Skip to content

fix: cppcheck warnings in standalone/ #3487

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
umprayz wants to merge 25 commits into from
Closed

fix: cppcheck warnings in standalone/ #3487

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
25 commits
Select commit Hold shift + click to select a range
1b64de1
feat: fix cppcheck issues in standalone
umprayz Jan 29, 2026
d525ac7
add missing httpd dependency
umprayz Jan 29, 2026
2c83f51
set APSX path
umprayz Jan 29, 2026
a4a6a9a
fixing configure order
umprayz Jan 29, 2026
68e1c56
set path in correct task
umprayz Jan 29, 2026
e90fb94
adding pcre2 library dependency
umprayz Jan 29, 2026
ad499a3
adding apr library dependency
umprayz Jan 29, 2026
4d4b351
adding more dependencies
umprayz Jan 29, 2026
f10533d
removing nproc command
umprayz Jan 29, 2026
29bb9f9
configuring macro
umprayz Jan 29, 2026
78b9282
suppressing staticFunction
umprayz Jan 29, 2026
7d5ad80
fixing Makefile.in missing
umprayz Jan 29, 2026
50e4649
adding missing path
umprayz Jan 30, 2026
3a62fd8
replace mcosx to ubuntu
umprayz Jan 30, 2026
fbeb9a0
replace apt to apt-get
umprayz Jan 30, 2026
75c48ba
adding sudo to apt commands
umprayz Jan 30, 2026
7861e49
remove sudo
umprayz Feb 1, 2026
a556372
changing commands to Alpine version
umprayz Feb 1, 2026
4226924
removing ssdeep
umprayz Feb 1, 2026
f311901
using Debian instead of Alpine
umprayz Feb 1, 2026
30cca1e
fixing apt-get install command line
umprayz Feb 1, 2026
e41306c
fixing conflicting type warnings
umprayz Feb 1, 2026
5a4172a
fixing code smells based on SonarQube
umprayz Feb 2, 2026
9bc9d34
revert to reinterpret_cast
umprayz Feb 2, 2026
ac98225
removing commented codes
umprayz Feb 3, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
38 changes: 38 additions & 0 deletions .github/workflows/ci.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -137,3 +137,41 @@ jobs:
run: sudo make install
- name: run regression tests
run: make test-regression

cppcheck:
runs-on: [ubuntu-24.04]
container:
image: debian:sid
steps:
- name: Setup Dependencies
run: |
apt-get update -y -qq
apt-get install -y --no-install-recommends build-essential \
autoconf \
automake \
libtool \
pkg-config \
cppcheck \
apache2-dev \
libpcre2-dev \
libapr1-dev \
libaprutil1-dev \
libxml2-dev \
liblua5.3-dev \
libyajl-dev \
libfuzzy-dev \
ssdeep \
curl \
ca-certificates
- uses: actions/checkout@v4
with:
submodules: false
fetch-depth: 0
- name: configure
run: |
./autogen.sh
./configure --with-apxs=/usr/bin/apxs
- name: cppcheck
run: |
make check-static

22 changes: 21 additions & 1 deletion Makefile.am
100644 → 100755
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -40,7 +40,27 @@ test-regression-nginx:


cppcheck:
cppcheck . --enable=all --force 2>&1 | sed 's/^/warning: /g' 1>&2;
@cppcheck \
-j `getconf _NPROCESSORS_ONLN 2>/dev/null || sysctl -n hw.ncpu || echo 1` \
--enable=all \
--force \
--verbose \
--library=gnu \
--library=posix \
--std=c++17 \
-I ./apache2 \
-I /usr/include/libxml2 \
-I @APXS_INCLUDEDIR@ \
-I @APR_INCLUDEDIR@ \
-I @APU_INCLUDEDIR@ \
--suppressions-list=./tests/cppcheck_suppressions.txt \
--inline-suppr \
--inconclusive \
--template="warning: {file},{line},{severity},{id},{message}" \
--error-exitcode=1 \
standalone/

check-static: cppcheck

check-coding-style:
for i in `(find . -iname "*.c" ; find . -iname "*.h")`; \
Expand Down
2 changes: 1 addition & 1 deletion autogen.sh
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -9,7 +9,7 @@ rm -rf autom4te.cache
rm -f aclocal.m4
case `uname` in Darwin*) glibtoolize --force --copy ;;
*) libtoolize --force --copy ;; esac
autoreconf --install
autoreconf --install --force
autoheader
automake --add-missing --foreign --copy --force-missing
autoconf --force
Expand Down
13 changes: 6 additions & 7 deletions standalone/api.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -180,7 +180,6 @@ apr_status_t ap_http_in_filter(ap_filter_t *f, apr_bucket_brigade *bb_out,
int is_eos = 0;
apr_bucket_brigade *bb_in;
apr_bucket *after;
apr_status_t rv;

bb_in = modsecGetBodyBrigade(f->r);

Expand All @@ -191,7 +190,7 @@ apr_status_t ap_http_in_filter(ap_filter_t *f, apr_bucket_brigade *bb_out,
APR_BRIGADE_INSERT_TAIL(bb_in, e);
}

rv = apr_brigade_partition(bb_in, readbytes, &after);
apr_status_t rv = apr_brigade_partition(bb_in, readbytes, &after);
if (rv != APR_SUCCESS && rv != APR_INCOMPLETE) {
return rv;
}
Expand Down Expand Up @@ -278,15 +277,15 @@ const char *modsecProcessConfig(directory_config *config, const char *file, cons

if(dir[li] != '/' && dir[li] != '\\')
#ifdef WIN32
file = apr_pstrcat(config->mp, dir, "\\", file, NULL);
file = apr_pstrcat(config->mp, dir, "\\", file, (char *)NULL);
#else
file = apr_pstrcat(config->mp, dir, "/", file, NULL);
file = apr_pstrcat(config->mp, dir, "/", file, (char *)NULL);
#endif
else
file = apr_pstrcat(config->mp, dir, file, NULL);
file = apr_pstrcat(config->mp, dir, file, (char *)NULL);
}
else if (APR_EBADPATH == status) {
return apr_pstrcat(config->mp, "Config file has a bad path, ", file, NULL);
return apr_pstrcat(config->mp, "Config file has a bad path, ", file, (char *)NULL);
}

apr_pool_create(&ptemp, config->mp);
Expand Down Expand Up @@ -403,7 +402,7 @@ request_rec *modsecNewRequest(conn_rec *connection, directory_config *config)

static modsec_rec *retrieve_msr(request_rec *r) {
modsec_rec *msr = NULL;
request_rec *rx = NULL;
const request_rec *rx = NULL;

/* Look in the current request first. */
msr = (modsec_rec *)apr_table_get(r->notes, NOTE_MSR);
Expand Down
30 changes: 24 additions & 6 deletions standalone/api.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -58,7 +58,7 @@ void modsecInitProcess();

conn_rec *modsecNewConnection();
void modsecProcessConnection(conn_rec *c);
int modsecFinishConnection(conn_rec *c);
int modsecFinishConnection(conn_rec *c);

request_rec *modsecNewRequest(conn_rec *connection, directory_config *config);

Expand Down Expand Up @@ -86,22 +86,40 @@ void modsecSetLogHook(void *obj, void (*hook)(void *obj, int level, char *str));

static inline void
modsecSetBodyBrigade(request_rec *r, apr_bucket_brigade *b) {
#ifdef __cplusplus
apr_table_setn(r->notes, NOTE_MSR_BRIGADE_REQUEST, reinterpret_cast<char *>(b)); //NOSONAR
#else
apr_table_setn(r->notes, NOTE_MSR_BRIGADE_REQUEST, (char *)b);
#endif
};

static inline apr_bucket_brigade *
modsecGetBodyBrigade(request_rec *r) {
static inline apr_bucket_brigade * modsecGetBodyBrigade(const request_rec *r) {
#ifdef __cplusplus
return reinterpret_cast<apr_bucket_brigade *>(
const_cast<char *>(apr_table_get(r->notes, NOTE_MSR_BRIGADE_REQUEST))
);
#else
return (apr_bucket_brigade *)apr_table_get(r->notes, NOTE_MSR_BRIGADE_REQUEST);
#endif
};

static inline void
modsecSetResponseBrigade(request_rec *r, apr_bucket_brigade *b) {
#ifdef __cplusplus
apr_table_setn(r->notes, NOTE_MSR_BRIGADE_RESPONSE, reinterpret_cast<char *>(b)); //NOSONAR
#else
apr_table_setn(r->notes, NOTE_MSR_BRIGADE_RESPONSE, (char *)b);
#endif
};

static inline apr_bucket_brigade *
modsecGetResponseBrigade(request_rec *r) {
static inline apr_bucket_brigade * modsecGetResponseBrigade(const request_rec *r) {
#ifdef __cplusplus
return reinterpret_cast<apr_bucket_brigade *>(
const_cast<char *>(apr_table_get(r->notes, NOTE_MSR_BRIGADE_RESPONSE))
);
#else
return (apr_bucket_brigade *)apr_table_get(r->notes, NOTE_MSR_BRIGADE_RESPONSE);
#endif
};

void modsecSetReadBody(apr_status_t (*func)(request_rec *r, char *buf, unsigned int length, unsigned int *readcnt, int *is_eos));
Expand All @@ -121,7 +139,7 @@ const char *modsecIsServerSignatureAvailale(void);

#ifdef VERSION_IIS
void modsecStatusEngineCall(void);
void modsecReportRemoteLoadedRules(void);
void modsecReportRemoteLoadedRules(void);
#endif

#ifdef __cplusplus
Expand Down
11 changes: 6 additions & 5 deletions standalone/buckets.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -57,7 +57,7 @@ AP_DECLARE(apr_status_t) ap_pass_brigade(ap_filter_t *next,
apr_bucket_brigade *bb)
{
if (next) {
apr_bucket *e;
const apr_bucket *e;
if ((e = APR_BRIGADE_LAST(bb)) && APR_BUCKET_IS_EOS(e) && next->r) {
/* This is only safe because HTTP_HEADER filter is always in
* the filter stack. This ensures that there is ALWAYS a
Expand Down Expand Up @@ -89,7 +89,7 @@ AP_DECLARE(apr_status_t) ap_save_brigade(ap_filter_t *f,
apr_bucket_brigade **b, apr_pool_t *p)
{
apr_bucket *e;
apr_status_t rv, srv = APR_SUCCESS;
apr_status_t srv = APR_SUCCESS;

/* If have never stored any data in the filter, then we had better
* create an empty bucket brigade so that we can concat.
Expand All @@ -98,11 +98,12 @@ AP_DECLARE(apr_status_t) ap_save_brigade(ap_filter_t *f,
*saveto = apr_brigade_create(p, f->c->bucket_alloc);
}

for (e = APR_BRIGADE_FIRST(*b);
e != APR_BRIGADE_SENTINEL(*b);
const apr_bucket_brigade *bb = *b;
for (e = APR_BRIGADE_FIRST(bb);
e != APR_BRIGADE_SENTINEL(bb);
e = APR_BUCKET_NEXT(e))
{
rv = apr_bucket_setaside(e, p);
apr_status_t rv = apr_bucket_setaside(e, p);

/* If the bucket type does not implement setaside, then
* (hopefully) morph it into a bucket type which does, and set
Expand Down
Loading
Loading