wip

Author: cataphract

appsec/src/extension/commands/client_init.c

@@ -245,7 +245,8 @@ static dd_result _process_response(
     return dd_error;
 }
 
-static void _process_meta_and_metrics(mpack_node_t root, struct req_info *nonnull ctx)
+static void _process_meta_and_metrics(
+    mpack_node_t root, struct req_info *nonnull ctx)
 {
     zend_object *span = ctx->root_span;
     if (!span) {

appsec/src/extension/commands/request_exec.c

@@ -18,7 +18,7 @@ struct ctx {
 };
 
 static dd_result _pack_command(
-    mpack_writer_t *nonnull w, ATTR_UNUSED void *nullable ctx);
+    mpack_writer_t *nonnull w, void *nonnull ctx);
 
 static const dd_command_spec _spec = {
     .name = "request_exec",
@@ -37,13 +37,13 @@ dd_result dd_request_exec(dd_conn *nonnull conn, zval *nonnull data)
         return dd_error;
     }
 
-    struct ctx ctx = { .data = data };
+    struct ctx ctx = {.data = data};
 
     return dd_command_exec(conn, &_spec, &ctx);
 }
 
 static dd_result _pack_command(
-    mpack_writer_t *nonnull w, ATTR_UNUSED void *nullable _ctx)
+    mpack_writer_t *nonnull w, void *nonnull _ctx)
 {
     assert(_ctx != NULL);
     struct ctx *ctx = _ctx;

appsec/src/extension/commands/request_init.c

@@ -22,7 +22,7 @@
 #include <zend_string.h>
 
 static dd_result _request_pack(
-    mpack_writer_t *nonnull w, void *nullable ATTR_UNUSED ctx);
+    mpack_writer_t *nonnull w, void *nonnull ctx);
 static void _init_autoglobals(void);
 static void _pack_headers(
     mpack_writer_t *nonnull w, const zend_array *nonnull server);
@@ -48,9 +48,9 @@ dd_result dd_request_init(
     return dd_command_exec(conn, &_spec, ctx);
 }
 
-static dd_result _request_pack(mpack_writer_t *nonnull w, void *nullable _ctx)
+static dd_result _request_pack(mpack_writer_t *nonnull w, void *nonnull _ctx)
 {
-    struct req_info_init *nullable ctx = _ctx;
+    struct req_info_init *nonnull ctx = _ctx;
 
     bool send_raw_body = get_global_DD_APPSEC_TESTING() &&
                          get_global_DD_APPSEC_TESTING_RAW_BODY();

appsec/src/extension/ddappsec.c

@@ -235,10 +235,7 @@ static PHP_MSHUTDOWN_FUNCTION(ddappsec)
 
 static pthread_once_t _rinit_once_control = PTHREAD_ONCE_INIT;
 
-static void _rinit_once()
-{
-    dd_config_first_rinit();
-}
+static void _rinit_once() { dd_config_first_rinit(); }
 
 // NOLINTNEXTLINE
 static PHP_RINIT_FUNCTION(ddappsec)
@@ -352,8 +349,8 @@ static void _check_enabled()
         DDAPPSEC_G(active) = false;
         DDAPPSEC_G(to_be_configured) = false;
     } else if (!dd_cfg_enable_via_remcfg()) {
-        DDAPPSEC_G(enabled) =
-            get_DD_APPSEC_ENABLED() ? APPSEC_FULLY_ENABLED : APPSEC_FULLY_DISABLED;
+        DDAPPSEC_G(enabled) = get_DD_APPSEC_ENABLED() ? APPSEC_FULLY_ENABLED
+                                                      : APPSEC_FULLY_DISABLED;
         DDAPPSEC_G(active) = get_DD_APPSEC_ENABLED() ? true : false;
         DDAPPSEC_G(to_be_configured) = false;
     } else {

appsec/src/extension/ddtrace.c

@@ -36,7 +36,8 @@ static void _register_testing_objects(void);
 static zend_object *(*nullable _ddtrace_get_root_span)(void);
 static void (*nullable _ddtrace_close_all_spans_and_flush)(void);
 static void (*nullable _ddtrace_set_priority_sampling_on_span_zobj)(
-    zend_object *nonnull zobj, zend_long priority, enum dd_sampling_mechanism mechanism);
+    zend_object *nonnull zobj, zend_long priority,
+    enum dd_sampling_mechanism mechanism);
 
 static bool (*nullable _ddtrace_user_req_add_listeners)(
     ddtrace_user_req_listeners *listeners);
@@ -64,7 +65,7 @@ static void dd_trace_load_symbols(void)
     _ddtrace_get_root_span = dlsym(handle, "ddtrace_get_root_span");
     if (_ddtrace_get_root_span == NULL && !testing) {
         mlog(dd_log_error, "Failed to load ddtrace_get_root_span: %s",
-            dlerror()); // NOLINT(concurrency-mt-unsafe) 
+            dlerror()); // NOLINT(concurrency-mt-unsafe)
     }
 
     _ddtrace_runtime_id = dlsym(handle, "ddtrace_runtime_id");
@@ -245,8 +246,8 @@ static zval *_get_span_modifiable_array_property(
     ZVAL_OBJ(&obj, zobj);
     zval prop;
     ZVAL_STR(&prop, propname);
-    zval *res = zobj->handlers->get_property_ptr_ptr(&obj, &prop, BP_VAR_R,
-        NULL);
+    zval *res =
+        zobj->handlers->get_property_ptr_ptr(&obj, &prop, BP_VAR_R, NULL);
 
 #endif
 
@@ -314,7 +315,8 @@ void dd_trace_set_priority_sampling_on_span_zobj(zend_object *nonnull root_span,
     _ddtrace_set_priority_sampling_on_span_zobj(root_span, priority, mechanism);
 }
 
-bool dd_trace_user_req_add_listeners(ddtrace_user_req_listeners *nonnull listeners)
+bool dd_trace_user_req_add_listeners(
+    ddtrace_user_req_listeners *nonnull listeners)
 {
     if (_ddtrace_user_req_add_listeners == NULL) {
         return false;

appsec/src/extension/ip_extraction.c

@@ -269,7 +269,7 @@ static bool _parse_forwarded(zend_string *nonnull zvalue, ipaddr *nonnull out)
     } state = between;
     const char *r = ZSTR_VAL(zvalue);
     const char *end = r + ZSTR_LEN(zvalue);
-    const char *start;
+    const char *start = r; // meaningless assignment to satisfy static analysis
     bool consider_value = false;
 
     // https://datatracker.ietf.org/doc/html/rfc7239#section-4

appsec/src/extension/msgpack_helpers.c

@@ -74,7 +74,10 @@ void dd_mpack_write_array(
     if (arr_type == php_array_type_sequential) {
         mpack_start_array(w, num_elems);
         zval *val;
-        ZEND_HASH_FOREACH_VAL((zend_array*)arr, val) { _mpack_write_zval(w, val); }
+        ZEND_HASH_FOREACH_VAL((zend_array *)arr, val)
+        {
+            _mpack_write_zval(w, val);
+        }
         ZEND_HASH_FOREACH_END();
         mpack_finish_array(w);
     } else {
@@ -83,7 +86,7 @@ void dd_mpack_write_array(
         zend_string *key_s;
         zend_ulong key_i;
         zval *val;
-        ZEND_HASH_FOREACH_KEY_VAL((zend_array*)arr, key_i, key_s, val)
+        ZEND_HASH_FOREACH_KEY_VAL((zend_array *)arr, key_i, key_s, val)
         {
             if (key_s) {
                 mpack_write_str(w, ZSTR_VAL(key_s), ZSTR_LEN(key_s));

appsec/src/extension/php_compat.c

@@ -20,7 +20,8 @@ static const uint32_t uninitialized_bucket[-HT_MIN_MASK] = {
     HT_INVALID_IDX, HT_INVALID_IDX};
 
 const HashTable zend_empty_array = {.gc.refcount = 2,
-    .gc.u.type_info = IS_ARRAY,
+    .gc.u.v.type = IS_ARRAY,
+    .gc.u.v.flags = IS_ARRAY_IMMUTABLE,
     .u.flags =
         HASH_FLAG_STATIC_KEYS | HASH_FLAG_INITIALIZED | HASH_FLAG_PERSISTENT,
     .nTableMask = HT_MIN_MASK,

appsec/src/extension/php_compat.h

@@ -38,8 +38,22 @@ extern const HashTable zend_empty_array;
 
 #    define GC_ADDREF(x) (++GC_REFCOUNT(x))
 #    define GC_DELREF(x) (--GC_REFCOUNT(x))
-#    define GC_TRY_ADDREF GC_ADDREF
-#    define GC_TRY_DELREF GC_DELREF
+static zend_always_inline void _gc_try_addref(zend_refcounted_h *_rc)
+{
+    struct _zend_refcounted *rc = (struct _zend_refcounted *)_rc;
+    if (!(GC_FLAGS(rc) & IS_ARRAY_IMMUTABLE)) {
+        GC_ADDREF(rc);
+    }
+}
+#    define GC_TRY_ADDREF(p) _gc_try_addref(&(p)->gc)
+static zend_always_inline void _gc_try_delref(zend_refcounted_h *_rc)
+{
+    struct _zend_refcounted *rc = (struct _zend_refcounted *)_rc;
+    if (!(GC_FLAGS(rc) & IS_ARRAY_IMMUTABLE)) {
+        GC_DELREF(rc);
+    }
+}
+#    define GC_TRY_DELREF(p) _gc_try_delref(&(p)->gc)
 
 zend_bool zend_ini_parse_bool(zend_string *str);
 #   define zend_string_efree zend_string_free
@@ -56,19 +70,21 @@ static inline HashTable *zend_new_array(uint32_t nSize) {
 #    define tsrm_env_unlock()
 #endif
 
-#if PHP_VERSION_ID >= 70300 && PHP_VERSION_ID < 80100
+#if PHP_VERSION_ID >= 70300 && PHP_VERSION_ID < 80000
 static zend_always_inline void _gc_try_addref(zend_refcounted_h *rc)
 {
     if (!(rc->u.type_info & GC_IMMUTABLE)) {
         rc->refcount++;
     }
 }
+#define GC_TRY_ADDREF(p) _gc_try_addref(&(p)->gc)
+#endif
+#if PHP_VERSION_ID >= 70300 && PHP_VERSION_ID < 80100
 static zend_always_inline void _gc_try_delref(zend_refcounted_h *rc)
 {
     if (!(rc->u.type_info & GC_IMMUTABLE)) {
         rc->refcount--;
     }
 }
-#define GC_TRY_ADDREF(p) _gc_try_addref(&(p)->gc)
 #define GC_TRY_DELREF(p) _gc_try_delref(&(p)->gc)
 #endif

appsec/src/extension/request_abort.c

@@ -139,10 +139,11 @@ static void _set_output_zstr(const zend_string *str)
     _set_output(ZSTR_VAL(str), ZSTR_LEN(str));
 }
 
-static dd_response_type _get_response_type_from_accept_header(const zend_array *nonnull _server)
+static dd_response_type _get_response_type_from_accept_header(
+    const zend_array *nonnull _server)
 {
-    const zend_string *accept_zstr = dd_php_get_string_elem_cstr(
-        _server, LSTRARG("HTTP_ACCEPT"));
+    const zend_string *accept_zstr =
+        dd_php_get_string_elem_cstr(_server, LSTRARG("HTTP_ACCEPT"));
     if (!accept_zstr) {
         mlog(dd_log_info,
             "Could not find Accept header, using default content-type");
@@ -284,7 +285,6 @@ void _request_abort_static_page(int response_code, int type)
         }
     }
 
-
     zend_string *body = NULL;
     const char *content_type;
     if (response_type == response_type_html) {