diff --git a/headers/modsecurity/anchored_set_variable_translation_proxy.h b/headers/modsecurity/anchored_set_variable_translation_proxy.h index 37767b980..e5b3ff943 100644 --- a/headers/modsecurity/anchored_set_variable_translation_proxy.h +++ b/headers/modsecurity/anchored_set_variable_translation_proxy.h @@ -43,7 +43,8 @@ class AnchoredSetVariableTranslationProxy { m_fount(fount) { m_translate = [](const std::string *name, std::vector *l) { - for (int i = 0; i < l->size(); ++i) { + for (std::vector::size_type i = 0; + i < l->size(); ++i) { VariableValue *newVariableValue = new VariableValue(name, &l->at(i)->getKey(), &l->at(i)->getKey()); const VariableValue *oldVariableValue = l->at(i); l->at(i) = newVariableValue; diff --git a/headers/modsecurity/intervention.h b/headers/modsecurity/intervention.h index af88e8581..f6280b4f1 100644 --- a/headers/modsecurity/intervention.h +++ b/headers/modsecurity/intervention.h @@ -30,33 +30,33 @@ typedef struct ModSecurityIntervention_t { #ifdef __cplusplus namespace intervention { - static void reset(ModSecurityIntervention_t *i) { + inline void reset(ModSecurityIntervention_t *i) { i->status = 200; i->pause = 0; i->disruptive = 0; } - static void clean(ModSecurityIntervention_t *i) { + inline void clean(ModSecurityIntervention_t *i) { i->url = NULL; i->log = NULL; reset(i); } - static void freeUrl(ModSecurityIntervention_t *i) { + inline void freeUrl(ModSecurityIntervention_t *i) { if (i->url) { free(i->url); i->url = NULL; } } - static void freeLog(ModSecurityIntervention_t *i) { + inline void freeLog(ModSecurityIntervention_t *i) { if (i->log) { free(i->log); i->log = NULL; } } - static void free(ModSecurityIntervention_t *i) { + inline void free(ModSecurityIntervention_t *i) { freeUrl(i); freeLog(i); } diff --git a/src/actions/init_col.cc b/src/actions/init_col.cc index 0c6fafe95..d1ca8b3d3 100644 --- a/src/actions/init_col.cc +++ b/src/actions/init_col.cc @@ -28,7 +28,7 @@ namespace actions { bool InitCol::init(std::string *error) { - int posEquals = m_parser_payload.find("="); + const std::string::size_type posEquals = m_parser_payload.find("="); if (m_parser_payload.size() < 2) { error->assign("Something wrong with initcol format: too small"); diff --git a/src/actions/transformations/compress_whitespace.cc b/src/actions/transformations/compress_whitespace.cc index a9b31c962..b2904f743 100644 --- a/src/actions/transformations/compress_whitespace.cc +++ b/src/actions/transformations/compress_whitespace.cc @@ -38,8 +38,9 @@ bool CompressWhitespace::transform(std::string &value, const Transaction *trans) } } - const auto new_len = d - value.c_str(); - const auto changed = new_len != value.length(); + const std::string::size_type new_len = static_cast( + d - value.data()); + const bool changed = new_len != value.length(); value.resize(new_len); return changed; } diff --git a/src/actions/transformations/html_entity_decode.cc b/src/actions/transformations/html_entity_decode.cc index b537ba356..5a0167881 100644 --- a/src/actions/transformations/html_entity_decode.cc +++ b/src/actions/transformations/html_entity_decode.cc @@ -154,7 +154,7 @@ static inline bool inplace(std::string &value) { HTML_ENT_OUT: - for (auto z = 0; z < copy; z++) { + for (std::string::size_type z = 0; z < copy; z++) { *d++ = input[i++]; } } diff --git a/src/actions/transformations/utf8_to_unicode.cc b/src/actions/transformations/utf8_to_unicode.cc index 263c782bf..2ba83229a 100644 --- a/src/actions/transformations/utf8_to_unicode.cc +++ b/src/actions/transformations/utf8_to_unicode.cc @@ -76,13 +76,13 @@ static inline bool encode(std::string &value) { unicode_len = 2; count += 6; if (count <= len) { - int length = 0; + size_t length = 0; /* compute character number */ d = ((c & 0x1F) << 6) | (*(utf + 1) & 0x3F); *data++ = '%'; *data++ = 'u'; snprintf(reinterpret_cast(unicode), - sizeof(reinterpret_cast(unicode)), + sizeof(unicode), "%x", d); length = strlen(reinterpret_cast(unicode)); @@ -104,7 +104,7 @@ static inline bool encode(std::string &value) { break; } - for (std::string::size_type j = 0; j < length; j++) { + for (size_t j = 0; j < length; j++) { *data++ = unicode[j]; } @@ -126,7 +126,7 @@ static inline bool encode(std::string &value) { unicode_len = 3; count+=6; if (count <= len) { - int length = 0; + size_t length = 0; /* compute character number */ d = ((c & 0x0F) << 12) | ((*(utf + 1) & 0x3F) << 6) @@ -134,7 +134,7 @@ static inline bool encode(std::string &value) { *data++ = '%'; *data++ = 'u'; snprintf(reinterpret_cast(unicode), - sizeof(reinterpret_cast(unicode)), + sizeof(unicode), "%x", d); length = strlen(reinterpret_cast(unicode)); @@ -156,7 +156,7 @@ static inline bool encode(std::string &value) { break; } - for (std::string::size_type j = 0; j < length; j++) { + for (size_t j = 0; j < length; j++) { *data++ = unicode[j]; } @@ -187,7 +187,7 @@ static inline bool encode(std::string &value) { unicode_len = 4; count+=7; if (count <= len) { - int length = 0; + size_t length = 0; /* compute character number */ d = ((c & 0x07) << 18) | ((*(utf + 1) & 0x3F) << 12) @@ -196,7 +196,7 @@ static inline bool encode(std::string &value) { *data++ = '%'; *data++ = 'u'; snprintf(reinterpret_cast(unicode), - sizeof(reinterpret_cast(unicode)), + sizeof(unicode), "%x", d); length = strlen(reinterpret_cast(unicode)); @@ -218,7 +218,7 @@ static inline bool encode(std::string &value) { break; } - for (std::string::size_type j = 0; j < length; j++) { + for (size_t j = 0; j < length; j++) { *data++ = unicode[j]; } diff --git a/src/modsecurity.cc b/src/modsecurity.cc index 8f943b7f7..b241be5dc 100644 --- a/src/modsecurity.cc +++ b/src/modsecurity.cc @@ -268,7 +268,7 @@ int ModSecurity::processContentOffset(const char *content, size_t len, size.size()); yajl_gen_map_close(g); - if (stoi(startingAt) >= len) { + if (static_cast(stoi(startingAt)) >= len) { *err = "Offset is out of the content limits."; return -1; } @@ -347,7 +347,7 @@ int ModSecurity::processContentOffset(const char *content, size_t len, size.size()); yajl_gen_map_close(g); - if (stoi(startingAt) >= varValue.size()) { + if (static_cast(stoi(startingAt)) >= varValue.size()) { *err = "Offset is out of the variable limits."; return -1; } diff --git a/src/operators/pm_from_file.cc b/src/operators/pm_from_file.cc index 52651e95c..6d0726d4b 100644 --- a/src/operators/pm_from_file.cc +++ b/src/operators/pm_from_file.cc @@ -33,7 +33,7 @@ bool PmFromFile::isComment(const std::string &s) { } size_t pos = s.find("#"); if (pos != std::string::npos) { - for (int i = 0; i < pos; i++) { + for (size_t i = 0; i < pos; i++) { if (!std::isspace(s[i])) { return false; } diff --git a/src/operators/rx.h b/src/operators/rx.h index 03d33700c..322f455eb 100644 --- a/src/operators/rx.h +++ b/src/operators/rx.h @@ -37,8 +37,8 @@ class Rx : public Operator { public: /** @ingroup ModSecurity_Operator */ explicit Rx(std::unique_ptr param) - : m_re(nullptr), - Operator("Rx", std::move(param)) { + : Operator("Rx", std::move(param)), + m_re(nullptr) { m_couldContainsMacro = true; } diff --git a/src/operators/rx_global.h b/src/operators/rx_global.h index e41ff2781..73cd55640 100644 --- a/src/operators/rx_global.h +++ b/src/operators/rx_global.h @@ -37,8 +37,8 @@ class RxGlobal : public Operator { public: /** @ingroup ModSecurity_Operator */ explicit RxGlobal(std::unique_ptr param) - : m_re(nullptr), - Operator("RxGlobal", std::move(param)) { + : Operator("RxGlobal", std::move(param)), + m_re(nullptr) { m_couldContainsMacro = true; } diff --git a/src/operators/validate_url_encoding.cc b/src/operators/validate_url_encoding.cc index 65a3a328b..362e9f3fa 100644 --- a/src/operators/validate_url_encoding.cc +++ b/src/operators/validate_url_encoding.cc @@ -25,14 +25,13 @@ namespace operators { int ValidateUrlEncoding::validate_url_encoding(const char *input, uint64_t input_length, size_t *offset) { - int i; + uint64_t i = 0; *offset = 0; if ((input == NULL) || (input_length == 0)) { return -1; } - i = 0; while (i < input_length) { if (input[i] == '%') { if (i + 2 >= input_length) { diff --git a/src/parser/driver.cc b/src/parser/driver.cc index a193e7bcd..22c46b713 100644 --- a/src/parser/driver.cc +++ b/src/parser/driver.cc @@ -108,7 +108,7 @@ int Driver::addSecRule(std::unique_ptr r) { for (int i = 0; i < modsecurity::Phases::NUMBER_OF_PHASES; i++) { const Rules *rules = m_rulesSetPhases[i]; - for (int j = 0; j < rules->size(); j++) { + for (size_t j = 0; j < rules->size(); j++) { const RuleWithOperator *lr = dynamic_cast(rules->at(j).get()); if (lr && lr->m_ruleId == rule->m_ruleId) { m_parserError << "Rule id: " << std::to_string(rule->m_ruleId) \ diff --git a/src/parser/seclang-parser.yy b/src/parser/seclang-parser.yy index c3aa5bc4b..762933934 100644 --- a/src/parser/seclang-parser.yy +++ b/src/parser/seclang-parser.yy @@ -2588,7 +2588,6 @@ var: | RUN_TIME_VAR_DUR { std::string name($1); - char z = name.at(0); std::unique_ptr c(new Duration(name)); $$ = std::move(c); } @@ -2596,84 +2595,72 @@ var: | RUN_TIME_VAR_BLD { std::string name($1); - char z = name.at(0); std::unique_ptr c(new ModsecBuild(name)); $$ = std::move(c); } | RUN_TIME_VAR_HSV { std::string name($1); - char z = name.at(0); std::unique_ptr c(new HighestSeverity(name)); $$ = std::move(c); } | RUN_TIME_VAR_REMOTE_USER { std::string name($1); - char z = name.at(0); std::unique_ptr c(new RemoteUser(name)); $$ = std::move(c); } | RUN_TIME_VAR_TIME { std::string name($1); - char z = name.at(0); std::unique_ptr c(new Time(name)); $$ = std::move(c); } | RUN_TIME_VAR_TIME_DAY { std::string name($1); - char z = name.at(0); std::unique_ptr c(new TimeDay(name)); $$ = std::move(c); } | RUN_TIME_VAR_TIME_EPOCH { std::string name($1); - char z = name.at(0); std::unique_ptr c(new TimeEpoch(name)); $$ = std::move(c); } | RUN_TIME_VAR_TIME_HOUR { std::string name($1); - char z = name.at(0); std::unique_ptr c(new TimeHour(name)); $$ = std::move(c); } | RUN_TIME_VAR_TIME_MIN { std::string name($1); - char z = name.at(0); std::unique_ptr c(new TimeMin(name)); $$ = std::move(c); } | RUN_TIME_VAR_TIME_MON { std::string name($1); - char z = name.at(0); std::unique_ptr c(new TimeMon(name)); $$ = std::move(c); } | RUN_TIME_VAR_TIME_SEC { std::string name($1); - char z = name.at(0); std::unique_ptr c(new TimeSec(name)); $$ = std::move(c); } | RUN_TIME_VAR_TIME_WDAY { std::string name($1); - char z = name.at(0); std::unique_ptr c(new TimeWDay(name)); $$ = std::move(c); } | RUN_TIME_VAR_TIME_YEAR { std::string name($1); - char z = name.at(0); std::unique_ptr c(new TimeYear(name)); $$ = std::move(c); } diff --git a/src/request_body_processor/multipart.cc b/src/request_body_processor/multipart.cc index 4fd7a13fc..0e0485c53 100644 --- a/src/request_body_processor/multipart.cc +++ b/src/request_body_processor/multipart.cc @@ -558,7 +558,7 @@ int Multipart::process_part_data(std::string *error, size_t offset) { /* check if the file limit has been reached */ if (extract && m_transaction->m_rules->m_uploadFileLimit.m_value - && (m_nfiles >= + && (static_cast(m_nfiles) >= m_transaction->m_rules->m_uploadFileLimit.m_value)) { if (m_flag_file_limit_exceeded == 0) { ms_dbg_a(m_transaction, 1, diff --git a/src/rules_set.cc b/src/rules_set.cc index 96bfa689a..f7545c659 100644 --- a/src/rules_set.cc +++ b/src/rules_set.cc @@ -144,7 +144,7 @@ int RulesSet::evaluate(int phase, Transaction *t) { t->m_allowType = actions::disruptive::NoneAllowType; //} - for (int i = 0; i < rules->size(); i++) { + for (size_t i = 0; i < rules->size(); i++) { // FIXME: This is not meant to be here. At the end of this refactoring, // the shared pointer won't be used. auto rule = rules->at(i); diff --git a/src/transaction.cc b/src/transaction.cc index 8a83e12f3..4ae214185 100644 --- a/src/transaction.cc +++ b/src/transaction.cc @@ -118,7 +118,8 @@ Transaction::Transaction(ModSecurity *ms, RulesSet *rules, const char *id, void Transaction::Transaction(ModSecurity *ms, RulesSet *rules, const char *id, void *logCbData, const time_t timestamp) - : m_creationTimeStamp(utils::cpu_seconds()), + : TransactionAnchoredVariables(this), + m_creationTimeStamp(utils::cpu_seconds()), m_ARGScombinedSizeDouble(0), m_clientPort(0), m_highestSeverityAction(255), @@ -149,8 +150,7 @@ Transaction::Transaction(ModSecurity *ms, RulesSet *rules, const char *id, #endif m_secRuleEngine(RulesSetProperties::PropertyNotSetRuleEngine), m_secXMLParseXmlIntoArgs(rules->m_secXMLParseXmlIntoArgs), - m_logCbData(logCbData), - TransactionAnchoredVariables(this) { + m_logCbData(logCbData) { m_variableUrlEncodedError.set("0", 0); m_variableMscPcreError.set("0", 0); m_variableMscPcreLimitsExceeded.set("0", 0); @@ -770,7 +770,7 @@ int Transaction::processRequestBody() { if (m_requestBodyType == MultiPartRequestBody) { #endif std::string error; - int reqbodyNoFilesLength = 0; + uint64_t reqbodyNoFilesLength = 0; if (a != NULL) { Multipart m(*a, this); if (m.init(&error) == true) { diff --git a/src/utils/msc_tree.cc b/src/utils/msc_tree.cc index ea6c1a416..309d0cece 100644 --- a/src/utils/msc_tree.cc +++ b/src/utils/msc_tree.cc @@ -298,7 +298,7 @@ int InsertNetmask(TreeNode *node, TreeNode *parent, TreeNode *new_node, TreeNode *CPTAddElement(unsigned char *ipdata, unsigned int ip_bitmask, CPTTree *tree, unsigned char netmask) { unsigned char *buffer = NULL; unsigned char bitlen = 0; - int bit_validation = 0, test_bit = 0; + unsigned int bit_validation = 0, test_bit = 0; size_t i = 0; unsigned int x, y; TreeNode *node = NULL, *new_node = NULL; @@ -357,7 +357,7 @@ TreeNode *CPTAddElement(unsigned char *ipdata, unsigned int ip_bitmask, CPTTree else bit_validation = bitlen; - for (i = 0; (i * NETMASK_8) < bit_validation; i++) { + for (i = 0; (i * NETMASK_8) < static_cast(bit_validation); i++) { int net = 0, div = 0; int cnt = 0; int temp; @@ -483,8 +483,8 @@ TreeNode *CPTAddElement(unsigned char *ipdata, unsigned int ip_bitmask, CPTTree if (node->netmasks != NULL) { i = 0; - int j; - while(i < node->count) { + size_t j; + while (i < static_cast(node->count)) { if (node->netmasks[i] < test_bit + 1) break; i++; @@ -501,7 +501,7 @@ TreeNode *CPTAddElement(unsigned char *ipdata, unsigned int ip_bitmask, CPTTree } j = 0; - while (j < (node->count - i)) { + while (j < static_cast(node->count) - i) { i_node->netmasks[j] = node->netmasks[i + j]; j++; } @@ -833,19 +833,22 @@ TreeNode *CPTIpMatch(unsigned char *ipdata, CPTTree *tree, int type) { } TreeNode *TreeAddIP(const char *buffer, CPTTree *tree, int type) { - unsigned long ip; int ret; unsigned char netmask_v4 = NETMASK_32, netmask_v6 = NETMASK_128; char ip_strv4[NETMASK_32], ip_strv6[NETMASK_128]; struct in_addr addr4; struct in6_addr addr6; - int pos = 0; + const char *slash = NULL; + size_t pos = 0; char *ptr = NULL; if(tree == NULL) return NULL; - pos = strchr(buffer, '/') - buffer; + slash = strchr(buffer, '/'); + if (slash != NULL) { + pos = static_cast(slash - buffer); + } switch(type) { @@ -871,7 +874,7 @@ TreeNode *TreeAddIP(const char *buffer, CPTTree *tree, int type) { if (netmask_v4 == 0) { return NULL; } - else if (pos < strlen(ip_strv4)) { + else if (slash != NULL && pos < strlen(ip_strv4)) { ip_strv4[pos] = '\0'; } @@ -908,7 +911,8 @@ TreeNode *TreeAddIP(const char *buffer, CPTTree *tree, int type) { if(netmask_v6 == 0) { return NULL; } - else if (netmask_v6 != NETMASK_128 && pos < strlen(ip_strv6)) { + else if (slash != NULL && netmask_v6 != NETMASK_128 && + pos < strlen(ip_strv6)) { ip_strv6[pos] = '\0'; } diff --git a/src/utils/string.h b/src/utils/string.h index ac3264aea..5976e8b59 100644 --- a/src/utils/string.h +++ b/src/utils/string.h @@ -89,7 +89,7 @@ inline std::string dash_if_empty(const std::string *str) { } -inline std::string limitTo(int amount, const std::string &str) { +inline std::string limitTo(std::string::size_type amount, const std::string &str) { std::string ret; if (str.length() > amount) { diff --git a/src/variables/variable.h b/src/variables/variable.h index 06f407f2c..80d0d85be 100644 --- a/src/variables/variable.h +++ b/src/variables/variable.h @@ -634,7 +634,7 @@ class Variable : public VariableMonkeyResolution { class VariableDictElement : public Variable { public: VariableDictElement(const std::string &name, const std::string &dict_element) - : m_dictElement(dict_element), Variable(name + ":" + dict_element) { } + : Variable(name + ":" + dict_element), m_dictElement(dict_element) { } std::string m_dictElement; }; @@ -643,9 +643,9 @@ class VariableDictElement : public Variable { class VariableRegex : public Variable { public: VariableRegex(const std::string &name, const std::string ®ex) - : m_r(regex, true), - m_regex(regex), - Variable(name + ":" + "regex(" + regex + ")") { } + : Variable(name + ":" + "regex(" + regex + ")"), + m_r(regex, true), + m_regex(regex) { } Utils::Regex m_r; // FIXME: no need for that.