From dc408806639022429f1251a43432186c067aeb9c Mon Sep 17 00:00:00 2001 From: Ervin Hegedus Date: Wed, 12 Mar 2025 20:45:47 +0100 Subject: [PATCH 1/6] Fix cppcheck error in example multi.c --- examples/multiprocess_c/multi.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/examples/multiprocess_c/multi.c b/examples/multiprocess_c/multi.c index 2481db4e56..6fb0cbf54e 100644 --- a/examples/multiprocess_c/multi.c +++ b/examples/multiprocess_c/multi.c @@ -38,7 +38,7 @@ RulesSet *rules = NULL; ModSecurity *modsec = NULL; -void process_special_request (int j) { +static void process_special_request (int j) { Transaction *transaction; transaction = msc_new_transaction(modsec, rules, NULL); @@ -60,7 +60,7 @@ void process_special_request (int j) { msc_transaction_cleanup(transaction); } -void process_request (int j) { +static void process_request (int j) { int i; for (i = 0; i < REQUESTS_PER_PROCESS; i++) { From d3c1ad71771fc84ba3100c65485a17345909b840 Mon Sep 17 00:00:00 2001 From: Ervin Hegedus Date: Wed, 12 Mar 2025 22:07:46 +0100 Subject: [PATCH 2/6] Make utf variable const pointer --- src/actions/transformations/utf8_to_unicode.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/actions/transformations/utf8_to_unicode.cc b/src/actions/transformations/utf8_to_unicode.cc index 4b01583e7c..263c782bf6 100644 --- a/src/actions/transformations/utf8_to_unicode.cc +++ b/src/actions/transformations/utf8_to_unicode.cc @@ -46,7 +46,7 @@ static inline bool encode(std::string &value) { int unicode_len = 0; unsigned int d = 0; unsigned char c; - auto utf = &input[i]; + const auto* utf = &input[i]; c = *utf; From dbdd6318ff5a1664c5022a58732c64d20eb9ac5b Mon Sep 17 00:00:00 2001 From: Ervin Hegedus Date: Wed, 12 Mar 2025 22:09:51 +0100 Subject: [PATCH 3/6] Replace C pointers by shared pointer in fuzzy_hash op code --- src/operators/fuzzy_hash.cc | 24 ++++++++---------------- src/operators/fuzzy_hash.h | 6 +++--- 2 files changed, 11 insertions(+), 19 deletions(-) diff --git a/src/operators/fuzzy_hash.cc b/src/operators/fuzzy_hash.cc index df31a98c2b..e2f5ae96fe 100644 --- a/src/operators/fuzzy_hash.cc +++ b/src/operators/fuzzy_hash.cc @@ -28,7 +28,7 @@ bool FuzzyHash::init(const std::string ¶m2, std::string *error) { std::string digit; std::string file; std::istream *iss; - struct fuzzy_hash_chunk *chunk, *t; + std::shared_ptr chunk, t; std::string err; auto pos = m_param.find_last_of(' '); @@ -55,11 +55,10 @@ bool FuzzyHash::init(const std::string ¶m2, std::string *error) { } for (std::string line; std::getline(*iss, line); ) { - chunk = (struct fuzzy_hash_chunk *)calloc(1, - sizeof(struct fuzzy_hash_chunk)); + chunk = std::make_shared(); - chunk->data = strdup(line.c_str()); - chunk->next = NULL; + chunk->data = std::shared_ptr(strdup(line.c_str()), free); + chunk->next = nullptr; if (m_head == NULL) { m_head = chunk; @@ -84,22 +83,15 @@ bool FuzzyHash::init(const std::string ¶m2, std::string *error) { } FuzzyHash::~FuzzyHash() { - struct fuzzy_hash_chunk *c = m_head; - while (c) { - struct fuzzy_hash_chunk *t = c; - free(c->data); - c->data = NULL; - c = c->next; - free(t); - } - m_head = NULL; + } bool FuzzyHash::evaluate(Transaction *t, const std::string &str) { #ifdef WITH_SSDEEP char result[FUZZY_MAX_RESULT]; - struct fuzzy_hash_chunk *chunk = m_head; + std::shared_ptr chunk = m_head; + if (fuzzy_hash_buf((const unsigned char*)str.c_str(), str.size(), result)) { @@ -108,7 +100,7 @@ bool FuzzyHash::evaluate(Transaction *t, const std::string &str) { } while (chunk != NULL) { - int i = fuzzy_compare(chunk->data, result); + int i = fuzzy_compare(chunk->data.get(), result); if (i >= m_threshold) { ms_dbg_a(t, 4, "Fuzzy hash: matched " \ "with score: " + std::to_string(i) + "."); diff --git a/src/operators/fuzzy_hash.h b/src/operators/fuzzy_hash.h index 10a0ca6dc0..3b973875dc 100644 --- a/src/operators/fuzzy_hash.h +++ b/src/operators/fuzzy_hash.h @@ -31,8 +31,8 @@ namespace operators { struct fuzzy_hash_chunk { - char *data; - struct fuzzy_hash_chunk *next; + std::shared_ptr data; + std::shared_ptr next; }; class FuzzyHash : public Operator { @@ -49,7 +49,7 @@ class FuzzyHash : public Operator { bool init(const std::string ¶m, std::string *error) override; private: int m_threshold; - struct fuzzy_hash_chunk *m_head; + std::shared_ptr m_head; }; } // namespace operators From c3c2c6f280af2364359cc09c01196fa9dcd38965 Mon Sep 17 00:00:00 2001 From: Ervin Hegedus Date: Wed, 12 Mar 2025 22:19:00 +0100 Subject: [PATCH 4/6] Make variable const pointer --- src/request_body_processor/multipart.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/request_body_processor/multipart.cc b/src/request_body_processor/multipart.cc index fd140329b8..cde76a5f2e 100644 --- a/src/request_body_processor/multipart.cc +++ b/src/request_body_processor/multipart.cc @@ -1638,7 +1638,7 @@ bool Multipart::process(const std::string& data, std::string *error, } } else { /* It looks like a boundary but */ /* we couldn't match it. */ - char *p = NULL; + const char *p = NULL; /* Check if an attempt to use quotes around the * boundary was made. */ From 42280d213dcf0fcbfc84f00685e21c764f94c93d Mon Sep 17 00:00:00 2001 From: Ervin Hegedus Date: Wed, 12 Mar 2025 22:26:29 +0100 Subject: [PATCH 5/6] Make function argument const pointer --- headers/modsecurity/rules_exceptions.h | 4 ++-- src/rules_exceptions.cc | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/headers/modsecurity/rules_exceptions.h b/headers/modsecurity/rules_exceptions.h index 8d513e76d6..8395048d69 100644 --- a/headers/modsecurity/rules_exceptions.h +++ b/headers/modsecurity/rules_exceptions.h @@ -53,8 +53,8 @@ class RulesExceptions { bool contains(int a); bool merge(RulesExceptions *from); - bool loadRemoveRuleByMsg(const std::string &msg, std::string *error); - bool loadRemoveRuleByTag(const std::string &msg, std::string *error); + bool loadRemoveRuleByMsg(const std::string &msg, const std::string *error); + bool loadRemoveRuleByTag(const std::string &msg, const std::string *error); bool loadUpdateTargetByMsg(const std::string &msg, std::unique_ptr > > v, diff --git a/src/rules_exceptions.cc b/src/rules_exceptions.cc index 1545571c18..2fb0cf857f 100644 --- a/src/rules_exceptions.cc +++ b/src/rules_exceptions.cc @@ -58,7 +58,7 @@ bool RulesExceptions::loadUpdateActionById(double id, bool RulesExceptions::loadRemoveRuleByMsg(const std::string &msg, - std::string *error) { + const std::string *error) { m_remove_rule_by_msg.push_back(msg); return true; @@ -66,7 +66,7 @@ bool RulesExceptions::loadRemoveRuleByMsg(const std::string &msg, bool RulesExceptions::loadRemoveRuleByTag(const std::string &msg, - std::string *error) { + const std::string *error) { m_remove_rule_by_tag.push_back(msg); return true; From 8f00f4700f4a00e4269a73cc26a909557a20eff0 Mon Sep 17 00:00:00 2001 From: Ervin Hegedus Date: Wed, 12 Mar 2025 23:07:43 +0100 Subject: [PATCH 6/6] Make destructor default; remove impmelentation --- src/operators/fuzzy_hash.cc | 5 ----- src/operators/fuzzy_hash.h | 2 +- 2 files changed, 1 insertion(+), 6 deletions(-) diff --git a/src/operators/fuzzy_hash.cc b/src/operators/fuzzy_hash.cc index e2f5ae96fe..61ea2821e5 100644 --- a/src/operators/fuzzy_hash.cc +++ b/src/operators/fuzzy_hash.cc @@ -82,11 +82,6 @@ bool FuzzyHash::init(const std::string ¶m2, std::string *error) { #endif } -FuzzyHash::~FuzzyHash() { - -} - - bool FuzzyHash::evaluate(Transaction *t, const std::string &str) { #ifdef WITH_SSDEEP char result[FUZZY_MAX_RESULT]; diff --git a/src/operators/fuzzy_hash.h b/src/operators/fuzzy_hash.h index 3b973875dc..b78054f5f8 100644 --- a/src/operators/fuzzy_hash.h +++ b/src/operators/fuzzy_hash.h @@ -42,7 +42,7 @@ class FuzzyHash : public Operator { : Operator("FuzzyHash", std::move(param)), m_threshold(0), m_head(NULL) { } - ~FuzzyHash() override; + ~FuzzyHash() override = default; bool evaluate(Transaction *transaction, const std::string &std) override;