 
-int AuditLog::getParts() {
+int AuditLog::getParts() const {
     if (m_parts == -1) {
         return m_defaultParts;
     }

src/audit_log/writer/parallel.h

@@ -65,7 +65,7 @@ class Parallel : public Writer {
      YearMonthDayAndTimeFileName = 8,
     };
 
-    inline std::string logFilePath(time_t *t, int part);
+    static inline std::string logFilePath(time_t *t, int part);
 };
 
 }  // namespace writer

src/audit_log/writer/writer.h

@@ -51,7 +51,7 @@ class Writer {
     virtual bool write(Transaction *transaction, int parts,
         std::string *error) = 0;
 
-    void generateBoundary(std::string *boundary);
+    static void generateBoundary(std::string *boundary);
 
     void refCountIncrease() {
         m_refereceCount++;

src/collection/backend/in_memory-per_process.cc

@@ -36,7 +36,7 @@ namespace collection {
 namespace backend {
 
 
-InMemoryPerProcess::InMemoryPerProcess(std::string name) :
+InMemoryPerProcess::InMemoryPerProcess(const std::string &name) :
     Collection(name) {
     this->reserve(1000);
     pthread_mutex_init(&m_lock, NULL);

src/collection/backend/in_memory-per_process.h

@@ -72,7 +72,7 @@ class InMemoryPerProcess :
         /*std::hash<std::string>*/MyHash, MyEqual>,
     public Collection {
  public:
-    explicit InMemoryPerProcess(std::string name);
+    explicit InMemoryPerProcess(const std::string &name);
     ~InMemoryPerProcess();
     void store(std::string key, std::string value) override;
 

src/collection/collections.cc

@@ -36,14 +36,17 @@ namespace collection {
 
 Collections::Collections(Collection *global,
     Collection *ip, Collection *session, Collection *user,
-    Collection *resource) : m_global_collection_key(""),
+    Collection *resource)
+    : m_global_collection_key(""),
     m_ip_collection_key(""),
+    m_session_collection_key(""),
+    m_user_collection_key(""),
     m_resource_collection_key(""),
     m_global_collection(global),
-    m_resource_collection(resource),
     m_ip_collection(ip),
     m_session_collection(session),
     m_user_collection(user),
+    m_resource_collection(resource),
     m_tx_collection(new backend::InMemoryPerProcess("TX")) {
     }
 

src/debug_log/debug_log_writer.h

@@ -40,9 +40,9 @@ class DebugLogWriter {
         return instance;
     }
 
-    void write_log(const std::string& file, const std::string& msg);
-    void close(const std::string& m_fileName);
-    int open(const std::string& m_fileName, std::string *error);
+    static void write_log(const std::string& file, const std::string& msg);
+    static void close(const std::string& m_fileName);
+    static int open(const std::string& m_fileName, std::string *error);
 
  private:
     DebugLogWriter() : m_first(NULL) { }

src/engine/lua.cc

@@ -39,7 +39,7 @@ namespace modsecurity {
 namespace engine {
 
 
-bool Lua::isCompatible(std::string script, Lua *l, std::string *error) {
+bool Lua::isCompatible(const std::string &script, Lua *l, std::string *error) {
 #ifdef WITH_LUA
     std::string lua(".lua");
     std::string err;
@@ -63,7 +63,7 @@ bool Lua::isCompatible(std::string script, Lua *l, std::string *error) {
 }
 
 
-bool Lua::load(std::string script, std::string *err) {
+bool Lua::load(const std::string &script, std::string *err) {
 #ifdef WITH_LUA
     lua_State *L = NULL;
     L = luaL_newstate();

src/engine/lua.h

@@ -53,7 +53,7 @@ class LuaScriptBlob {
     }
 
 
-    const char *read(size_t *len) {
+    const char *read(size_t *len) const {
         *len = m_len;
         return (const char *)m_data;
     }
@@ -68,9 +68,9 @@ class Lua {
  public:
     Lua() { }
 
-    bool load(std::string script, std::string *err);
+    bool load(const std::string &script, std::string *err);
     int run(Transaction *t, const std::string &str="");
-    static bool isCompatible(std::string script, Lua *l, std::string *error);
+    static bool isCompatible(const std::string &script, Lua *l, std::string *error);
 
 #ifdef WITH_LUA
     static int blob_keeper(lua_State *L, const void *p, size_t sz, void *ud);

src/modsecurity.cc

@@ -60,8 +60,7 @@ namespace modsecurity {
  * @endcode
  */
 ModSecurity::ModSecurity()
-    : m_connector(""),
-    m_whoami(""),
+    :
 #ifdef WITH_LMDB
     m_global_collection(new collection::backend::LMDB("GLOBAL")),
     m_resource_collection(new collection::backend::LMDB("RESOURCE")),
@@ -70,14 +69,17 @@ ModSecurity::ModSecurity()
     m_user_collection(new collection::backend::LMDB("USER")),
 #else
     m_global_collection(new collection::backend::InMemoryPerProcess("GLOBAL")),
-    m_ip_collection(new collection::backend::InMemoryPerProcess("IP")),
     m_resource_collection(
         new collection::backend::InMemoryPerProcess("RESOURCE")),
+    m_ip_collection(new collection::backend::InMemoryPerProcess("IP")),
     m_session_collection(
         new collection::backend::InMemoryPerProcess("SESSION")),
     m_user_collection(new collection::backend::InMemoryPerProcess("USER")),
 #endif
-    m_logCb(NULL) {
+    m_connector(""),
+    m_whoami(""),
+    m_logCb(NULL),
+    m_logProperties(0) {
     UniqueId::uniqueId();
     srand(time(NULL));
 #ifdef MSC_WITH_CURL
@@ -167,7 +169,7 @@ const std::string& ModSecurity::whoAmI() {
  * @param connector Information about the connector.
  *
  */
-void ModSecurity::setConnectorInformation(std::string connector) {
+void ModSecurity::setConnectorInformation(const std::string &connector) {
     m_connector = connector;
 }
 
@@ -182,7 +184,7 @@ void ModSecurity::setConnectorInformation(std::string connector) {
  * @retval "" Nothing was informed about the connector.
  * @retval !="" Connector information.
  */
-const std::string& ModSecurity::getConnectorInformation() {
+const std::string& ModSecurity::getConnectorInformation() const {
     return m_connector;
 }
 
@@ -224,7 +226,6 @@ int ModSecurity::processContentOffset(const char *content, size_t len,
     Utils::Regex transformations("t:(?:(?!t:).)+");
     yajl_gen g;
     std::string varValue;
-    std::string opValue;
     const unsigned char *buf;
     size_t jsonSize;
 
@@ -391,11 +392,11 @@ int ModSecurity::processContentOffset(const char *content, size_t len,
     json->append("\n");
 
     yajl_gen_free(g);
+    return 0;
 #else
     *err = "Without YAJL support, we cannot generate JSON.";
     return -1;
 #endif
-    return 0;
 }
 
 

src/operators/pm.cc

@@ -83,7 +83,7 @@ void Pm::postOrderTraversal(acmp_btree_node_t *node) {
 
 bool Pm::evaluate(Transaction *transaction, Rule *rule,
     const std::string &input, std::shared_ptr<RuleMessage> ruleMessage) {
-    int rc = -1;
+    int rc;
     ACMPT pt;
     pt.parser = m_p;
     pt.ptr = NULL;

src/operators/rbl.h

@@ -62,7 +62,7 @@ class Rbl : public Operator {
 
     /** @ingroup ModSecurity_Operator */
     explicit Rbl(std::unique_ptr<RunTimeString> param)
-        : m_service(""),
+        : m_service(),
         m_demandsPassword(false),
         m_provider(RblProvider::UnknownProvider),
         Operator("Rbl", std::move(param)) {

src/parser/driver.cc

@@ -15,7 +15,6 @@
 
 #include "src/parser/driver.h"
 
-#include "src/parser/seclang-parser.hh"
 #include "modsecurity/audit_log.h"
 #include "modsecurity/rules_properties.h"
 

src/parser/driver.h

@@ -30,7 +30,9 @@
 #include "modsecurity/rules_properties.h"
 #include "modsecurity/audit_log.h"
 #include "src/rule_script.h"
+#ifndef MS_CPPCHECK_DISABLED_FOR_PARSER
 #include "src/parser/seclang-parser.hh"
+#endif
 
 using modsecurity::Rule;
 using modsecurity::Rules;

src/request_body_processor/json.cc

@@ -237,10 +237,10 @@ int JSON::yajl_end_array(void *ctx) {
     tthis->m_containers.pop_back();
     delete a;
     if (tthis->m_containers.size() > 0) {
-        JSONContainerArray *a = dynamic_cast<JSONContainerArray *>(
+        JSONContainerArray *ja = dynamic_cast<JSONContainerArray *>(
             tthis->m_containers.back());
-        if (a) {
-            a->m_elementCounter++;
+        if (ja) {
+            ja->m_elementCounter++;
         }
     }
 
@@ -272,10 +272,10 @@ int JSON::yajl_end_map(void *ctx) {
     delete a;
 
     if (tthis->m_containers.size() > 0) {
-        JSONContainerArray *a = dynamic_cast<JSONContainerArray *>(
+        JSONContainerArray *ja = dynamic_cast<JSONContainerArray *>(
             tthis->m_containers.back());
-        if (a) {
-            a->m_elementCounter++;
+        if (ja) {
+            ja->m_elementCounter++;
         }
     }
 

src/request_body_processor/json.h

@@ -36,7 +36,7 @@ namespace RequestBodyProcessor {
 
 class JSONContainer {
  public:
-    explicit JSONContainer(std::string name) : m_name(name) { }
+    explicit JSONContainer(const std::string &name) : m_name(name) { }
     virtual ~JSONContainer() { }
     std::string m_name;
 };
@@ -44,7 +44,7 @@ class JSONContainer {
 
 class JSONContainerArray : public JSONContainer {
  public:
-    explicit JSONContainerArray(std::string name) : JSONContainer(name),
+    explicit JSONContainerArray(const std::string &name) : JSONContainer(name),
         m_elementCounter(0) { }
     size_t m_elementCounter;
 };
@@ -52,7 +52,7 @@ class JSONContainerArray : public JSONContainer {
 
 class JSONContainerMap : public JSONContainer {
  public:
-     explicit JSONContainerMap(std::string name) : JSONContainer(name) { }
+     explicit JSONContainerMap(const std::string &name) : JSONContainer(name) { }
 };
 
 
@@ -61,7 +61,7 @@ class JSON {
     explicit JSON(Transaction *transaction);
     ~JSON();
 
-    bool init();
+    static bool init();
     bool processChunk(const char *buf, unsigned int size, std::string *err);
     bool complete(std::string *err);
 
@@ -79,7 +79,7 @@ class JSON {
     static int yajl_start_array(void *ctx);
     static int yajl_end_array(void *ctx);
 
-    bool isPreviousArray() {
+    bool isPreviousArray() const {
         JSONContainerArray *prev = NULL;
         if (m_containers.size() < 1) {
             return false;

src/request_body_processor/multipart.cc

@@ -36,7 +36,7 @@ namespace modsecurity {
 namespace RequestBodyProcessor {
 
 
-Multipart::Multipart(std:: string header, Transaction *transaction)
+Multipart::Multipart(const std::string &header, Transaction *transaction)
     : m_reqbody_no_files_length(0),
     m_nfiles(0),
     m_boundary_count(0),
@@ -1277,7 +1277,7 @@ bool Multipart::init(std::string *error) {
             /* Quoted. */
             m_boundary.assign(std::string(b + 1, len - 2));
             if (m_boundary.empty()) {
-                return -1;
+                return false;
             }
             m_flag_boundary_quoted = 1;
         } else {

src/request_body_processor/multipart.h

@@ -58,11 +58,19 @@ class MultipartPart {
  public:
     MultipartPart()
      : m_type(MULTIPART_FORMDATA),
-     m_tmp_file_fd(0),
-     m_offset(0),
-     m_filenameOffset(0),
+     m_name(""),
      m_nameOffset(0),
+     m_value(""),
      m_valueOffset(0),
+     m_value_parts(),
+     m_tmp_file_name(""),
+     m_tmp_file_fd(0),
+     m_tmp_file_size(),
+     m_filename(""),
+     m_filenameOffset(0),
+     m_last_header_name(""),
+     m_headers(),
+     m_offset(0),
      m_length(0) {
          m_tmp_file_size.first = 0;
          m_tmp_file_size.second = 0;
@@ -109,14 +117,14 @@ class MultipartPart {
 
 class Multipart {
  public:
-    Multipart(std::string header, Transaction *transaction);
+    Multipart(const std::string &header, Transaction *transaction);
     ~Multipart();
 
     bool init(std::string *err);
 
-    int boundary_characters_valid(const char *boundary);
-    int count_boundary_params(const std::string& str_header_value);
-    int is_token_char(unsigned char c);
+    static int boundary_characters_valid(const char *boundary);
+    static int count_boundary_params(const std::string& str_header_value);
+    static int is_token_char(unsigned char c);
     int multipart_complete(std::string *err);
 
     int parse_content_disposition(const char *c_d_value, int offset);

src/request_body_processor/xml.cc

@@ -46,13 +46,13 @@ XML::~XML() {
 
 
 bool XML::init() {
-    xmlParserInputBufferCreateFilenameFunc entity;
+    //xmlParserInputBufferCreateFilenameFunc entity;
     if (m_transaction->m_rules->m_secXMLExternalEntity
         == RulesProperties::TrueConfigBoolean) {
-        entity = xmlParserInputBufferCreateFilenameDefault(
+        /*entity = */xmlParserInputBufferCreateFilenameDefault(
             __xmlParserInputBufferCreateFilename);
     } else {
-        entity = xmlParserInputBufferCreateFilenameDefault(
+        /*entity = */xmlParserInputBufferCreateFilenameDefault(
             this->unloadExternalEntity);
     }
 

src/rule.cc

@@ -52,33 +52,34 @@ using actions::transformations::None;
 
 
 Rule::Rule(const std::string &marker)
-    : m_accuracy(0),
+    : m_theDisruptiveAction(nullptr),
+    m_logData(nullptr),
+    m_msg(nullptr),
+    m_severity(nullptr),
+    m_chained(false),
+    m_containsCaptureAction(false),
+    m_containsMultiMatchAction(false),
+    m_containsStaticBlockAction(false),
+    m_secMarker(true),
+    m_ruleId(0),
+    m_accuracy(0),
+    m_lineNumber(0),
+    m_maturity(0),
+    m_phase(-1),
+    m_variables(NULL),
+    m_op(NULL),
+    m_chainedRuleChild(NULL),
+    m_chainedRuleParent(NULL),
+    m_fileName(""),
+    m_marker(marker),
+    m_rev(""),
+    m_ver(""),
     m_actionsRuntimePos(),
     m_actionsRuntimePre(),
     m_actionsSetVar(),
     m_actionsTag(),
-    m_chained(false),
-    m_chainedRuleChild(NULL),
-    m_fileName(""),
-    m_lineNumber(0),
-    m_marker(marker),
-    m_maturity(0),
-    m_op(NULL),
-    m_phase(-1),
-    m_rev(""),
-    m_ruleId(0),
-    m_secMarker(true),
-    m_variables(NULL),
-    m_ver(""),
     m_unconditional(false),
-    m_referenceCount(1),
-    m_theDisruptiveAction(nullptr),
-    m_containsStaticBlockAction(false),
-    m_containsCaptureAction(false),
-    m_containsMultiMatchAction(false),
-    m_severity(nullptr),
-    m_logData(nullptr),
-    m_msg(nullptr) { }
+    m_referenceCount(1) { }
 
 
 Rule::Rule(Operator *_op,
@@ -86,34 +87,35 @@ Rule::Rule(Operator *_op,
     std::vector<Action *> *actions,
     std::string fileName,
     int lineNumber)
-    : m_accuracy(0),
+    : m_theDisruptiveAction(nullptr),
+    m_logData(nullptr),
+    m_msg(nullptr),
+    m_severity(nullptr),
+    m_chained(false),
+    m_containsCaptureAction(false),
+    m_containsMultiMatchAction(false),
+    m_containsStaticBlockAction(false),
+    m_secMarker(false),
+    m_ruleId(0),
+    m_accuracy(0),
+    m_lineNumber(lineNumber),
+    m_maturity(0),
+    m_phase(-1),
+    m_variables(_variables),
+    m_op(_op),
+    m_chainedRuleChild(NULL),
+    m_chainedRuleParent(NULL),
+    m_fileName(fileName),
+    m_marker(""),
+    m_rev(""),
+    m_ver(""),
     m_actionsRuntimePos(),
     m_actionsRuntimePre(),
     m_actionsSetVar(),
     m_actionsTag(),
-    m_chained(false),
-    m_chainedRuleChild(NULL),
-    m_chainedRuleParent(NULL),
-    m_fileName(fileName),
-    m_lineNumber(lineNumber),
-    m_marker(""),
-    m_maturity(0),
-    m_op(_op),
-    m_phase(-1),
-    m_rev(""),
-    m_ruleId(0),
-    m_secMarker(false),
-    m_variables(_variables),
-    m_ver(""),
     m_unconditional(false),
-    m_referenceCount(1),
-    m_theDisruptiveAction(nullptr),
-    m_containsStaticBlockAction(false),
-    m_containsCaptureAction(false),
-    m_containsMultiMatchAction(false),
-    m_severity(nullptr),
-    m_logData(nullptr),
-    m_msg(nullptr) {
+    m_referenceCount(1)
+    {
     /* */
     organizeActions(actions);
 
@@ -338,7 +340,7 @@ inline void Rule::executeTransformation(actions::Action *a,
     std::list<std::pair<std::shared_ptr<std::string>,
         std::shared_ptr<std::string>>> *ret,
     std::string *path,
-    int *nth) {
+    int *nth) const {
 
     std::string *oldValue = (*value).get();
     std::string newValue = a->evaluate(*oldValue, trans);

src/rule_script.h

@@ -44,9 +44,9 @@ using actions::Action;
 /** @ingroup ModSecurity_CPP_API */
 class RuleScript : public Rule {
  public:
-    RuleScript(std::string name,
+    RuleScript(const std::string &name,
         std::vector<Action *> *actions,
-        std::string fileName,
+        const std::string &fileName,
         int lineNumber)
             : Rule(NULL, NULL, actions, fileName, lineNumber),
         m_name(name) { }

src/rules.cc

@@ -173,9 +173,9 @@ int Rules::evaluate(int phase, Transaction *t) {
             "through the utilization of an `allow' action.");
         return true;
     }
-    if (t->m_allowType != actions::disruptive::NoneAllowType) {
-        t->m_allowType = actions::disruptive::NoneAllowType;
-    }
+    //if (t->m_allowType != actions::disruptive::NoneAllowType) {
+    t->m_allowType = actions::disruptive::NoneAllowType;
+    //}
 
     for (int i = 0; i < rules.size(); i++) {
         Rule *rule = rules[i];
@@ -255,7 +255,7 @@ int Rules::evaluate(int phase, Transaction *t) {
             }
 
             rule->evaluate(t, NULL);
-            if (t->m_it.disruptive == true) {
+            if (t->m_it.disruptive > 0) {
                 ms_dbg_a(t, 8, "Skipping this phase as this " \
                     "request was already intercepted.");
                 break;
@@ -296,7 +296,7 @@ void Rules::debug(int level, const std::string &id,
 }
 
 
-void Rules::dump() {
+void Rules::dump() const {
     std::cout << "Rules: " << std::endl;
     for (int i = 0; i < modsecurity::Phases::NUMBER_OF_PHASES; i++) {
         std::vector<Rule *> rules = m_rules[i];

src/rules_exceptions.cc

@@ -122,8 +122,8 @@ bool RulesExceptions::loadUpdateTargetById(double id,
 bool RulesExceptions::load(const std::string &a, std::string *error) {
     bool added = false;
     std::vector<std::string> toRemove = utils::string::ssplit(a, ' ');
-    for (std::string &a : toRemove) {
-        std::string b = modsecurity::utils::string::parserSanitizer(a);
+    for (std::string &r : toRemove) {
+        std::string b = modsecurity::utils::string::parserSanitizer(r);
         if (b.size() == 0) {
             continue;
         }

src/run_time_string.cc

@@ -30,7 +30,7 @@
 namespace modsecurity {
 
 
-void RunTimeString::appendText(std::string text) {
+void RunTimeString::appendText(const std::string &text) {
     std::unique_ptr<RunTimeElementHolder> r(new RunTimeElementHolder);
     r->m_string = text;
     m_elements.push_back(std::move(r));

src/run_time_string.h

@@ -46,14 +46,14 @@ class RunTimeString {
  public:
     RunTimeString() :
         m_containsMacro(false) { }
-    void appendText(std::string text);
+    void appendText(const std::string &text);
     void appendVar(std::unique_ptr<modsecurity::variables::Variable> var);
     std::string evaluate(Transaction *t);
     std::string evaluate(Transaction *t, Rule *r);
     std::string evaluate() {
         return evaluate(NULL);
     }
-    inline bool containsMacro() { return m_containsMacro; }
+    inline bool containsMacro() const { return m_containsMacro; }
     bool m_containsMacro;
 
  protected:

src/transaction.cc

@@ -100,37 +100,67 @@ namespace modsecurity {
  *
  */
 Transaction::Transaction(ModSecurity *ms, Rules *rules, void *logCbData)
-    : m_clientPort(0),
-    m_serverPort(0),
+    : m_creationTimeStamp(utils::cpu_seconds()),
+    m_clientIpAddress(""),
+    m_httpVersion(""),
+    m_serverIpAddress(""),
+    m_uri(""),
     m_uri_no_query_string_decoded(""),
-    m_rules(rules),
-    m_timeStamp(std::time(NULL)),
-    m_httpCodeReturned(200),
-    m_highestSeverityAction(255),
     m_ARGScombinedSizeDouble(0),
+    m_clientPort(0),
+    m_highestSeverityAction(255),
+    m_httpCodeReturned(200),
+    m_serverPort(0),
+    m_ms(ms),
     m_requestBodyType(UnknownFormat),
     m_requestBodyProcessor(UnknownFormat),
+    m_rules(rules),
+    m_ruleRemoveById(),
+    m_ruleRemoveByIdRange(),
+    m_ruleRemoveByTag(),
+    m_ruleRemoveTargetByTag(),
+    m_ruleRemoveTargetById(),
     m_requestBodyAccess(Rules::PropertyNotSetConfigBoolean),
+    m_auditLogModifier(),
+    m_rulesMessages(),
+    m_requestBody(),
+    m_responseBody(),
+    m_id(),
     m_marker(""),
-    m_allowType(modsecurity::actions::disruptive::NoneAllowType),
     m_skip_next(0),
-    m_creationTimeStamp(utils::cpu_seconds()),
-    m_logCbData(logCbData),
-    m_ms(ms),
-    m_secRuleEngine(RulesProperties::PropertyNotSetRuleEngine),
+    m_allowType(modsecurity::actions::disruptive::NoneAllowType),
+    m_uri_decoded(""),
+    m_actions(),
+    m_it(),
+    m_timeStamp(std::time(NULL)),
     m_collections(ms->m_global_collection, ms->m_ip_collection,
         ms->m_session_collection, ms->m_user_collection,
         ms->m_resource_collection),
-#ifdef WITH_YAJL
-    m_json(new RequestBodyProcessor::JSON(this)),
-#else
-    m_json(NULL),
-#endif
+    m_matched(),
 #ifdef WITH_LIBXML2
     m_xml(new RequestBodyProcessor::XML(this)),
 #else
     m_xml(NULL),
 #endif
+#ifdef WITH_YAJL
+    m_json(new RequestBodyProcessor::JSON(this)),
+#else
+    m_json(NULL),
+#endif
+    m_secRuleEngine(RulesProperties::PropertyNotSetRuleEngine),
+    m_variableDuration(""),
+    m_variableEnvs(),
+    m_variableHighestSeverityAction(""),
+    m_variableRemoteUser(""),
+    m_variableTime(""),
+    m_variableTimeDay(""),
+    m_variableTimeEpoch(""),
+    m_variableTimeHour(""),
+    m_variableTimeMin(""),
+    m_variableTimeSec(""),
+    m_variableTimeWDay(""),
+    m_variableTimeYear(""),
+    m_logCbData(logCbData),
     TransactionAnchoredVariables(this) {
     m_id = std::to_string(this->m_timeStamp) + \
         std::to_string(modsecurity::utils::generate_transaction_unique_id());
@@ -144,39 +174,68 @@ Transaction::Transaction(ModSecurity *ms, Rules *rules, void *logCbData)
 }
 
 Transaction::Transaction(ModSecurity *ms, Rules *rules, char *id, void *logCbData)
-    : m_clientPort(0),
-    m_serverPort(0),
+    : m_creationTimeStamp(utils::cpu_seconds()),
+    m_clientIpAddress(""),
+    m_httpVersion(""),
+    m_serverIpAddress(""),
+    m_uri(""),
     m_uri_no_query_string_decoded(""),
-    m_rules(rules),
-    m_timeStamp(std::time(NULL)),
-    m_httpCodeReturned(200),
-    m_highestSeverityAction(255),
     m_ARGScombinedSizeDouble(0),
+    m_clientPort(0),
+    m_highestSeverityAction(255),
+    m_httpCodeReturned(200),
+    m_serverPort(0),
+    m_ms(ms),
     m_requestBodyType(UnknownFormat),
     m_requestBodyProcessor(UnknownFormat),
+    m_rules(rules),
+    m_ruleRemoveById(),
+    m_ruleRemoveByIdRange(),
+    m_ruleRemoveByTag(),
+    m_ruleRemoveTargetByTag(),
+    m_ruleRemoveTargetById(),
     m_requestBodyAccess(Rules::PropertyNotSetConfigBoolean),
+    m_auditLogModifier(),
+    m_rulesMessages(),
+    m_requestBody(),
+    m_responseBody(),
+    m_id(std::string(id)),
     m_marker(""),
-    m_allowType(modsecurity::actions::disruptive::NoneAllowType),
     m_skip_next(0),
-    m_creationTimeStamp(utils::cpu_seconds()),
-    m_logCbData(logCbData),
-    m_ms(ms),
-    m_secRuleEngine(RulesProperties::PropertyNotSetRuleEngine),
+    m_allowType(modsecurity::actions::disruptive::NoneAllowType),
+    m_uri_decoded(""),
+    m_actions(),
+    m_it(),
+    m_timeStamp(std::time(NULL)),
     m_collections(ms->m_global_collection, ms->m_ip_collection,
         ms->m_session_collection, ms->m_user_collection,
         ms->m_resource_collection),
-#ifdef WITH_YAJL
-    m_json(new RequestBodyProcessor::JSON(this)),
-#else
-    m_json(NULL),
-#endif
+    m_matched(),
 #ifdef WITH_LIBXML2
     m_xml(new RequestBodyProcessor::XML(this)),
 #else
     m_xml(NULL),
 #endif
+#ifdef WITH_YAJL
+    m_json(new RequestBodyProcessor::JSON(this)),
+#else
+    m_json(NULL),
+#endif
+    m_secRuleEngine(RulesProperties::PropertyNotSetRuleEngine),
+    m_variableDuration(""),
+    m_variableEnvs(),
+    m_variableHighestSeverityAction(""),
+    m_variableRemoteUser(""),
+    m_variableTime(""),
+    m_variableTimeDay(""),
+    m_variableTimeEpoch(""),
+    m_variableTimeHour(""),
+    m_variableTimeMin(""),
+    m_variableTimeSec(""),
+    m_variableTimeWDay(""),
+    m_variableTimeYear(""),
+    m_logCbData(logCbData),
     TransactionAnchoredVariables(this) {
-    m_id = std::string(id);
     m_rules->incrementReferenceCount();
 
     m_variableUrlEncodedError.set("0", 0);
@@ -1143,7 +1202,7 @@ int Transaction::processResponseBody() {
             + ". It is not marked to be inspected.");
         std::string validContetTypes("");
         for (std::set<std::string>::iterator i = bi.begin();
-             i != bi.end(); i++) {
+             i != bi.end(); ++i) {
             validContetTypes.append(*i + " ");
         }
         ms_dbg(8, "Content-Type(s) marked to be inspected: " \
@@ -1250,7 +1309,7 @@ int Transaction::appendResponseBody(const unsigned char *buf, size_t len) {
  * @retval NULL Nothing was updated.
  *
  */
-const char *Transaction::getResponseBody() {
+const char *Transaction::getResponseBody() const {
     // int there_is_update = this->rules->loadResponseBodyFromJS(this);
     return this->m_responseBody.str().c_str();
 }
@@ -1324,7 +1383,7 @@ int Transaction::processLogging() {
         ms_dbg(8, "Checking if this request is suitable to be " \
             "saved as an audit log.");
 
-        if (this->m_auditLogModifier.size() > 0) {
+        if (!this->m_auditLogModifier.empty()) {
             ms_dbg(4, "There was an audit log modifier for this transaction.");
             std::list<std::pair<int, std::string>>::iterator it;
             ms_dbg(7, "AuditLog parts before modification(s): " +
@@ -1754,7 +1813,7 @@ void Transaction::serverLog(std::shared_ptr<RuleMessage> rm) {
 }
 
 
-int Transaction::getRuleEngineState() {
+int Transaction::getRuleEngineState() const {
     if (m_secRuleEngine == RulesProperties::PropertyNotSetRuleEngine) {
         return m_rules->m_secRuleEngine;
     }

src/unique_id.cc

@@ -72,7 +72,7 @@ void UniqueId::fillUniqueId() {
 
 // Based on:
 // http://stackoverflow.com/questions/16858782/how-to-obtain-almost-unique-system-identifier-in-a-cross-platform-way
-std::string const UniqueId::machineName() {
+std::string UniqueId::machineName() {
     char machine_name[MAX_MACHINE_NAME_SIZE];
     size_t len = MAX_MACHINE_NAME_SIZE;
 #ifdef WIN32
@@ -105,7 +105,7 @@ failed:
 #endif
 }
 
-std::string const UniqueId::ethernetMacAddress() {
+std::string UniqueId::ethernetMacAddress() {
     char mac[MAC_ADDRESS_SIZE];
     memset(mac, '\0', sizeof(char)*(MAC_ADDRESS_SIZE));
 #ifdef DARWIN

src/unique_id.h

@@ -46,8 +46,8 @@ class UniqueId {
     }
 
     void fillUniqueId();
-    std::string const machineName();
-    std::string const ethernetMacAddress();
+    static std::string machineName();
+    static std::string ethernetMacAddress();
 
     std::string uniqueId_str;
 

src/variables/variable.h

@@ -106,6 +106,7 @@ namespace variables {
 
 class KeyExclusion {
  public:
+    KeyExclusion() { }
     virtual bool match(const std::string &a) = 0;
     virtual ~KeyExclusion() { }
 };
@@ -150,6 +151,9 @@ class KeyExclusionString : public KeyExclusion {
 
 class KeyExclusions : public std::deque<std::unique_ptr<KeyExclusion>> {
  public:
+    KeyExclusions() {
+    }
+
     bool toOmit(std::string a) {
         for (auto &z : *this) {
             if (z->match(a)) {
@@ -163,6 +167,7 @@ class KeyExclusions : public std::deque<std::unique_ptr<KeyExclusion>> {
 
 class VariableMonkeyResolution {
  public:
+    VariableMonkeyResolution () { }
     static inline bool comp(const std::string &a, const std::string &b) {
         return a.size() == b.size()
              && std::equal(a.begin(), a.end(), b.begin(),