From 1b64de1c75e7668b836691a58e11acba3b57f64d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Heged=C3=BCs=20D=C3=A1vid=20Marcell?= Date: Thu, 29 Jan 2026 15:10:53 +0100 Subject: [PATCH 01/25] feat: fix cppcheck issues in standalone --- .github/workflows/ci.yml | 20 ++++++++++ Makefile.am | 21 ++++++++++- standalone/api.c | 13 +++---- standalone/api.h | 30 ++++++++++++--- standalone/buckets.c | 11 +++--- standalone/config.c | 51 ++++++++++++-------------- standalone/main.cpp | 54 +++++++++++++-------------- standalone/regex.c | 10 ++--- standalone/server.c | 65 +++++++++++++++++++-------------- tests/cppcheck_suppressions.txt | 22 +++++++++++ 10 files changed, 191 insertions(+), 106 deletions(-) mode change 100644 => 100755 Makefile.am create mode 100644 tests/cppcheck_suppressions.txt diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index d33d21c616..5d6fcd5506 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -137,3 +137,23 @@ jobs: run: sudo make install - name: run regression tests run: make test-regression + + cppcheck: + runs-on: [macos-14] + steps: + - name: Setup Dependencies + run: | + brew install autoconf \ + automake \ + libtool \ + cppcheck + - uses: actions/checkout@v4 + with: + submodules: false + fetch-depth: 0 + - name: configure + run: | + ./autogen.sh + ./configure + - name: cppcheck + run: make check-static \ No newline at end of file diff --git a/Makefile.am b/Makefile.am old mode 100644 new mode 100755 index 3a0e59ba22..a8d82199f6 --- a/Makefile.am +++ b/Makefile.am @@ -40,7 +40,26 @@ test-regression-nginx: cppcheck: - cppcheck . --enable=all --force 2>&1 | sed 's/^/warning: /g' 1>&2; + @cppcheck \ + -j `nproc` \ + --enable=all \ + --force \ + --verbose \ + --library=gnu \ + --library=posix \ + -I ./apache2 \ + -I /usr/include/apache2 \ + -I /usr/include/apr-1.0 \ + -I /usr/include/libxml2 \ + --std=c++17 \ + --suppressions-list=./tests/cppcheck_suppressions.txt \ + --inline-suppr \ + --inconclusive \ + --template="warning: {file},{line},{severity},{id},{message}" \ + --error-exitcode=1 \ + standalone/ + +check-static: cppcheck check-coding-style: for i in `(find . -iname "*.c" ; find . -iname "*.h")`; \ diff --git a/standalone/api.c b/standalone/api.c index 438e98df44..aaf6db4113 100644 --- a/standalone/api.c +++ b/standalone/api.c @@ -180,7 +180,6 @@ apr_status_t ap_http_in_filter(ap_filter_t *f, apr_bucket_brigade *bb_out, int is_eos = 0; apr_bucket_brigade *bb_in; apr_bucket *after; - apr_status_t rv; bb_in = modsecGetBodyBrigade(f->r); @@ -191,7 +190,7 @@ apr_status_t ap_http_in_filter(ap_filter_t *f, apr_bucket_brigade *bb_out, APR_BRIGADE_INSERT_TAIL(bb_in, e); } - rv = apr_brigade_partition(bb_in, readbytes, &after); + apr_status_t rv = apr_brigade_partition(bb_in, readbytes, &after); if (rv != APR_SUCCESS && rv != APR_INCOMPLETE) { return rv; } @@ -278,15 +277,15 @@ const char *modsecProcessConfig(directory_config *config, const char *file, cons if(dir[li] != '/' && dir[li] != '\\') #ifdef WIN32 - file = apr_pstrcat(config->mp, dir, "\\", file, NULL); + file = apr_pstrcat(config->mp, dir, "\\", file, (char *)NULL); #else - file = apr_pstrcat(config->mp, dir, "/", file, NULL); + file = apr_pstrcat(config->mp, dir, "/", file, (char *)NULL); #endif else - file = apr_pstrcat(config->mp, dir, file, NULL); + file = apr_pstrcat(config->mp, dir, file, (char *)NULL); } else if (APR_EBADPATH == status) { - return apr_pstrcat(config->mp, "Config file has a bad path, ", file, NULL); + return apr_pstrcat(config->mp, "Config file has a bad path, ", file, (char *)NULL); } apr_pool_create(&ptemp, config->mp); @@ -403,7 +402,7 @@ request_rec *modsecNewRequest(conn_rec *connection, directory_config *config) static modsec_rec *retrieve_msr(request_rec *r) { modsec_rec *msr = NULL; - request_rec *rx = NULL; + const request_rec *rx = NULL; /* Look in the current request first. */ msr = (modsec_rec *)apr_table_get(r->notes, NOTE_MSR); diff --git a/standalone/api.h b/standalone/api.h index ea4e688173..2a43ac5f95 100644 --- a/standalone/api.h +++ b/standalone/api.h @@ -58,7 +58,7 @@ void modsecInitProcess(); conn_rec *modsecNewConnection(); void modsecProcessConnection(conn_rec *c); -int modsecFinishConnection(conn_rec *c); +int modsecFinishConnection(conn_rec *c); request_rec *modsecNewRequest(conn_rec *connection, directory_config *config); @@ -86,22 +86,40 @@ void modsecSetLogHook(void *obj, void (*hook)(void *obj, int level, char *str)); static inline void modsecSetBodyBrigade(request_rec *r, apr_bucket_brigade *b) { +#ifdef __cplusplus + apr_table_setn(r->notes, NOTE_MSR_BRIGADE_REQUEST, reinterpret_cast(b)); +#else apr_table_setn(r->notes, NOTE_MSR_BRIGADE_REQUEST, (char *)b); +#endif }; -static inline apr_bucket_brigade * -modsecGetBodyBrigade(request_rec *r) { +static inline apr_bucket_brigade * modsecGetBodyBrigade(const request_rec *r) { +#ifdef __cplusplus + return reinterpret_cast( + const_cast(apr_table_get(r->notes, NOTE_MSR_BRIGADE_REQUEST)) + ); +#else return (apr_bucket_brigade *)apr_table_get(r->notes, NOTE_MSR_BRIGADE_REQUEST); +#endif }; static inline void modsecSetResponseBrigade(request_rec *r, apr_bucket_brigade *b) { +#ifdef __cplusplus + apr_table_setn(r->notes, NOTE_MSR_BRIGADE_RESPONSE, reinterpret_cast(b)); +#else apr_table_setn(r->notes, NOTE_MSR_BRIGADE_RESPONSE, (char *)b); +#endif }; -static inline apr_bucket_brigade * -modsecGetResponseBrigade(request_rec *r) { +static inline apr_bucket_brigade * modsecGetResponseBrigade(const request_rec *r) { +#ifdef __cplusplus + return reinterpret_cast( + const_cast(apr_table_get(r->notes, NOTE_MSR_BRIGADE_RESPONSE)) + ); +#else return (apr_bucket_brigade *)apr_table_get(r->notes, NOTE_MSR_BRIGADE_RESPONSE); +#endif }; void modsecSetReadBody(apr_status_t (*func)(request_rec *r, char *buf, unsigned int length, unsigned int *readcnt, int *is_eos)); @@ -121,7 +139,7 @@ const char *modsecIsServerSignatureAvailale(void); #ifdef VERSION_IIS void modsecStatusEngineCall(void); -void modsecReportRemoteLoadedRules(void); +void modsecReportRemoteLoadedRules(void); #endif #ifdef __cplusplus diff --git a/standalone/buckets.c b/standalone/buckets.c index 755581d6db..270df56bdf 100644 --- a/standalone/buckets.c +++ b/standalone/buckets.c @@ -57,7 +57,7 @@ AP_DECLARE(apr_status_t) ap_pass_brigade(ap_filter_t *next, apr_bucket_brigade *bb) { if (next) { - apr_bucket *e; + const apr_bucket *e; if ((e = APR_BRIGADE_LAST(bb)) && APR_BUCKET_IS_EOS(e) && next->r) { /* This is only safe because HTTP_HEADER filter is always in * the filter stack. This ensures that there is ALWAYS a @@ -89,7 +89,7 @@ AP_DECLARE(apr_status_t) ap_save_brigade(ap_filter_t *f, apr_bucket_brigade **b, apr_pool_t *p) { apr_bucket *e; - apr_status_t rv, srv = APR_SUCCESS; + apr_status_t srv = APR_SUCCESS; /* If have never stored any data in the filter, then we had better * create an empty bucket brigade so that we can concat. @@ -98,11 +98,12 @@ AP_DECLARE(apr_status_t) ap_save_brigade(ap_filter_t *f, *saveto = apr_brigade_create(p, f->c->bucket_alloc); } - for (e = APR_BRIGADE_FIRST(*b); - e != APR_BRIGADE_SENTINEL(*b); + const apr_bucket_brigade *bb = *b; + for (e = APR_BRIGADE_FIRST(bb); + e != APR_BRIGADE_SENTINEL(bb); e = APR_BUCKET_NEXT(e)) { - rv = apr_bucket_setaside(e, p); + apr_status_t rv = apr_bucket_setaside(e, p); /* If the bucket type does not implement setaside, then * (hopefully) morph it into a bucket type which does, and set diff --git a/standalone/config.c b/standalone/config.c index 6133e7d7e8..313434b344 100644 --- a/standalone/config.c +++ b/standalone/config.c @@ -533,7 +533,7 @@ static const char *invoke_cmd(const command_rec *cmd, cmd_parms *parms, const char *errmsg = NULL; if ((parms->override & cmd->req_override) == 0) - return apr_pstrcat(parms->pool, cmd->name, " not allowed here", NULL); + return apr_pstrcat(parms->pool, cmd->name, " not allowed here", (char *)NULL); parms->info = cmd->cmd_data; parms->cmd = cmd; @@ -565,7 +565,7 @@ static const char *invoke_cmd(const command_rec *cmd, cmd_parms *parms, case NO_ARGS: if (*args != 0) return apr_pstrcat(parms->pool, cmd->name, " takes no arguments", - NULL); + (char *)NULL); return cmd->AP_NO_ARGS(parms, mconfig); @@ -574,7 +574,7 @@ static const char *invoke_cmd(const command_rec *cmd, cmd_parms *parms, if (*w == '\0' || *args != 0) return apr_pstrcat(parms->pool, cmd->name, " takes one argument", - cmd->errmsg ? ", " : NULL, cmd->errmsg, NULL); + cmd->errmsg ? ", " : NULL, cmd->errmsg, (char *)NULL); return cmd->AP_TAKE1(parms, mconfig, w); @@ -584,7 +584,7 @@ static const char *invoke_cmd(const command_rec *cmd, cmd_parms *parms, if (*w == '\0' || *w2 == '\0' || *args != 0) return apr_pstrcat(parms->pool, cmd->name, " takes two arguments", - cmd->errmsg ? ", " : NULL, cmd->errmsg, NULL); + cmd->errmsg ? ", " : NULL, cmd->errmsg, (char *)NULL); return cmd->AP_TAKE2(parms, mconfig, w, w2); @@ -594,7 +594,7 @@ static const char *invoke_cmd(const command_rec *cmd, cmd_parms *parms, if (*w == '\0' || *args != 0) return apr_pstrcat(parms->pool, cmd->name, " takes 1-2 arguments", - cmd->errmsg ? ", " : NULL, cmd->errmsg, NULL); + cmd->errmsg ? ", " : NULL, cmd->errmsg, (char *)NULL); return cmd->AP_TAKE2(parms, mconfig, w, *w2 ? w2 : NULL); @@ -605,7 +605,7 @@ static const char *invoke_cmd(const command_rec *cmd, cmd_parms *parms, if (*w == '\0' || *w2 == '\0' || *w3 == '\0' || *args != 0) return apr_pstrcat(parms->pool, cmd->name, " takes three arguments", - cmd->errmsg ? ", " : NULL, cmd->errmsg, NULL); + cmd->errmsg ? ", " : NULL, cmd->errmsg, (char *)NULL); return cmd->AP_TAKE3(parms, mconfig, w, w2, w3); @@ -617,7 +617,7 @@ static const char *invoke_cmd(const command_rec *cmd, cmd_parms *parms, if (*w == '\0' || *w2 == '\0' || *args != 0) return apr_pstrcat(parms->pool, cmd->name, " takes two or three arguments", - cmd->errmsg ? ", " : NULL, cmd->errmsg, NULL); + cmd->errmsg ? ", " : NULL, cmd->errmsg, (char *)NULL); return cmd->AP_TAKE3(parms, mconfig, w, w2, w3); @@ -629,7 +629,7 @@ static const char *invoke_cmd(const command_rec *cmd, cmd_parms *parms, if (*w == '\0' || *args != 0) return apr_pstrcat(parms->pool, cmd->name, " takes one, two or three arguments", - cmd->errmsg ? ", " : NULL, cmd->errmsg, NULL); + cmd->errmsg ? ", " : NULL, cmd->errmsg, (char *)NULL); return cmd->AP_TAKE3(parms, mconfig, w, w2, w3); @@ -641,7 +641,7 @@ static const char *invoke_cmd(const command_rec *cmd, cmd_parms *parms, if (*w == '\0' || (w2 && *w2 && !w3) || *args != 0) return apr_pstrcat(parms->pool, cmd->name, " takes one or three arguments", - cmd->errmsg ? ", " : NULL, cmd->errmsg, NULL); + cmd->errmsg ? ", " : NULL, cmd->errmsg, (char *)NULL); return cmd->AP_TAKE3(parms, mconfig, w, w2, w3); @@ -662,7 +662,7 @@ static const char *invoke_cmd(const command_rec *cmd, cmd_parms *parms, if (*w == '\0' || *args == 0) return apr_pstrcat(parms->pool, cmd->name, " requires at least two arguments", - cmd->errmsg ? ", " : NULL, cmd->errmsg, NULL); + cmd->errmsg ? ", " : NULL, cmd->errmsg, (char *)NULL); while (*(w2 = ap_getword_conf(parms->pool, &args)) != '\0') { @@ -679,14 +679,14 @@ static const char *invoke_cmd(const command_rec *cmd, cmd_parms *parms, if (*w == '\0' || (strcasecmp(w, "on") && strcasecmp(w, "off"))) return apr_pstrcat(parms->pool, cmd->name, " must be On or Off", - NULL); + (char *)NULL); return cmd->AP_FLAG(parms, mconfig, strcasecmp(w, "off") != 0); default: return apr_pstrcat(parms->pool, cmd->name, " is improperly configured internally (server bug)", - NULL); + (char *)NULL); } } @@ -797,13 +797,9 @@ static const char *process_resource_config_nofnmatch(const char *fname, unsigned depth, int optional) { - const char *error; - apr_status_t rv; - if (ap_is_directory(ptemp, fname)) { apr_dir_t *dirp; apr_finfo_t dirent; - int current; apr_array_header_t *candidates = NULL; fnames *fnew; char *path = apr_pstrdup(ptemp, fname); @@ -820,7 +816,7 @@ static const char *process_resource_config_nofnmatch(const char *fname, * entries here and store 'em away. Recall we need full pathnames * for this. */ - rv = apr_dir_open(&dirp, path, ptemp); + apr_status_t rv = apr_dir_open(&dirp, path, ptemp); if (rv != APR_SUCCESS) { char errmsg[120]; return apr_psprintf(p, "Could not open config directory %s: %s", @@ -846,9 +842,9 @@ static const char *process_resource_config_nofnmatch(const char *fname, * Now recurse these... we handle errors and subdirectories * via the recursion, which is nice */ - for (current = 0; current < candidates->nelts; ++current) { + for (int current = 0; current < candidates->nelts; ++current) { fnew = &((fnames *) candidates->elts)[current]; - error = process_resource_config_nofnmatch(fnew->fname, + const char *error = process_resource_config_nofnmatch(fnew->fname, ari, p, ptemp, depth, optional); if (error) { @@ -877,7 +873,6 @@ static const char *process_resource_config_fnmatch(const char *path, apr_finfo_t dirent; apr_array_header_t *candidates = NULL; fnames *fnew; - int current; /* find the first part of the filename */ rest = ap_strchr_c(fname, '/'); @@ -947,7 +942,7 @@ static const char *process_resource_config_fnmatch(const char *path, * Now recurse these... we handle errors and subdirectories * via the recursion, which is nice */ - for (current = 0; current < candidates->nelts; ++current) { + for (int current = 0; current < candidates->nelts; ++current) { fnew = &((fnames *) candidates->elts)[current]; if (!rest) { error = process_resource_config_nofnmatch(fnew->fname, @@ -993,10 +988,10 @@ AP_DECLARE(const char *) process_fnmatch_configs(apr_array_header_t *ari, /* we allow APR_SUCCESS and APR_EINCOMPLETE */ if (APR_ERELATIVE == status) { - return apr_pstrcat(p, "Include must have an absolute path, ", fname, NULL); + return apr_pstrcat(p, "Include must have an absolute path, ", fname, (char *)NULL); } else if (APR_EBADPATH == status) { - return apr_pstrcat(p, "Include has a bad path, ", fname, NULL); + return apr_pstrcat(p, "Include has a bad path, ", fname, (char *)NULL); } /* walk the filepath */ @@ -1056,7 +1051,7 @@ const char *process_command_config(server_rec *s, if(status != APR_SUCCESS) { apr_array_pop(arr); - errmsg = apr_pstrcat(p, "Cannot open config file: ", fn, NULL); + errmsg = apr_pstrcat(p, "Cannot open config file: ", fn, (char *)NULL); goto Exit; } } @@ -1098,7 +1093,7 @@ const char *process_command_config(server_rec *s, if (*w == '\0' || *args != 0) { ap_cfg_closefile(parms->config_file); - errmsg = apr_pstrcat(parms->pool, "Include takes one argument", NULL); + errmsg = apr_pstrcat(parms->pool, "Include takes one argument", (char *)NULL); goto Exit; } @@ -1115,11 +1110,11 @@ const char *process_command_config(server_rec *s, while(li >= 0 && configfilepath[li] != '/' && configfilepath[li] != '\\') configfilepath[li--] = 0; - w = apr_pstrcat(p, configfilepath, w, NULL); + w = apr_pstrcat(p, configfilepath, w, (char *)NULL); } else if (APR_EBADPATH == status) { ap_cfg_closefile(parms->config_file); - errmsg = apr_pstrcat(p, "Include file has a bad path, ", w, NULL); + errmsg = apr_pstrcat(p, "Include file has a bad path, ", w, (char *)NULL); goto Exit; } @@ -1143,7 +1138,7 @@ const char *process_command_config(server_rec *s, // unknown command, should error // ap_cfg_closefile(parms->config_file); - errmsg = apr_pstrcat(p, "Unknown command in config: ", cmd_name, NULL); + errmsg = apr_pstrcat(p, "Unknown command in config: ", cmd_name, (char *)NULL); goto Exit; } diff --git a/standalone/main.cpp b/standalone/main.cpp index 30c3e67e92..7117a28bb9 100644 --- a/standalone/main.cpp +++ b/standalone/main.cpp @@ -37,12 +37,12 @@ int event_file_blocks[256]; char urls[MAX_URLS][4096]; int url_cnt = 0; -void readeventfile(char *name) +void readeventfile(const char *name) { if(event_file == NULL) { - event_file = (char *)malloc(EVENT_FILE_MAX_SIZE); - event_file_lines = (char **)malloc(EVENT_FILE_MAX_SIZE); + event_file = static_cast(malloc(EVENT_FILE_MAX_SIZE)); + event_file_lines = static_cast(malloc(EVENT_FILE_MAX_SIZE)); } event_file_len = 0; @@ -119,13 +119,13 @@ void parseargs(int argc, char *argv[]) { if(argv[i][0] == '-') { - if(argv[i][1] == 'c' && i < argc - 1) + if(i < argc - 1 && argv[i][1] == 'c') { config_file = argv[i + 1]; i += 2; continue; } - if(argv[i][1] == 'u' && i < argc - 1) + if(i < argc - 1 && argv[i][1] == 'u') { url_file = argv[i + 1]; i += 2; @@ -144,7 +144,7 @@ void parseargs(int argc, char *argv[]) } } -void log(void *obj, int level, char *str) +void log(const void *obj, int level, const char *str) { printf("%s\n", str); } @@ -265,25 +265,26 @@ void main(int argc, char *argv[]) if(url_file != NULL) { FILE *fr = fopen(url_file, "rb"); - int i = 0; + if(fr != NULL){ + int i = 0; + while(fgets(urls[i],4096,fr) != NULL) + { + urls[i][4095] = 0; - while(fgets(urls[i],4096,fr) != NULL) - { - urls[i][4095] = 0; + int l = strlen(urls[i]) - 1; - int l = strlen(urls[i]) - 1; + if(l < 8) + continue; - if(l < 8) - continue; + while(urls[i][l] == 10 || urls[i][l] == 13) + l--; - while(urls[i][l] == 10 || urls[i][l] == 13) - l--; + urls[i++][l + 1] = 0; + } - urls[i++][l + 1] = 0; + url_cnt = i; + fclose(fr); } - - url_cnt = i; - fclose(fr); } for(int i = 0; i < event_file_cnt; i++) @@ -320,7 +321,9 @@ void main(int argc, char *argv[]) char *method = event_file_lines[j]; char *url = strchr(method, 32); - char *proto = strchr(url + 1, 32); + char *proto = NULL; + if(*(url + 1) != '\0') + proto = strchr(url + 1, 32); if(url == NULL || proto == NULL) continue; @@ -380,8 +383,7 @@ void main(int argc, char *argv[]) if(query != NULL) { - rawurl = (char *)apr_palloc(r->pool, strlen(url) + 1); - strcpy(rawurl, url); + rawurl = static_cast(apr_palloc(r->pool, strlen(url) + 1)); strcpy(rawurl, url); *query++ = 0; r->args = query; } @@ -392,15 +394,14 @@ void main(int argc, char *argv[]) { r->content_languages = apr_array_make(r->pool, 1, sizeof(const char *)); - *(const char **)apr_array_push(r->content_languages) = lng; + *static_cast(apr_array_push(r->content_languages)) = lng; } r->request_time = apr_time_now(); r->parsed_uri.scheme = "http"; r->parsed_uri.path = r->path_info; - r->parsed_uri.hostname = (char *)r->hostname; - r->parsed_uri.is_initialized = 1; + r->parsed_uri.hostname = const_cast(r->hostname); r->parsed_uri.is_initialized = 1; r->parsed_uri.port = 80; r->parsed_uri.port_str = "80"; r->parsed_uri.query = r->args; @@ -413,8 +414,7 @@ void main(int argc, char *argv[]) r->unparsed_uri = rawurl; r->uri = r->unparsed_uri; - r->the_request = (char *)apr_palloc(r->pool, strlen(r->method) + 1 + strlen(r->uri) + 1 + strlen(r->protocol) + 1); - + r->the_request = static_cast(apr_palloc(r->pool, strlen(r->method) + 1 + strlen(r->uri) + 1 + strlen(r->protocol) + 1)); strcpy(r->the_request, r->method); strcat(r->the_request, " "); strcat(r->the_request, r->uri); diff --git a/standalone/regex.c b/standalone/regex.c index cdc79059fe..fe99848983 100644 --- a/standalone/regex.c +++ b/standalone/regex.c @@ -70,8 +70,6 @@ AP_DECLARE(void) ap_regfree(ap_regex_t *preg) AP_DECLARE(int) ap_regcomp(ap_regex_t *preg, const char *pattern, int cflags) { -const char *errorptr; -int erroffset; int options = 0; int nsub = 0; @@ -94,6 +92,8 @@ preg->re_nsub = nsub; #else // otherwise use PCRE if ((cflags & AP_REG_ICASE) != 0) options |= PCRE_CASELESS; if ((cflags & AP_REG_NEWLINE) != 0) options |= PCRE_MULTILINE; +const char *errorptr; +int erroffset; preg->re_pcre = pcre_compile(pattern, options, &errorptr, &erroffset, NULL); preg->re_erroffset = erroffset; @@ -149,7 +149,7 @@ if (nmatch > 0) PCRE2_SPTR pcre2_s; int pcre2_ret; pcre2_match_data *match_data; - PCRE2_SIZE *pcre2_ovector = NULL; + const PCRE2_SIZE *pcre2_ovector = NULL; pcre2_s = (PCRE2_SPTR)string; match_data = pcre2_match_data_create_from_pattern(preg->re_pcre, NULL); @@ -192,14 +192,14 @@ if (rc >= 0) pmatch[i].rm_so = ovector[i*2]; pmatch[i].rm_eo = ovector[i*2+1]; } - if (allocated_ovector) free(ovector); + if (allocated_ovector) ovector = NULL; for (; i < nmatch; i++) pmatch[i].rm_so = pmatch[i].rm_eo = -1; return 0; } else { - if (allocated_ovector) free(ovector); + if (allocated_ovector) ovector = NULL; switch(rc) { #ifndef WITH_PCRE diff --git a/standalone/server.c b/standalone/server.c index 31b12a6dbc..bff72da9cd 100644 --- a/standalone/server.c +++ b/standalone/server.c @@ -137,7 +137,7 @@ static const char * const status_lines[RESPONSE_CODES] = AP_DECLARE(int) ap_index_of_response(int status) { - static int shortcut[6] = {0, LEVEL_200, LEVEL_300, LEVEL_400, + static const int shortcut[6] = {0, LEVEL_200, LEVEL_300, LEVEL_400, LEVEL_500, RESPONSE_CODES}; int i, pos; @@ -230,7 +230,7 @@ AP_DECLARE(char *) ap_escape_html2(apr_pool_t *p, const char *s, int toasc) j += 5; } else if (toasc && !apr_isascii(s[i])) { - char *esc = apr_psprintf(p, "&#%3.3d;", (unsigned char)s[i]); + const char *esc = apr_psprintf(p, "&#%3.3d;", (unsigned char)s[i]); memcpy(&x[j], esc, 6); j += 5; } @@ -248,12 +248,12 @@ AP_DECLARE(char *) ap_escape_html(apr_pool_t *p, const char *s) } #endif -AP_DECLARE(const char *) ap_psignature(const char *prefix, request_rec *r) +AP_DECLARE(const char *) ap_psignature(const char *prefix, const request_rec *r) { return prefix; } -AP_DECLARE(const char *) ap_document_root(request_rec *r) /* Don't use this! */ +AP_DECLARE(const char *) ap_document_root(const request_rec *r) /* Don't use this! */ { return "\\"; } @@ -378,7 +378,7 @@ AP_DECLARE(const char *) ap_get_server_name(request_rec *r) return r->server->server_hostname; } -AP_DECLARE(void) ap_add_version_component(apr_pool_t *pconf, const char *component) +AP_DECLARE(void) ap_add_version_component(const apr_pool_t *pconf, const char *component) { // appends string to server description string // @@ -408,7 +408,7 @@ AP_DECLARE(worker_score *) ap_get_scoreboard_worker_from_indexes(int x, int y) return &ap_scoreboard_image->servers[x][y]; } -AP_DECLARE(worker_score *) ap_get_scoreboard_worker(ap_sb_handle_t *sbh) +AP_DECLARE(worker_score *) ap_get_scoreboard_worker(const ap_sb_handle_t *sbh) { //if (!sbh) // return NULL; @@ -523,7 +523,8 @@ AP_DECLARE(void) ap_str_tolower(char *str) AP_DECLARE(const char *) ap_get_remote_host(conn_rec *conn, void *dir_config, int type, int *str_is_ip) { - int hostname_lookups = HOSTNAME_LOOKUP_OFF; + //int hostname_lookups = HOSTNAME_LOOKUP_OFF; + int hostname_lookups = 0; int ignored_str_is_ip; if (!str_is_ip) { /* caller doesn't want to know */ @@ -544,8 +545,7 @@ AP_DECLARE(const char *) ap_get_remote_host(conn_rec *conn, void *dir_config, in if (type != REMOTE_NOLOOKUP && conn->remote_host == NULL - && (type == REMOTE_DOUBLE_REV - || hostname_lookups != HOSTNAME_LOOKUP_OFF)) { + && type == REMOTE_DOUBLE_REV) { #if AP_SERVER_MAJORVERSION_NUMBER > 1 && AP_SERVER_MINORVERSION_NUMBER < 3 if (apr_getnameinfo(&conn->remote_host, conn->remote_addr, 0) == APR_SUCCESS) { @@ -615,19 +615,19 @@ AP_DECLARE(char *) ap_server_root_relative(apr_pool_t *p, const char *file) } } -AP_DECLARE(piped_log *) ap_open_piped_log(apr_pool_t *p, const char *program) +AP_DECLARE(piped_log *) ap_open_piped_log(const apr_pool_t *p, const char *program) { return NULL; } #if AP_SERVER_MAJORVERSION_NUMBER > 1 && AP_SERVER_MINORVERSION_NUMBER > 3 -AP_DECLARE(apr_file_t *) ap_piped_log_write_fd(piped_log *pl) +AP_DECLARE(apr_file_t *) ap_piped_log_write_fd(const piped_log *pl) { return NULL; } #endif -AP_DECLARE(char **) ap_create_environment(apr_pool_t *p, apr_table_t *t) +AP_DECLARE(char **) ap_create_environment(apr_pool_t *p, const apr_table_t *t) { const apr_array_header_t *env_arr = apr_table_elts(t); const apr_table_entry_t *elts = (const apr_table_entry_t *) env_arr->elts; @@ -640,14 +640,14 @@ AP_DECLARE(char **) ap_create_environment(apr_pool_t *p, apr_table_t *t) if (!apr_table_get(t, "TZ")) { tz = getenv("TZ"); if (tz != NULL) { - env[j++] = apr_pstrcat(p, "TZ=", tz, NULL); + env[j++] = apr_pstrcat(p, "TZ=", tz, (char *)NULL); } } for (i = 0; i < env_arr->nelts; ++i) { if (!elts[i].key) { continue; } - env[j] = apr_pstrcat(p, elts[i].key, "=", elts[i].val, NULL); + env[j] = apr_pstrcat(p, elts[i].key, "=", elts[i].val, (char *)NULL); whack = env[j]; if (apr_isdigit(*whack)) { *whack++ = '_'; @@ -696,7 +696,7 @@ AP_DECLARE(int) ap_find_path_info(const char *uri, const char *path_info) */ static char *original_uri(request_rec *r) { - char *first, *last; + const char *first, *last; if (r->the_request == NULL) { return (char *) apr_pcalloc(r->pool, 1); @@ -780,10 +780,10 @@ AP_DECLARE(void) ap_add_cgi_vars(request_rec *r) AP_DECLARE(void) ap_add_common_vars(request_rec *r) { apr_table_t *e; - server_rec *s = r->server; + const server_rec *s = r->server; conn_rec *c = r->connection; //const char *rem_logname; - char *env_path; + const char *env_path; #if defined(WIN32) || defined(OS2) || defined(BEOS) char *env_temp; #endif @@ -914,7 +914,7 @@ AP_DECLARE(void) ap_add_common_vars(request_rec *r) apr_table_addn(e, "REMOTE_USER", r->user); } else if (r->prev) { - request_rec *back = r->prev; + const request_rec *back = r->prev; while (back) { if (back->user) { @@ -957,45 +957,56 @@ unixd_config_rec ap_unixd_config; #endif const char *ap_server_argv0 = "nginx"; + #ifdef HAVE_GETPWNAM AP_DECLARE(uid_t) ap_uname2id(const char *name) { - struct passwd *ent; + struct passwd pwd; + struct passwd *result; + char buf[4096]; + int s; if (name[0] == '#') return (atoi(&name[1])); - if (!(ent = getpwnam(name))) { + s = getpwnam_r(name, &pwd, buf, sizeof(buf), &result); + + if (s != 0 || result == NULL) { ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL, "%s: bad user name %s", ap_server_argv0, name); exit(1); } - return (ent->pw_uid); + return (result->pw_uid); } #endif #ifdef HAVE_GETGRNAM AP_DECLARE(gid_t) ap_gname2id(const char *name) { - struct group *ent; + struct group grp; + struct group *result; + char buf[4096]; + int s; if (name[0] == '#') return (atoi(&name[1])); - if (!(ent = getgrnam(name))) { + s = getgrnam_r(name, &grp, buf, sizeof(buf), &result); + + if (s != 0 || result == NULL) { ap_log_error(APLOG_MARK, APLOG_STARTUP, 0, NULL, "%s: bad group name %s", ap_server_argv0, name); exit(1); } - return (ent->gr_gid); + return (result->gr_gid); } #endif AP_DECLARE(void) unixd_pre_config(apr_pool_t *ptemp) { - apr_finfo_t wrapper; + //apr_finfo_t wrapper; #if AP_SERVER_MAJORVERSION_NUMBER > 1 && AP_SERVER_MINORVERSION_NUMBER < 3 unixd_config.user_name = DEFAULT_USER; @@ -1123,9 +1134,9 @@ AP_DECLARE(apr_status_t) ap_unixd_set_proc_mutex_perms(apr_proc_mutex_t *pmutex) apr_os_proc_mutex_t ospmutex; #if !APR_HAVE_UNION_SEMUN union semun { - long val; + //long val; struct semid_ds *buf; - unsigned short *array; + //unsigned short *array; }; #endif union semun ick; diff --git a/tests/cppcheck_suppressions.txt b/tests/cppcheck_suppressions.txt new file mode 100644 index 0000000000..5b1693f542 --- /dev/null +++ b/tests/cppcheck_suppressions.txt @@ -0,0 +1,22 @@ +normalCheckLevelMaxBranches +checkersReport + +unusedFunction +missingIncludeSystem +useStlAlgorithm +preprocessorErrorDirective +funcArgNamesDifferent +missingInclude + +purgedConfiguration + +nullPointerRedundantCheck +knownConditionTrueFalse +cstyleCast +functionStatic +shadowFunction + +stlcstrConstructor +stlcstrStream +uselessCallsSubstr +unmatchedSuppression \ No newline at end of file From d525ac7c71c0625b9eae93340b05996217f2d0b7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Heged=C3=BCs=20D=C3=A1vid=20Marcell?= Date: Thu, 29 Jan 2026 15:29:15 +0100 Subject: [PATCH 02/25] add missing httpd dependency --- .github/workflows/ci.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 5d6fcd5506..796bdbfa16 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -146,7 +146,9 @@ jobs: brew install autoconf \ automake \ libtool \ - cppcheck + cppcheck \ + httpd + echo "$(brew --prefix httpd)/bin" >> $GITHUB_PATH - uses: actions/checkout@v4 with: submodules: false From 2c83f519ac0759519683d6cf51c1783f50b48506 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Heged=C3=BCs=20D=C3=A1vid=20Marcell?= Date: Thu, 29 Jan 2026 15:35:20 +0100 Subject: [PATCH 03/25] set APSX path --- .github/workflows/ci.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 796bdbfa16..8ca4816eaf 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -148,7 +148,8 @@ jobs: libtool \ cppcheck \ httpd - echo "$(brew --prefix httpd)/bin" >> $GITHUB_PATH + APXS_PATH=$(brew --prefix httpd)/bin/apxs + ./configure --with-apxs=$APXS_PATH - uses: actions/checkout@v4 with: submodules: false From a4a6a9a6ed123ede532dc63e8129286ccd8cc72e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Heged=C3=BCs=20D=C3=A1vid=20Marcell?= Date: Thu, 29 Jan 2026 15:38:15 +0100 Subject: [PATCH 04/25] fixing configure order --- .github/workflows/ci.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 8ca4816eaf..5060185d75 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -149,7 +149,6 @@ jobs: cppcheck \ httpd APXS_PATH=$(brew --prefix httpd)/bin/apxs - ./configure --with-apxs=$APXS_PATH - uses: actions/checkout@v4 with: submodules: false @@ -157,6 +156,6 @@ jobs: - name: configure run: | ./autogen.sh - ./configure + ./configure --with-apxs=$APXS_PATH - name: cppcheck run: make check-static \ No newline at end of file From 68e1c5652588ea15d2f8d39a18a665a6f4556300 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Heged=C3=BCs=20D=C3=A1vid=20Marcell?= Date: Thu, 29 Jan 2026 15:41:26 +0100 Subject: [PATCH 05/25] set path in correct task --- .github/workflows/ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 5060185d75..8cbe30a58e 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -148,13 +148,13 @@ jobs: libtool \ cppcheck \ httpd - APXS_PATH=$(brew --prefix httpd)/bin/apxs - uses: actions/checkout@v4 with: submodules: false fetch-depth: 0 - name: configure run: | + APXS_PATH=$(brew --prefix httpd)/bin/apxs ./autogen.sh ./configure --with-apxs=$APXS_PATH - name: cppcheck From e90fb94dab37ab720b88a936cf0bf486fd0e4c1d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Heged=C3=BCs=20D=C3=A1vid=20Marcell?= Date: Thu, 29 Jan 2026 15:46:05 +0100 Subject: [PATCH 06/25] adding pcre2 library dependency --- .github/workflows/ci.yml | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 8cbe30a58e..352416e650 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -147,7 +147,9 @@ jobs: automake \ libtool \ cppcheck \ - httpd + httpd \ + pcre2 \ + pkg-config - uses: actions/checkout@v4 with: submodules: false @@ -155,7 +157,8 @@ jobs: - name: configure run: | APXS_PATH=$(brew --prefix httpd)/bin/apxs + PCRE2_PATH=$(brew --prefix pcre2) ./autogen.sh - ./configure --with-apxs=$APXS_PATH + ./configure --with-apxs=$APXS_PATH --with-pcre2=$PCRE2_PATH - name: cppcheck run: make check-static \ No newline at end of file From ad499a3c6f075a2c45e20ca55c8b6d1c3aa684f6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Heged=C3=BCs=20D=C3=A1vid=20Marcell?= Date: Thu, 29 Jan 2026 15:52:30 +0100 Subject: [PATCH 07/25] adding apr library dependency --- .github/workflows/ci.yml | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 352416e650..e512ad9d35 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -149,7 +149,9 @@ jobs: cppcheck \ httpd \ pcre2 \ - pkg-config + pkg-config \ + apr \ + apr-util - uses: actions/checkout@v4 with: submodules: false @@ -158,7 +160,13 @@ jobs: run: | APXS_PATH=$(brew --prefix httpd)/bin/apxs PCRE2_PATH=$(brew --prefix pcre2) + APR_PATH=$(brew --prefix apr) + APU_PATH=$(brew --prefix apr-util) ./autogen.sh - ./configure --with-apxs=$APXS_PATH --with-pcre2=$PCRE2_PATH + ./configure \ + --with-apxs=$APXS_PATH \ + --with-pcre2=$PCRE2_PATH \ + --with-apr=$APR_PATH \ + --with-apr-util=$APU_PATH - name: cppcheck run: make check-static \ No newline at end of file From 4d4b351010ad62d62c46c7d2dff71181cb2683e8 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Heged=C3=BCs=20D=C3=A1vid=20Marcell?= Date: Thu, 29 Jan 2026 15:58:27 +0100 Subject: [PATCH 08/25] adding more dependencies --- .github/workflows/ci.yml | 16 ++++++++++++++-- 1 file changed, 14 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index e512ad9d35..26104dd2d2 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -151,7 +151,11 @@ jobs: pcre2 \ pkg-config \ apr \ - apr-util + apr-util \ + libxml2 \ + lua \ + yajl \ + ssdeep - uses: actions/checkout@v4 with: submodules: false @@ -162,11 +166,19 @@ jobs: PCRE2_PATH=$(brew --prefix pcre2) APR_PATH=$(brew --prefix apr) APU_PATH=$(brew --prefix apr-util) + XML_PATH=$(brew --prefix libxml2) + LUA_PATH=$(brew --prefix lua) + YAJL_PATH=$(brew --prefix yajl) + SSDEEP_PATH=$(brew --prefix ssdeep) ./autogen.sh ./configure \ --with-apxs=$APXS_PATH \ --with-pcre2=$PCRE2_PATH \ --with-apr=$APR_PATH \ - --with-apr-util=$APU_PATH + --with-apu=$APU_PATH \ + --with-libxml=$XML_PATH \ + --with-lua=$LUA_PATH \ + --with-yajl=$YAJL_PATH \ + --with-ssdeep=$SSDEEP_PATH - name: cppcheck run: make check-static \ No newline at end of file From f10533dda2599014d6a97f49161f96d975eb9a5e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Heged=C3=BCs=20D=C3=A1vid=20Marcell?= Date: Thu, 29 Jan 2026 16:04:19 +0100 Subject: [PATCH 09/25] removing nproc command --- Makefile.am | 1 - 1 file changed, 1 deletion(-) diff --git a/Makefile.am b/Makefile.am index a8d82199f6..ac81faa38a 100755 --- a/Makefile.am +++ b/Makefile.am @@ -41,7 +41,6 @@ test-regression-nginx: cppcheck: @cppcheck \ - -j `nproc` \ --enable=all \ --force \ --verbose \ From 29bb9f967becfbd05dd8387b3ae826c279accb8e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Heged=C3=BCs=20D=C3=A1vid=20Marcell?= Date: Thu, 29 Jan 2026 16:12:57 +0100 Subject: [PATCH 10/25] configuring macro --- Makefile.am | 3 +++ standalone/api.c | 4 ++-- 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/Makefile.am b/Makefile.am index ac81faa38a..ba4ee58663 100755 --- a/Makefile.am +++ b/Makefile.am @@ -46,6 +46,9 @@ cppcheck: --verbose \ --library=gnu \ --library=posix \ + -D"AP_DECLARE(x)=x" \ + -D"AP_DECLARE_NONSTD(x)=x" \ + -D"AP_DECLARE_DATA= " \ -I ./apache2 \ -I /usr/include/apache2 \ -I /usr/include/apr-1.0 \ diff --git a/standalone/api.c b/standalone/api.c index aaf6db4113..e3c4118c17 100644 --- a/standalone/api.c +++ b/standalone/api.c @@ -171,7 +171,7 @@ server_rec *modsecInit() { return server; } -apr_status_t ap_http_in_filter(ap_filter_t *f, apr_bucket_brigade *bb_out, +static apr_status_t ap_http_in_filter(ap_filter_t *f, apr_bucket_brigade *bb_out, ap_input_mode_t mode, apr_read_type_e block, apr_off_t readbytes) { char *tmp = NULL; @@ -226,7 +226,7 @@ apr_status_t ap_http_in_filter(ap_filter_t *f, apr_bucket_brigade *bb_out, return APR_SUCCESS; } -apr_status_t ap_http_out_filter(ap_filter_t *f, apr_bucket_brigade *b) { +static apr_status_t ap_http_out_filter(ap_filter_t *f, apr_bucket_brigade *b) { apr_bucket_brigade *bb_out = (apr_bucket_brigade *)f->ctx; APR_BRIGADE_CONCAT(bb_out, b); From 78b9282910f10f059b2b9f0b471ff2d18c4696b7 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Heged=C3=BCs=20D=C3=A1vid=20Marcell?= Date: Thu, 29 Jan 2026 16:32:18 +0100 Subject: [PATCH 11/25] suppressing staticFunction --- .github/workflows/ci.yml | 5 ++++- Makefile.am | 4 +--- standalone/api.c | 4 ++-- standalone/filters.c | 2 +- standalone/server.c | 3 +-- tests/cppcheck_suppressions.txt | 1 + 6 files changed, 10 insertions(+), 9 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 26104dd2d2..7c6980384d 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -163,6 +163,8 @@ jobs: - name: configure run: | APXS_PATH=$(brew --prefix httpd)/bin/apxs + HTTPD_PREFIX=$(brew --prefix httpd) + HTTPD_INCLUDES="$HTTPD_PREFIX/include/httpd" PCRE2_PATH=$(brew --prefix pcre2) APR_PATH=$(brew --prefix apr) APU_PATH=$(brew --prefix apr-util) @@ -179,6 +181,7 @@ jobs: --with-libxml=$XML_PATH \ --with-lua=$LUA_PATH \ --with-yajl=$YAJL_PATH \ - --with-ssdeep=$SSDEEP_PATH + --with-ssdeep=$SSDEEP_PATH \ + CPPFLAGS="-I$HTTPD_INCLUDES" - name: cppcheck run: make check-static \ No newline at end of file diff --git a/Makefile.am b/Makefile.am index ba4ee58663..05e55c5382 100755 --- a/Makefile.am +++ b/Makefile.am @@ -46,9 +46,7 @@ cppcheck: --verbose \ --library=gnu \ --library=posix \ - -D"AP_DECLARE(x)=x" \ - -D"AP_DECLARE_NONSTD(x)=x" \ - -D"AP_DECLARE_DATA= " \ + -I ./apache2 \ -I /usr/include/apache2 \ -I /usr/include/apr-1.0 \ diff --git a/standalone/api.c b/standalone/api.c index e3c4118c17..aaf6db4113 100644 --- a/standalone/api.c +++ b/standalone/api.c @@ -171,7 +171,7 @@ server_rec *modsecInit() { return server; } -static apr_status_t ap_http_in_filter(ap_filter_t *f, apr_bucket_brigade *bb_out, +apr_status_t ap_http_in_filter(ap_filter_t *f, apr_bucket_brigade *bb_out, ap_input_mode_t mode, apr_read_type_e block, apr_off_t readbytes) { char *tmp = NULL; @@ -226,7 +226,7 @@ static apr_status_t ap_http_in_filter(ap_filter_t *f, apr_bucket_brigade *bb_out return APR_SUCCESS; } -static apr_status_t ap_http_out_filter(ap_filter_t *f, apr_bucket_brigade *b) { +apr_status_t ap_http_out_filter(ap_filter_t *f, apr_bucket_brigade *b) { apr_bucket_brigade *bb_out = (apr_bucket_brigade *)f->ctx; APR_BRIGADE_CONCAT(bb_out, b); diff --git a/standalone/filters.c b/standalone/filters.c index ef0825e8dc..1fece2eb3a 100644 --- a/standalone/filters.c +++ b/standalone/filters.c @@ -210,7 +210,7 @@ AP_DECLARE(ap_filter_t *) ap_add_output_filter(const char *name, void *ctx, r ? &r->proto_output_filters : NULL, &c->output_filters); } -static void remove_any_filter(ap_filter_t *f, ap_filter_t **r_filt, ap_filter_t **p_filt, +static void remove_any_filter(const ap_filter_t *f, ap_filter_t **r_filt, ap_filter_t **p_filt, ap_filter_t **c_filt) { ap_filter_t **curr = r_filt ? r_filt : c_filt; diff --git a/standalone/server.c b/standalone/server.c index bff72da9cd..e753b45d4d 100644 --- a/standalone/server.c +++ b/standalone/server.c @@ -633,12 +633,11 @@ AP_DECLARE(char **) ap_create_environment(apr_pool_t *p, const apr_table_t *t) const apr_table_entry_t *elts = (const apr_table_entry_t *) env_arr->elts; char **env = (char **) apr_palloc(p, (env_arr->nelts + 2) * sizeof(char *)); int i, j; - char *tz; char *whack; j = 0; if (!apr_table_get(t, "TZ")) { - tz = getenv("TZ"); + char * tz = getenv("TZ"); if (tz != NULL) { env[j++] = apr_pstrcat(p, "TZ=", tz, (char *)NULL); } diff --git a/tests/cppcheck_suppressions.txt b/tests/cppcheck_suppressions.txt index 5b1693f542..2e55301a00 100644 --- a/tests/cppcheck_suppressions.txt +++ b/tests/cppcheck_suppressions.txt @@ -1,5 +1,6 @@ normalCheckLevelMaxBranches checkersReport +staticFunction unusedFunction missingIncludeSystem From 7d5ad80f0d24c3e31937e4ee00acabdbcf2d6819 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Heged=C3=BCs=20D=C3=A1vid=20Marcell?= Date: Thu, 29 Jan 2026 16:40:55 +0100 Subject: [PATCH 12/25] fixing Makefile.in missing --- Makefile.am | 1 - autogen.sh | 2 +- 2 files changed, 1 insertion(+), 2 deletions(-) diff --git a/Makefile.am b/Makefile.am index 05e55c5382..ac81faa38a 100755 --- a/Makefile.am +++ b/Makefile.am @@ -46,7 +46,6 @@ cppcheck: --verbose \ --library=gnu \ --library=posix \ - -I ./apache2 \ -I /usr/include/apache2 \ -I /usr/include/apr-1.0 \ diff --git a/autogen.sh b/autogen.sh index 3d51987ae4..79f8bb866a 100755 --- a/autogen.sh +++ b/autogen.sh @@ -9,7 +9,7 @@ rm -rf autom4te.cache rm -f aclocal.m4 case `uname` in Darwin*) glibtoolize --force --copy ;; *) libtoolize --force --copy ;; esac -autoreconf --install +autoreconf --install --force autoheader automake --add-missing --foreign --copy --force-missing autoconf --force From 50e46492a28783d22233cb0c0218ae2e102f4d68 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Heged=C3=BCs=20D=C3=A1vid=20Marcell?= Date: Fri, 30 Jan 2026 11:50:33 +0100 Subject: [PATCH 13/25] adding missing path --- .github/workflows/ci.yml | 10 +++++++++- Makefile.am | 3 +++ 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 7c6980384d..a7d0d789a1 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -184,4 +184,12 @@ jobs: --with-ssdeep=$SSDEEP_PATH \ CPPFLAGS="-I$HTTPD_INCLUDES" - name: cppcheck - run: make check-static \ No newline at end of file + run: | + APXS_BIN=$(brew --prefix httpd)/bin/apxs + VAL_APACHE_INC=$($APXS_BIN -q INCLUDEDIR) + VAL_APR_INC=$($APXS_BIN -q APR_INCLUDEDIR) + VAL_APU_INC=$($APXS_BIN -q APU_INCLUDEDIR) + make check-static \ + APACHE_INCLUDES="$VAL_APACHE_INC" \ + APR_INCLUDES="$VAL_APR_INC" \ + APU_INCLUDES="$VAL_APU_INC" \ No newline at end of file diff --git a/Makefile.am b/Makefile.am index ac81faa38a..52fa7dece2 100755 --- a/Makefile.am +++ b/Makefile.am @@ -56,6 +56,9 @@ cppcheck: --inconclusive \ --template="warning: {file},{line},{severity},{id},{message}" \ --error-exitcode=1 \ + -I "$(APACHE_INCLUDES)" \ + -I "$(APR_INCLUDES)" \ + -I "$(APU_INCLUDES)" \ standalone/ check-static: cppcheck From 3a62fd8eb909171f4aec83ac9fb33e35ea68875b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Heged=C3=BCs=20D=C3=A1vid=20Marcell?= Date: Fri, 30 Jan 2026 15:10:48 +0100 Subject: [PATCH 14/25] replace mcosx to ubuntu --- .github/workflows/ci.yml | 37 +++++++------------------------------ 1 file changed, 7 insertions(+), 30 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index a7d0d789a1..0651cfd25d 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -139,11 +139,14 @@ jobs: run: make test-regression cppcheck: - runs-on: [macos-14] + runs-on: [ubuntu-24.04] + container: + image: neszt/cppcheck-docker:latest steps: - name: Setup Dependencies run: | - brew install autoconf \ + apt update -y -qq + apt install -y autoconf \ automake \ libtool \ cppcheck \ @@ -162,34 +165,8 @@ jobs: fetch-depth: 0 - name: configure run: | - APXS_PATH=$(brew --prefix httpd)/bin/apxs - HTTPD_PREFIX=$(brew --prefix httpd) - HTTPD_INCLUDES="$HTTPD_PREFIX/include/httpd" - PCRE2_PATH=$(brew --prefix pcre2) - APR_PATH=$(brew --prefix apr) - APU_PATH=$(brew --prefix apr-util) - XML_PATH=$(brew --prefix libxml2) - LUA_PATH=$(brew --prefix lua) - YAJL_PATH=$(brew --prefix yajl) - SSDEEP_PATH=$(brew --prefix ssdeep) ./autogen.sh - ./configure \ - --with-apxs=$APXS_PATH \ - --with-pcre2=$PCRE2_PATH \ - --with-apr=$APR_PATH \ - --with-apu=$APU_PATH \ - --with-libxml=$XML_PATH \ - --with-lua=$LUA_PATH \ - --with-yajl=$YAJL_PATH \ - --with-ssdeep=$SSDEEP_PATH \ - CPPFLAGS="-I$HTTPD_INCLUDES" + ./configure - name: cppcheck run: | - APXS_BIN=$(brew --prefix httpd)/bin/apxs - VAL_APACHE_INC=$($APXS_BIN -q INCLUDEDIR) - VAL_APR_INC=$($APXS_BIN -q APR_INCLUDEDIR) - VAL_APU_INC=$($APXS_BIN -q APU_INCLUDEDIR) - make check-static \ - APACHE_INCLUDES="$VAL_APACHE_INC" \ - APR_INCLUDES="$VAL_APR_INC" \ - APU_INCLUDES="$VAL_APU_INC" \ No newline at end of file + make check-static From fbeb9a0342c96b8a2c8f2478383901bbe41a7374 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Heged=C3=BCs=20D=C3=A1vid=20Marcell?= Date: Fri, 30 Jan 2026 15:12:27 +0100 Subject: [PATCH 15/25] replace apt to apt-get --- .github/workflows/ci.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 0651cfd25d..f015796c56 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -145,8 +145,8 @@ jobs: steps: - name: Setup Dependencies run: | - apt update -y -qq - apt install -y autoconf \ + apt-get update -y -qq + apt-get install -y autoconf \ automake \ libtool \ cppcheck \ From 75c48badb55faa8afda73e7f3d177f39eb2b691a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Heged=C3=BCs=20D=C3=A1vid=20Marcell?= Date: Fri, 30 Jan 2026 15:14:18 +0100 Subject: [PATCH 16/25] adding sudo to apt commands --- .github/workflows/ci.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index f015796c56..ffc324b972 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -145,8 +145,8 @@ jobs: steps: - name: Setup Dependencies run: | - apt-get update -y -qq - apt-get install -y autoconf \ + sudo apt-get update -y -qq + sudo apt-get install -y autoconf \ automake \ libtool \ cppcheck \ From 7861e49e2a3a55eb5de8835418707b2fc0756ce6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Heged=C3=BCs=20D=C3=A1vid=20Marcell?= Date: Sun, 1 Feb 2026 16:44:36 +0100 Subject: [PATCH 17/25] remove sudo --- .github/workflows/ci.yml | 30 ++++++++++++++++-------------- 1 file changed, 16 insertions(+), 14 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index ffc324b972..348df06a3a 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -145,20 +145,22 @@ jobs: steps: - name: Setup Dependencies run: | - sudo apt-get update -y -qq - sudo apt-get install -y autoconf \ - automake \ - libtool \ - cppcheck \ - httpd \ - pcre2 \ - pkg-config \ - apr \ - apr-util \ - libxml2 \ - lua \ - yajl \ - ssdeep + apt-get update -y -qq + apt-get install -y \ + autoconf \ + automake \ + libtool \ + pkg-config \ + make \ + apache2-dev \ + libpcre2-dev \ + libapr1-dev \ + libaprutil1-dev \ + libxml2-dev \ + liblua5.3-dev \ + libyajl-dev \ + libfuzzy-dev \ + ssdeep - uses: actions/checkout@v4 with: submodules: false From a55637240c719022233f534bdb5e6ddb61cbbcd6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Heged=C3=BCs=20D=C3=A1vid=20Marcell?= Date: Sun, 1 Feb 2026 16:47:48 +0100 Subject: [PATCH 18/25] changing commands to Alpine version --- .github/workflows/ci.yml | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 348df06a3a..3f2c0e97a9 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -145,21 +145,21 @@ jobs: steps: - name: Setup Dependencies run: | - apt-get update -y -qq - apt-get install -y \ + apk update + apk add \ + build-base \ autoconf \ automake \ libtool \ - pkg-config \ - make \ + pkgconf \ apache2-dev \ - libpcre2-dev \ - libapr1-dev \ - libaprutil1-dev \ + pcre2-dev \ + apr-dev \ + apr-util-dev \ libxml2-dev \ - liblua5.3-dev \ - libyajl-dev \ - libfuzzy-dev \ + lua5.3-dev \ + yajl-dev \ + ssdeep-dev \ ssdeep - uses: actions/checkout@v4 with: From 4226924dd84aea8e682ec0d0042a6e127d8d3910 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Heged=C3=BCs=20D=C3=A1vid=20Marcell?= Date: Sun, 1 Feb 2026 16:48:56 +0100 Subject: [PATCH 19/25] removing ssdeep --- .github/workflows/ci.yml | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 3f2c0e97a9..cfec8e8465 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -158,9 +158,7 @@ jobs: apr-util-dev \ libxml2-dev \ lua5.3-dev \ - yajl-dev \ - ssdeep-dev \ - ssdeep + yajl-dev - uses: actions/checkout@v4 with: submodules: false From f311901e8cad4318d5d80423629944be16ddf8e6 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Heged=C3=BCs=20D=C3=A1vid=20Marcell?= Date: Sun, 1 Feb 2026 17:04:15 +0100 Subject: [PATCH 20/25] using Debian instead of Alpine --- .github/workflows/ci.yml | 38 ++++++++++++++++++++++++++------------ Makefile.am | 9 ++++----- 2 files changed, 30 insertions(+), 17 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index cfec8e8465..4a556cf425 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -141,24 +141,29 @@ jobs: cppcheck: runs-on: [ubuntu-24.04] container: - image: neszt/cppcheck-docker:latest + image: debian:sid steps: - name: Setup Dependencies run: | - apk update - apk add \ - build-base \ + apt-get update -y -qq + apt-get install -y --no-install-recommends\ + build-essential \ autoconf \ automake \ libtool \ - pkgconf \ + pkg-config \ + cppcheck \ apache2-dev \ - pcre2-dev \ - apr-dev \ - apr-util-dev \ + libpcre2-dev \ + libapr1-dev \ + libaprutil1-dev \ libxml2-dev \ - lua5.3-dev \ - yajl-dev + liblua5.3-dev \ + libyajl-dev \ + libfuzzy-dev \ + ssdeep \ + curl \ + ca-certificates - uses: actions/checkout@v4 with: submodules: false @@ -166,7 +171,16 @@ jobs: - name: configure run: | ./autogen.sh - ./configure + ./configure --with-apxs=/usr/bin/apxs - name: cppcheck run: | - make check-static + APXS_BIN=/usr/bin/apxs + VAL_APACHE_INC=$($APXS_BIN -q INCLUDEDIR) + VAL_APR_INC=$($APXS_BIN -q APR_INCLUDEDIR) + VAL_APU_INC=$($APXS_BIN -q APU_INCLUDEDIR) + + make check-static \ + APACHE_INCLUDES="$VAL_APACHE_INC" \ + APR_INCLUDES="$VAL_APR_INC" \ + APU_INCLUDES="$VAL_APU_INC" + diff --git a/Makefile.am b/Makefile.am index 52fa7dece2..2c7a3b5cbe 100755 --- a/Makefile.am +++ b/Makefile.am @@ -41,22 +41,21 @@ test-regression-nginx: cppcheck: @cppcheck \ + -j `getconf _NPROCESSORS_ONLN 2>/dev/null || sysctl -n hw.ncpu || echo 1` \ --enable=all \ --force \ --verbose \ --library=gnu \ --library=posix \ - -I ./apache2 \ - -I /usr/include/apache2 \ - -I /usr/include/apr-1.0 \ - -I /usr/include/libxml2 \ --std=c++17 \ --suppressions-list=./tests/cppcheck_suppressions.txt \ --inline-suppr \ --inconclusive \ --template="warning: {file},{line},{severity},{id},{message}" \ --error-exitcode=1 \ - -I "$(APACHE_INCLUDES)" \ + -I ./apache2 \ + -I /usr/include/libxml2 \ + -I "$(APACHE_INCLUDES)" \ -I "$(APR_INCLUDES)" \ -I "$(APU_INCLUDES)" \ standalone/ From 30cca1ebd3c045fc5f72b13f03db408cf0e8a9ba Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Heged=C3=BCs=20D=C3=A1vid=20Marcell?= Date: Sun, 1 Feb 2026 17:09:14 +0100 Subject: [PATCH 21/25] fixing apt-get install command line --- .github/workflows/ci.yml | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 4a556cf425..6b2959c116 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -146,8 +146,7 @@ jobs: - name: Setup Dependencies run: | apt-get update -y -qq - apt-get install -y --no-install-recommends\ - build-essential \ + apt-get install -y --no-install-recommends build-essential \ autoconf \ automake \ libtool \ From e41306c6fa023d0811d9dbc7930655782488f234 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Heged=C3=BCs=20D=C3=A1vid=20Marcell?= Date: Sun, 1 Feb 2026 18:27:58 +0100 Subject: [PATCH 22/25] fixing conflicting type warnings --- .github/workflows/ci.yml | 10 +--------- Makefile.am | 10 +++++----- standalone/server.c | 14 +++++++------- 3 files changed, 13 insertions(+), 21 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 6b2959c116..b76d6dd3d3 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -173,13 +173,5 @@ jobs: ./configure --with-apxs=/usr/bin/apxs - name: cppcheck run: | - APXS_BIN=/usr/bin/apxs - VAL_APACHE_INC=$($APXS_BIN -q INCLUDEDIR) - VAL_APR_INC=$($APXS_BIN -q APR_INCLUDEDIR) - VAL_APU_INC=$($APXS_BIN -q APU_INCLUDEDIR) - - make check-static \ - APACHE_INCLUDES="$VAL_APACHE_INC" \ - APR_INCLUDES="$VAL_APR_INC" \ - APU_INCLUDES="$VAL_APU_INC" + make check-static diff --git a/Makefile.am b/Makefile.am index 2c7a3b5cbe..45589dd08e 100755 --- a/Makefile.am +++ b/Makefile.am @@ -48,16 +48,16 @@ cppcheck: --library=gnu \ --library=posix \ --std=c++17 \ + -I ./apache2 \ + -I /usr/include/libxml2 \ + -I @APXS_INCLUDEDIR@ \ + -I @APR_INCLUDEDIR@ \ + -I @APU_INCLUDEDIR@ \ --suppressions-list=./tests/cppcheck_suppressions.txt \ --inline-suppr \ --inconclusive \ --template="warning: {file},{line},{severity},{id},{message}" \ --error-exitcode=1 \ - -I ./apache2 \ - -I /usr/include/libxml2 \ - -I "$(APACHE_INCLUDES)" \ - -I "$(APR_INCLUDES)" \ - -I "$(APU_INCLUDES)" \ standalone/ check-static: cppcheck diff --git a/standalone/server.c b/standalone/server.c index e753b45d4d..5ecf89efa1 100644 --- a/standalone/server.c +++ b/standalone/server.c @@ -248,17 +248,17 @@ AP_DECLARE(char *) ap_escape_html(apr_pool_t *p, const char *s) } #endif -AP_DECLARE(const char *) ap_psignature(const char *prefix, const request_rec *r) +AP_DECLARE(const char *) ap_psignature(const char *prefix, request_rec *r) // cppcheck-suppress constParameterPointer { return prefix; } -AP_DECLARE(const char *) ap_document_root(const request_rec *r) /* Don't use this! */ +AP_DECLARE(const char *) ap_document_root(request_rec *r) /* Don't use this! */ // cppcheck-suppress constParameterPointer { return "\\"; } -AP_DECLARE(apr_port_t) ap_get_server_port(const request_rec *r) +AP_DECLARE(apr_port_t) ap_get_server_port(const request_rec *r) // cppcheck-suppress constParameterPointer { return 80; } @@ -378,7 +378,7 @@ AP_DECLARE(const char *) ap_get_server_name(request_rec *r) return r->server->server_hostname; } -AP_DECLARE(void) ap_add_version_component(const apr_pool_t *pconf, const char *component) +AP_DECLARE(void) ap_add_version_component(apr_pool_t *pconf, const char *component) // cppcheck-suppress constParameterPointer { // appends string to server description string // @@ -408,7 +408,7 @@ AP_DECLARE(worker_score *) ap_get_scoreboard_worker_from_indexes(int x, int y) return &ap_scoreboard_image->servers[x][y]; } -AP_DECLARE(worker_score *) ap_get_scoreboard_worker(const ap_sb_handle_t *sbh) +AP_DECLARE(worker_score *) ap_get_scoreboard_worker(ap_sb_handle_t *sbh) // cppcheck-suppress constParameterPointer { //if (!sbh) // return NULL; @@ -615,13 +615,13 @@ AP_DECLARE(char *) ap_server_root_relative(apr_pool_t *p, const char *file) } } -AP_DECLARE(piped_log *) ap_open_piped_log(const apr_pool_t *p, const char *program) +AP_DECLARE(piped_log *) ap_open_piped_log(apr_pool_t *p, const char *program) // cppcheck-suppress constParameterPointer { return NULL; } #if AP_SERVER_MAJORVERSION_NUMBER > 1 && AP_SERVER_MINORVERSION_NUMBER > 3 -AP_DECLARE(apr_file_t *) ap_piped_log_write_fd(const piped_log *pl) +AP_DECLARE(apr_file_t *) ap_piped_log_write_fd(piped_log *pl) // cppcheck-suppress constParameterPointer { return NULL; } From 5a4172a991e36e591711526e274fb658ce683ceb Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Heged=C3=BCs=20D=C3=A1vid=20Marcell?= Date: Mon, 2 Feb 2026 15:19:39 +0100 Subject: [PATCH 23/25] fixing code smells based on SonarQube --- standalone/api.h | 4 ++-- standalone/main.cpp | 6 +++--- standalone/server.c | 3 ++- 3 files changed, 7 insertions(+), 6 deletions(-) diff --git a/standalone/api.h b/standalone/api.h index 2a43ac5f95..6aecf941c7 100644 --- a/standalone/api.h +++ b/standalone/api.h @@ -87,7 +87,7 @@ void modsecSetLogHook(void *obj, void (*hook)(void *obj, int level, char *str)); static inline void modsecSetBodyBrigade(request_rec *r, apr_bucket_brigade *b) { #ifdef __cplusplus - apr_table_setn(r->notes, NOTE_MSR_BRIGADE_REQUEST, reinterpret_cast(b)); + apr_table_setn(r->notes, NOTE_MSR_BRIGADE_REQUEST, dynamic_cast(b)); //NOSONAR #else apr_table_setn(r->notes, NOTE_MSR_BRIGADE_REQUEST, (char *)b); #endif @@ -106,7 +106,7 @@ static inline apr_bucket_brigade * modsecGetBodyBrigade(const request_rec *r) { static inline void modsecSetResponseBrigade(request_rec *r, apr_bucket_brigade *b) { #ifdef __cplusplus - apr_table_setn(r->notes, NOTE_MSR_BRIGADE_RESPONSE, reinterpret_cast(b)); + apr_table_setn(r->notes, NOTE_MSR_BRIGADE_RESPONSE, dynamic_cast(b)); //NOSONAR #else apr_table_setn(r->notes, NOTE_MSR_BRIGADE_RESPONSE, (char *)b); #endif diff --git a/standalone/main.cpp b/standalone/main.cpp index 7117a28bb9..5afb118950 100644 --- a/standalone/main.cpp +++ b/standalone/main.cpp @@ -144,7 +144,7 @@ void parseargs(int argc, char *argv[]) } } -void log(const void *obj, int level, const char *str) +void log(const void *obj, int level, const char *str) //NOSONAR { printf("%s\n", str); } @@ -265,7 +265,7 @@ void main(int argc, char *argv[]) if(url_file != NULL) { FILE *fr = fopen(url_file, "rb"); - if(fr != NULL){ + if(fr != nullptr){ int i = 0; while(fgets(urls[i],4096,fr) != NULL) { @@ -321,7 +321,7 @@ void main(int argc, char *argv[]) char *method = event_file_lines[j]; char *url = strchr(method, 32); - char *proto = NULL; + char *proto = nullptr; if(*(url + 1) != '\0') proto = strchr(url + 1, 32); diff --git a/standalone/server.c b/standalone/server.c index 5ecf89efa1..22d5c67148 100644 --- a/standalone/server.c +++ b/standalone/server.c @@ -695,7 +695,8 @@ AP_DECLARE(int) ap_find_path_info(const char *uri, const char *path_info) */ static char *original_uri(request_rec *r) { - const char *first, *last; + const char *first; + const char *last; if (r->the_request == NULL) { return (char *) apr_pcalloc(r->pool, 1); From 9bc9d34644d75123c64a95bbcaafd6847b5008a0 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Heged=C3=BCs=20D=C3=A1vid=20Marcell?= Date: Mon, 2 Feb 2026 15:23:43 +0100 Subject: [PATCH 24/25] revert to reinterpret_cast --- standalone/api.h | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/standalone/api.h b/standalone/api.h index 6aecf941c7..fbed33a16d 100644 --- a/standalone/api.h +++ b/standalone/api.h @@ -87,7 +87,7 @@ void modsecSetLogHook(void *obj, void (*hook)(void *obj, int level, char *str)); static inline void modsecSetBodyBrigade(request_rec *r, apr_bucket_brigade *b) { #ifdef __cplusplus - apr_table_setn(r->notes, NOTE_MSR_BRIGADE_REQUEST, dynamic_cast(b)); //NOSONAR + apr_table_setn(r->notes, NOTE_MSR_BRIGADE_REQUEST, reinterpret_cast(b)); //NOSONAR #else apr_table_setn(r->notes, NOTE_MSR_BRIGADE_REQUEST, (char *)b); #endif @@ -106,7 +106,7 @@ static inline apr_bucket_brigade * modsecGetBodyBrigade(const request_rec *r) { static inline void modsecSetResponseBrigade(request_rec *r, apr_bucket_brigade *b) { #ifdef __cplusplus - apr_table_setn(r->notes, NOTE_MSR_BRIGADE_RESPONSE, dynamic_cast(b)); //NOSONAR + apr_table_setn(r->notes, NOTE_MSR_BRIGADE_RESPONSE, reinterpret_cast(b)); //NOSONAR #else apr_table_setn(r->notes, NOTE_MSR_BRIGADE_RESPONSE, (char *)b); #endif From ac98225af647f11508e141099b06c82b81cc8e63 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Heged=C3=BCs=20D=C3=A1vid=20Marcell?= Date: Tue, 3 Feb 2026 16:16:47 +0100 Subject: [PATCH 25/25] removing commented codes --- standalone/server.c | 14 +------------- 1 file changed, 1 insertion(+), 13 deletions(-) diff --git a/standalone/server.c b/standalone/server.c index 22d5c67148..c57ff97345 100644 --- a/standalone/server.c +++ b/standalone/server.c @@ -523,8 +523,7 @@ AP_DECLARE(void) ap_str_tolower(char *str) AP_DECLARE(const char *) ap_get_remote_host(conn_rec *conn, void *dir_config, int type, int *str_is_ip) { - //int hostname_lookups = HOSTNAME_LOOKUP_OFF; - int hostname_lookups = 0; + int hostname_lookups = HOSTNAME_LOOKUP_OFF; int ignored_str_is_ip; if (!str_is_ip) { /* caller doesn't want to know */ @@ -1006,8 +1005,6 @@ AP_DECLARE(gid_t) ap_gname2id(const char *name) AP_DECLARE(void) unixd_pre_config(apr_pool_t *ptemp) { - //apr_finfo_t wrapper; - #if AP_SERVER_MAJORVERSION_NUMBER > 1 && AP_SERVER_MINORVERSION_NUMBER < 3 unixd_config.user_name = DEFAULT_USER; unixd_config.user_id = ap_uname2id(DEFAULT_USER); @@ -1019,15 +1016,6 @@ AP_DECLARE(void) unixd_pre_config(apr_pool_t *ptemp) ap_unixd_config.group_id = ap_gname2id(DEFAULT_GROUP); ap_unixd_config.suexec_enabled = 0; #endif - -/* if ((apr_stat(&wrapper, SUEXEC_BIN, - APR_FINFO_NORM, ptemp)) != APR_SUCCESS) { - return; - } - - if ((wrapper.protection & APR_USETID) && wrapper.user == 0) { - unixd_config.suexec_enabled = 1; - }*/ } /* XXX move to APR and externalize (but implement differently :) ) */