wip

Author: cataphract

appsec/src/extension/commands/client_init.c

@@ -245,7 +245,8 @@ static dd_result _process_response(
     return dd_error;
 }
 
-static void _process_meta_and_metrics(mpack_node_t root, struct req_info *nonnull ctx)
+static void _process_meta_and_metrics(
+    mpack_node_t root, struct req_info *nonnull ctx)
 {
     zend_object *span = ctx->root_span;
     if (!span) {

appsec/src/extension/commands/request_exec.c

@@ -18,7 +18,7 @@ struct ctx {
 };
 
 static dd_result _pack_command(
-    mpack_writer_t *nonnull w, ATTR_UNUSED void *nullable ctx);
+    mpack_writer_t *nonnull w, void *nonnull ctx);
 
 static const dd_command_spec _spec = {
     .name = "request_exec",
@@ -37,13 +37,13 @@ dd_result dd_request_exec(dd_conn *nonnull conn, zval *nonnull data)
         return dd_error;
     }
 
-    struct ctx ctx = { .data = data };
+    struct ctx ctx = {.data = data};
 
     return dd_command_exec(conn, &_spec, &ctx);
 }
 
 static dd_result _pack_command(
-    mpack_writer_t *nonnull w, ATTR_UNUSED void *nullable _ctx)
+    mpack_writer_t *nonnull w, void *nonnull _ctx)
 {
     assert(_ctx != NULL);
     struct ctx *ctx = _ctx;

appsec/src/extension/commands/request_init.c

@@ -22,7 +22,7 @@
 #include <zend_string.h>
 
 static dd_result _request_pack(
-    mpack_writer_t *nonnull w, void *nullable ATTR_UNUSED ctx);
+    mpack_writer_t *nonnull w, void *nonnull ctx);
 static void _init_autoglobals(void);
 static void _pack_headers(
     mpack_writer_t *nonnull w, const zend_array *nonnull server);
@@ -48,9 +48,9 @@ dd_result dd_request_init(
     return dd_command_exec(conn, &_spec, ctx);
 }
 
-static dd_result _request_pack(mpack_writer_t *nonnull w, void *nullable _ctx)
+static dd_result _request_pack(mpack_writer_t *nonnull w, void *nonnull _ctx)
 {
-    struct req_info_init *nullable ctx = _ctx;
+    struct req_info_init *nonnull ctx = _ctx;
 
     bool send_raw_body = get_global_DD_APPSEC_TESTING() &&
                          get_global_DD_APPSEC_TESTING_RAW_BODY();

appsec/src/extension/ddappsec.c

@@ -235,10 +235,7 @@ static PHP_MSHUTDOWN_FUNCTION(ddappsec)
 
 static pthread_once_t _rinit_once_control = PTHREAD_ONCE_INIT;
 
-static void _rinit_once()
-{
-    dd_config_first_rinit();
-}
+static void _rinit_once() { dd_config_first_rinit(); }
 
 // NOLINTNEXTLINE
 static PHP_RINIT_FUNCTION(ddappsec)
@@ -352,8 +349,8 @@ static void _check_enabled()
         DDAPPSEC_G(active) = false;
         DDAPPSEC_G(to_be_configured) = false;
     } else if (!dd_cfg_enable_via_remcfg()) {
-        DDAPPSEC_G(enabled) =
-            get_DD_APPSEC_ENABLED() ? APPSEC_FULLY_ENABLED : APPSEC_FULLY_DISABLED;
+        DDAPPSEC_G(enabled) = get_DD_APPSEC_ENABLED() ? APPSEC_FULLY_ENABLED
+                                                      : APPSEC_FULLY_DISABLED;
         DDAPPSEC_G(active) = get_DD_APPSEC_ENABLED() ? true : false;
         DDAPPSEC_G(to_be_configured) = false;
     } else {

appsec/src/extension/ddtrace.c

@@ -36,7 +36,8 @@ static void _register_testing_objects(void);
 static zend_object *(*nullable _ddtrace_get_root_span)(void);
 static void (*nullable _ddtrace_close_all_spans_and_flush)(void);
 static void (*nullable _ddtrace_set_priority_sampling_on_span_zobj)(
-    zend_object *nonnull zobj, zend_long priority, enum dd_sampling_mechanism mechanism);
+    zend_object *nonnull zobj, zend_long priority,
+    enum dd_sampling_mechanism mechanism);
 
 static bool (*nullable _ddtrace_user_req_add_listeners)(
     ddtrace_user_req_listeners *listeners);
@@ -64,7 +65,7 @@ static void dd_trace_load_symbols(void)
     _ddtrace_get_root_span = dlsym(handle, "ddtrace_get_root_span");
     if (_ddtrace_get_root_span == NULL && !testing) {
         mlog(dd_log_error, "Failed to load ddtrace_get_root_span: %s",
-            dlerror()); // NOLINT(concurrency-mt-unsafe) 
+            dlerror()); // NOLINT(concurrency-mt-unsafe)
     }
 
     _ddtrace_runtime_id = dlsym(handle, "ddtrace_runtime_id");
@@ -245,8 +246,8 @@ static zval *_get_span_modifiable_array_property(
     ZVAL_OBJ(&obj, zobj);
     zval prop;
     ZVAL_STR(&prop, propname);
-    zval *res = zobj->handlers->get_property_ptr_ptr(&obj, &prop, BP_VAR_R,
-        NULL);
+    zval *res =
+        zobj->handlers->get_property_ptr_ptr(&obj, &prop, BP_VAR_R, NULL);
 
 #endif
 
@@ -314,7 +315,8 @@ void dd_trace_set_priority_sampling_on_span_zobj(zend_object *nonnull root_span,
     _ddtrace_set_priority_sampling_on_span_zobj(root_span, priority, mechanism);
 }
 
-bool dd_trace_user_req_add_listeners(ddtrace_user_req_listeners *nonnull listeners)
+bool dd_trace_user_req_add_listeners(
+    ddtrace_user_req_listeners *nonnull listeners)
 {
     if (_ddtrace_user_req_add_listeners == NULL) {
         return false;

appsec/src/extension/ip_extraction.c

@@ -269,7 +269,7 @@ static bool _parse_forwarded(zend_string *nonnull zvalue, ipaddr *nonnull out)
     } state = between;
     const char *r = ZSTR_VAL(zvalue);
     const char *end = r + ZSTR_LEN(zvalue);
-    const char *start;
+    const char *start = r; // meaningless assignment to satisfy static analysis
     bool consider_value = false;
 
     // https://datatracker.ietf.org/doc/html/rfc7239#section-4

appsec/src/extension/msgpack_helpers.c

@@ -74,7 +74,10 @@ void dd_mpack_write_array(
     if (arr_type == php_array_type_sequential) {
         mpack_start_array(w, num_elems);
         zval *val;
-        ZEND_HASH_FOREACH_VAL((zend_array*)arr, val) { _mpack_write_zval(w, val); }
+        ZEND_HASH_FOREACH_VAL((zend_array *)arr, val)
+        {
+            _mpack_write_zval(w, val);
+        }
         ZEND_HASH_FOREACH_END();
         mpack_finish_array(w);
     } else {
@@ -83,7 +86,7 @@ void dd_mpack_write_array(
         zend_string *key_s;
         zend_ulong key_i;
         zval *val;
-        ZEND_HASH_FOREACH_KEY_VAL((zend_array*)arr, key_i, key_s, val)
+        ZEND_HASH_FOREACH_KEY_VAL((zend_array *)arr, key_i, key_s, val)
         {
             if (key_s) {
                 mpack_write_str(w, ZSTR_VAL(key_s), ZSTR_LEN(key_s));

appsec/src/extension/php_compat.c

@@ -20,7 +20,8 @@ static const uint32_t uninitialized_bucket[-HT_MIN_MASK] = {
     HT_INVALID_IDX, HT_INVALID_IDX};
 
 const HashTable zend_empty_array = {.gc.refcount = 2,
-    .gc.u.type_info = IS_ARRAY,
+    .gc.u.v.type = IS_ARRAY,
+    .gc.u.v.flags = IS_ARRAY_IMMUTABLE,
     .u.flags =
         HASH_FLAG_STATIC_KEYS | HASH_FLAG_INITIALIZED | HASH_FLAG_PERSISTENT,
     .nTableMask = HT_MIN_MASK,

appsec/src/extension/php_compat.h

@@ -38,8 +38,22 @@ extern const HashTable zend_empty_array;
 
 #    define GC_ADDREF(x) (++GC_REFCOUNT(x))
 #    define GC_DELREF(x) (--GC_REFCOUNT(x))
-#    define GC_TRY_ADDREF GC_ADDREF
-#    define GC_TRY_DELREF GC_DELREF
+static zend_always_inline void _gc_try_addref(zend_refcounted_h *_rc)
+{
+    struct _zend_refcounted *rc = (struct _zend_refcounted *)_rc;
+    if (!(GC_FLAGS(rc) & IS_ARRAY_IMMUTABLE)) {
+        GC_ADDREF(rc);
+    }
+}
+#    define GC_TRY_ADDREF(p) _gc_try_addref(&(p)->gc)
+static zend_always_inline void _gc_try_delref(zend_refcounted_h *_rc)
+{
+    struct _zend_refcounted *rc = (struct _zend_refcounted *)_rc;
+    if (!(GC_FLAGS(rc) & IS_ARRAY_IMMUTABLE)) {
+        GC_DELREF(rc);
+    }
+}
+#    define GC_TRY_DELREF(p) _gc_try_delref(&(p)->gc)
 
 zend_bool zend_ini_parse_bool(zend_string *str);
 #   define zend_string_efree zend_string_free
@@ -56,19 +70,21 @@ static inline HashTable *zend_new_array(uint32_t nSize) {
 #    define tsrm_env_unlock()
 #endif
 
-#if PHP_VERSION_ID >= 70300 && PHP_VERSION_ID < 80100
+#if PHP_VERSION_ID >= 70300 && PHP_VERSION_ID < 80000
 static zend_always_inline void _gc_try_addref(zend_refcounted_h *rc)
 {
     if (!(rc->u.type_info & GC_IMMUTABLE)) {
         rc->refcount++;
     }
 }
+#define GC_TRY_ADDREF(p) _gc_try_addref(&(p)->gc)
+#endif
+#if PHP_VERSION_ID >= 70300 && PHP_VERSION_ID < 80100
 static zend_always_inline void _gc_try_delref(zend_refcounted_h *rc)
 {
     if (!(rc->u.type_info & GC_IMMUTABLE)) {
         rc->refcount--;
     }
 }
-#define GC_TRY_ADDREF(p) _gc_try_addref(&(p)->gc)
 #define GC_TRY_DELREF(p) _gc_try_delref(&(p)->gc)
 #endif

appsec/src/extension/request_abort.c

@@ -139,10 +139,11 @@ static void _set_output_zstr(const zend_string *str)
     _set_output(ZSTR_VAL(str), ZSTR_LEN(str));
 }
 
-static dd_response_type _get_response_type_from_accept_header(const zend_array *nonnull _server)
+static dd_response_type _get_response_type_from_accept_header(
+    const zend_array *nonnull _server)
 {
-    const zend_string *accept_zstr = dd_php_get_string_elem_cstr(
-        _server, LSTRARG("HTTP_ACCEPT"));
+    const zend_string *accept_zstr =
+        dd_php_get_string_elem_cstr(_server, LSTRARG("HTTP_ACCEPT"));
     if (!accept_zstr) {
         mlog(dd_log_info,
             "Could not find Accept header, using default content-type");
@@ -284,7 +285,6 @@ void _request_abort_static_page(int response_code, int type)
         }
     }
 
-
     zend_string *body = NULL;
     const char *content_type;
     if (response_type == response_type_html) {

appsec/src/extension/request_abort.h

@@ -28,4 +28,4 @@ void dd_request_abort_static_page(void);
 zend_array *nonnull dd_request_abort_static_page_spec(
     const zend_array *nonnull);
 void dd_request_abort_redirect(void);
-zend_array *nonnull dd_request_abort_redirect_spec();
+zend_array *nonnull dd_request_abort_redirect_spec(void);

appsec/src/extension/request_lifecycle.c

@@ -45,10 +45,7 @@ static THREAD_LOCAL_ON_ZTS zval _blocking_function;
 static THREAD_LOCAL_ON_ZTS bool _shutdown_done_on_commit;
 #define CLIENT_IP_LOOKUP_FAILED ((zend_string *)-1)
 
-bool dd_req_is_user_req()
-{
-    return _enabled_user_req;
-}
+bool dd_req_is_user_req() { return _enabled_user_req; }
 
 void dd_req_lifecycle_startup()
 {
@@ -107,10 +104,7 @@ void dd_req_lifecycle_rinit(bool force)
     _do_request_begin_php();
 }
 
-static void _do_request_begin_php()
-{
-    (void) _do_request_begin(false);
-}
+static void _do_request_begin_php() { (void)_do_request_begin(false); }
 
 static zend_array *nullable _do_request_begin_user_req()
 {
@@ -248,9 +242,9 @@ static void _do_request_finish_php(bool ignore_verdict)
     }
 }
 
-static zend_array *_do_request_finish_user_req(
-    bool ignore_verdict, zend_array *nonnull superglob_equiv,
-    int status_code, zend_array *nullable resp_headers)
+static zend_array *_do_request_finish_user_req(bool ignore_verdict,
+    zend_array *nonnull superglob_equiv, int status_code,
+    zend_array *nullable resp_headers)
 {
     int verdict = dd_success;
     dd_conn *conn = dd_helper_mgr_cur_conn();
@@ -410,10 +404,10 @@ static zend_array *nullable _response_commit(
     }
 
     if (!_cur_req_span) {
-        mlog(
-            dd_log_warning, "Request commit callback called, but there is no "
-                            "root span currently associated through the "
-                            "request started span (or it was cleared already)");
+        mlog(dd_log_warning,
+            "Request commit callback called, but there is no "
+            "root span currently associated through the "
+            "request started span (or it was cleared already)");
         return NULL;
     }
     if (_cur_req_span != span) {
@@ -455,11 +449,11 @@ static void _finish_user_req(
     }
 
     if (_cur_req_span == NULL) {
-        mlog(
-            dd_log_warning, "Request finished callback called, but there is no "
-                            "root span currently associated through the "
-                            "request started span (or it was cleared already). "
-                            "Resetting");
+        mlog(dd_log_warning,
+            "Request finished callback called, but there is no "
+            "root span currently associated through the "
+            "request started span (or it was cleared already). "
+            "Resetting");
         _reset_globals();
         return;
     }
@@ -492,7 +486,7 @@ const zend_array *nonnull _get_server_equiv(
 }
 
 static void _set_blocking_function(ddtrace_user_req_listeners *nonnull self,
-        zend_object *nonnull span, zval *nonnull blocking_function)
+    zend_object *nonnull span, zval *nonnull blocking_function)
 {
     UNUSED(self);
 
@@ -549,8 +543,10 @@ void dd_req_call_blocking_function(dd_result res)
     } else if (res == dd_should_redirect) {
         spec = dd_request_abort_redirect_spec(sv);
     } else {
-        mlog(dd_log_warning, "dd_req_call_blocking_function called with "
-                             "invalid result %d", res);
+        mlog(dd_log_warning,
+            "dd_req_call_blocking_function called with "
+            "invalid result %d",
+            res);
     }
     assert(spec != NULL);
 

appsec/src/extension/tags.c

@@ -344,8 +344,8 @@ void dd_tags_add_tags(
     _set_runtime_family(span);
 
     if (_force_keep) {
-        dd_trace_set_priority_sampling_on_span_zobj(span,
-            PRIORITY_SAMPLING_USER_KEEP, DD_MECHANISM_MANUAL);
+        dd_trace_set_priority_sampling_on_span_zobj(
+            span, PRIORITY_SAMPLING_USER_KEEP, DD_MECHANISM_MANUAL);
         mlog(dd_log_debug, "Updated sampling priority to user_keep");
     }
 
@@ -454,7 +454,8 @@ static void _dd_response_headers(zend_array *meta_ht);
 static void _dd_event_user_id(zend_array *meta_ht);
 static void _dd_appsec_blocked(zend_array *meta_ht);
 
-static void _add_basic_ancillary_tags(zend_object *nonnull span, const zend_array *nonnull server)
+static void _add_basic_ancillary_tags(
+    zend_object *nonnull span, const zend_array *nonnull server)
 {
     zval *nullable meta = dd_trace_span_get_meta(span);
     if (!meta) {
@@ -795,8 +796,8 @@ static zend_string *nullable _is_relevant_resp_header(
 
 void _set_runtime_family(zend_object *nonnull span)
 {
-    bool res = dd_trace_span_add_tag_str(span,
-        LSTRARG(DD_TAG_RUNTIME_FAMILY), LSTRARG("php"));
+    bool res = dd_trace_span_add_tag_str(
+        span, LSTRARG(DD_TAG_RUNTIME_FAMILY), LSTRARG("php"));
     if (!res && !get_global_DD_APPSEC_TESTING()) {
         mlog(dd_log_warning,
             "Failed to add " DD_TAG_RUNTIME_FAMILY " to root span");
@@ -995,7 +996,6 @@ static PHP_FUNCTION(datadog_appsec_track_user_login_success_event)
         }
     }
 
-
     zval *nullable meta = _root_span_get_meta();
     if (!meta) {
         return;
@@ -1071,7 +1071,6 @@ static PHP_FUNCTION(datadog_appsec_track_user_login_failure_event)
         }
     }
 
-
     zval *nullable meta = _root_span_get_meta();
     if (!meta) {
         return;
@@ -1137,7 +1136,6 @@ static PHP_FUNCTION(datadog_appsec_track_custom_event)
         return;
     }
 
-
     zval *nullable meta = _root_span_get_meta();
     if (!meta) {
         return;

appsec/src/helper/remote_config/http_api.cpp

@@ -69,7 +69,7 @@ std::string execute_request(const std::string &host, const std::string &port,
         // If we get here then the connection is closed gracefully
     } catch (std::exception const &e) {
         auto sv = request.target();
-        std::string err{sv.data(), sv.size()};
+        const std::string err{sv.data(), sv.size()};
         SPDLOG_ERROR("Connection error - {} - {}", err, e.what());
         throw dds::remote_config::network_exception(
             "Connection error - " + err + " - " + e.what());