From 907d7f8f59e2fbc3b2a412453f08c0e1e5ed124c Mon Sep 17 00:00:00 2001 From: edding3000 Date: Thu, 20 Nov 2025 15:24:05 +0100 Subject: [PATCH 1/8] Use reference in range-based for loop --- src/rules_exceptions.cc | 4 ++-- src/transaction.cc | 4 ++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/src/rules_exceptions.cc b/src/rules_exceptions.cc index 2fb0cf857f..e448256cda 100644 --- a/src/rules_exceptions.cc +++ b/src/rules_exceptions.cc @@ -195,7 +195,7 @@ bool RulesExceptions::contains(int a) { } } - for (auto z : m_ranges) { + for (auto& z : m_ranges) { if (z.first <= a && z.second >= a) { return true; } @@ -212,7 +212,7 @@ bool RulesExceptions::merge(RulesExceptions *from) { return ret; } } - for (auto b : from->m_ranges) { + for (auto& b : from->m_ranges) { bool ret = addRange(b.first, b.second); if (ret == false) { return ret; diff --git a/src/transaction.cc b/src/transaction.cc index 6c8ae9744c..db3a4040cc 100644 --- a/src/transaction.cc +++ b/src/transaction.cc @@ -1700,7 +1700,7 @@ std::string Transaction::toJSON(int parts) { reinterpret_cast("messages"), strlen("messages")); yajl_gen_array_open(g); - for (auto a : m_rulesMessages) { + for (auto& a : m_rulesMessages) { yajl_gen_map_open(g); LOGFY_ADD("message", a.m_message); yajl_gen_string(g, @@ -1721,7 +1721,7 @@ std::string Transaction::toJSON(int parts) { reinterpret_cast("tags"), strlen("tags")); yajl_gen_array_open(g); - for (auto b : a.m_tags) { + for (auto& b : a.m_tags) { yajl_gen_string(g, reinterpret_cast(b.data()), b.length()); From 12671d1f55e3a6449b06d1db7c72e3a25a94d19a Mon Sep 17 00:00:00 2001 From: edding3000 Date: Thu, 20 Nov 2025 15:24:41 +0100 Subject: [PATCH 2/8] Use explicit '*' with auto for pointers --- src/engine/lua.cc | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/engine/lua.cc b/src/engine/lua.cc index 9313a2ec7f..869acefd4b 100644 --- a/src/engine/lua.cc +++ b/src/engine/lua.cc @@ -297,7 +297,7 @@ int Lua::getvars(lua_State *L) { variables::Variable::stringMatchResolveMulti(t, varname, &l); lua_newtable(L); - for (auto i : l) { + for (auto* i : l) { lua_pushnumber(L, idx); lua_newtable(L); From e9bf9ad0e2c4043dc68da276dcc0109e47b066ab Mon Sep 17 00:00:00 2001 From: edding3000 Date: Fri, 21 Nov 2025 10:31:40 +0100 Subject: [PATCH 3/8] Add const modifier to range-based for loops --- src/actions/block.cc | 2 +- .../backend/in_memory-per_process.cc | 2 +- src/engine/lua.cc | 2 +- src/rule_with_actions.cc | 20 +++++++++---------- src/rule_with_operator.cc | 2 +- src/rules_exceptions.cc | 14 ++++++------- src/run_time_string.cc | 2 +- src/transaction.cc | 4 ++-- src/variables/variable.h | 2 +- test/regression/regression.cc | 2 +- test/unit/unit.cc | 6 +++--- 11 files changed, 29 insertions(+), 29 deletions(-) diff --git a/src/actions/block.cc b/src/actions/block.cc index b36540627e..516a45cab4 100644 --- a/src/actions/block.cc +++ b/src/actions/block.cc @@ -32,7 +32,7 @@ namespace actions { bool Block::evaluate(RuleWithActions *rule, Transaction *transaction, RuleMessage &ruleMessage) { ms_dbg_a(transaction, 8, "Marking request as disruptive."); - for (auto &a : transaction->m_rules->m_defaultActions[rule->getPhase()]) { + for (const auto& a : transaction->m_rules->m_defaultActions[rule->getPhase()]) { if (a->isDisruptive() == false) { continue; } diff --git a/src/collection/backend/in_memory-per_process.cc b/src/collection/backend/in_memory-per_process.cc index b16ee843ac..18191ff87a 100644 --- a/src/collection/backend/in_memory-per_process.cc +++ b/src/collection/backend/in_memory-per_process.cc @@ -155,7 +155,7 @@ void InMemoryPerProcess::resolveMultiMatches(const std::string& var, const std::shared_lock lock(m_mutex); // read lock (shared access) if (keySize == 0) { - for (auto &i : m_map) { + for (const auto &i : m_map) { if (ke.toOmit(i.first)) { continue; } diff --git a/src/engine/lua.cc b/src/engine/lua.cc index 869acefd4b..4dd4cb4875 100644 --- a/src/engine/lua.cc +++ b/src/engine/lua.cc @@ -297,7 +297,7 @@ int Lua::getvars(lua_State *L) { variables::Variable::stringMatchResolveMulti(t, varname, &l); lua_newtable(L); - for (auto* i : l) { + for (const auto *i : l) { lua_pushnumber(L, idx); lua_newtable(L); diff --git a/src/rule_with_actions.cc b/src/rule_with_actions.cc index f6642b67e6..df6a064186 100644 --- a/src/rule_with_actions.cc +++ b/src/rule_with_actions.cc @@ -209,7 +209,7 @@ void RuleWithActions::executeActionsIndependentOfChainedRuleResult(Transaction * a->evaluate(this, trans); } - for (auto &b : + for (const auto& b : trans->m_rules->m_exceptions.m_action_pre_update_target_by_id) { if (m_ruleId != b.first) { continue; @@ -262,7 +262,7 @@ void RuleWithActions::executeActionsAfterFullMatch(Transaction *trans, a->evaluate(this, trans, ruleMessage); } - for (auto &b : + for (const auto& b : trans->m_rules->m_exceptions.m_action_pos_update_target_by_id) { if (m_ruleId != b.first) { continue; @@ -373,7 +373,7 @@ void RuleWithActions::executeTransformations( // Notice that first we make sure that won't be a t:none // on the target rule. if (none == 0) { - for (auto &a : trans->m_rules->m_defaultActions[getPhase()]) { + for (const auto& a : trans->m_rules->m_defaultActions[getPhase()]) { if (a->action_kind \ != actions::Action::Kind::RunTimeBeforeMatchAttemptKind) { continue; @@ -400,7 +400,7 @@ void RuleWithActions::executeTransformations( // FIXME: It can't be something different from transformation. Sort this // on rules compile time. - for (auto &b : + for (const auto& b : trans->m_rules->m_exceptions.m_action_pre_update_target_by_id) { if (m_ruleId != b.first) { continue; @@ -412,7 +412,7 @@ void RuleWithActions::executeTransformations( } } - for (auto &b : + for (const auto& b : trans->m_rules->m_exceptions.m_action_pre_update_target_by_id) { if (m_ruleId != b.first) { continue; @@ -442,7 +442,7 @@ void RuleWithActions::executeTransformations( bool RuleWithActions::containsTag(const std::string& name, Transaction *t) { - for (auto &tag : m_actionsTag) { + for (const auto &tag : m_actionsTag) { if (tag != NULL && tag->getName(t) == name) { return true; } @@ -459,17 +459,17 @@ bool RuleWithActions::containsMsg(const std::string& name, Transaction *t) { std::vector RuleWithActions::getActionsByName(const std::string& name, const Transaction *trans) { std::vector ret; - for (auto &z : m_actionsRuntimePos) { + for (const auto &z : m_actionsRuntimePos) { if (*z->m_name.get() == name) { ret.push_back(z); } } - for (auto &z : m_transformations) { + for (const auto& z : m_transformations) { if (*z->m_name.get() == name) { ret.push_back(z); } } - for (auto &b : + for (const auto& b : trans->m_rules->m_exceptions.m_action_pre_update_target_by_id) { if (m_ruleId != b.first) { continue; @@ -479,7 +479,7 @@ std::vector RuleWithActions::getActionsByName(const std::stri ret.push_back(z); } } - for (auto &b : + for (const auto& b : trans->m_rules->m_exceptions.m_action_pos_update_target_by_id) { if (m_ruleId != b.first) { continue; diff --git a/src/rule_with_operator.cc b/src/rule_with_operator.cc index 9c356b8fb0..0f6a423351 100644 --- a/src/rule_with_operator.cc +++ b/src/rule_with_operator.cc @@ -252,7 +252,7 @@ bool RuleWithOperator::evaluate(Transaction *trans, getFinalVars(&vars, &exclusion, trans); - for (auto &var : vars) { + for (const auto &var : vars) { std::vector e; if (!var) { continue; diff --git a/src/rules_exceptions.cc b/src/rules_exceptions.cc index e448256cda..798cfb5638 100644 --- a/src/rules_exceptions.cc +++ b/src/rules_exceptions.cc @@ -195,7 +195,7 @@ bool RulesExceptions::contains(int a) { } } - for (auto& z : m_ranges) { + for (const auto& z : m_ranges) { if (z.first <= a && z.second >= a) { return true; } @@ -212,42 +212,42 @@ bool RulesExceptions::merge(RulesExceptions *from) { return ret; } } - for (auto& b : from->m_ranges) { + for (const auto& b : from->m_ranges) { bool ret = addRange(b.first, b.second); if (ret == false) { return ret; } } - for (auto &p : from->m_variable_update_target_by_tag) { + for (const auto &p : from->m_variable_update_target_by_tag) { m_variable_update_target_by_tag.emplace( std::pair, std::shared_ptr>(p.first, p.second)); } - for (auto &p : from->m_variable_update_target_by_msg) { + for (const auto &p : from->m_variable_update_target_by_msg) { m_variable_update_target_by_msg.emplace( std::pair, std::shared_ptr>(p.first, p.second)); } - for (auto &p : from->m_variable_update_target_by_id) { + for (const auto &p : from->m_variable_update_target_by_id) { m_variable_update_target_by_id.emplace( std::pair>(p.first, p.second)); } - for (auto &p : from->m_action_pos_update_target_by_id) { + for (const auto &p : from->m_action_pos_update_target_by_id) { m_action_pos_update_target_by_id.emplace( std::pair>(p.first, p.second)); } - for (auto &p : from->m_action_pre_update_target_by_id) { + for (const auto &p : from->m_action_pre_update_target_by_id) { m_action_pre_update_target_by_id.emplace( std::pair>(p.first, diff --git a/src/run_time_string.cc b/src/run_time_string.cc index 45f298bc3d..dff256efce 100644 --- a/src/run_time_string.cc +++ b/src/run_time_string.cc @@ -53,7 +53,7 @@ std::string RunTimeString::evaluate(Transaction *t) { std::string RunTimeString::evaluate(Transaction *t, Rule *r) { std::string s; - for (auto &z : m_elements) { + for (const auto& z : m_elements) { if (z->m_string.size() > 0) { s.append(z->m_string); } else if (z->m_var != NULL && t != NULL) { diff --git a/src/transaction.cc b/src/transaction.cc index db3a4040cc..a757350fc5 100644 --- a/src/transaction.cc +++ b/src/transaction.cc @@ -1700,7 +1700,7 @@ std::string Transaction::toJSON(int parts) { reinterpret_cast("messages"), strlen("messages")); yajl_gen_array_open(g); - for (auto& a : m_rulesMessages) { + for (const auto& a : m_rulesMessages) { yajl_gen_map_open(g); LOGFY_ADD("message", a.m_message); yajl_gen_string(g, @@ -1721,7 +1721,7 @@ std::string Transaction::toJSON(int parts) { reinterpret_cast("tags"), strlen("tags")); yajl_gen_array_open(g); - for (auto& b : a.m_tags) { + for (const auto& b : a.m_tags) { yajl_gen_string(g, reinterpret_cast(b.data()), b.length()); diff --git a/src/variables/variable.h b/src/variables/variable.h index 5d740e1097..3adf882dee 100644 --- a/src/variables/variable.h +++ b/src/variables/variable.h @@ -155,7 +155,7 @@ class KeyExclusions : public std::deque> { } bool toOmit(std::string a) { - for (auto &z : *this) { + for (const auto& z : *this) { if (z->match(a)) { return true; } diff --git a/test/regression/regression.cc b/test/regression/regression.cc index ba37f76dfb..d6eb5bcd38 100644 --- a/test/regression/regression.cc +++ b/test/regression/regression.cc @@ -115,7 +115,7 @@ void perform_unit_test(const ModSecurityTest &test, const std::vector> &tests, ModSecurityTestResults *res, int *count) { - for (auto &t : tests) { + for (const auto &t : tests) { ModSecurityTestResults r; RegressionTestResult *testRes = new RegressionTestResult(); diff --git a/test/unit/unit.cc b/test/unit/unit.cc index 8bf5954d27..93b9c38e7b 100644 --- a/test/unit/unit.cc +++ b/test/unit/unit.cc @@ -249,9 +249,9 @@ int main(int argc, char **argv) { test.load_tests("test-cases/secrules-language-tests/transformations"); } - for (auto& [filename, tests] : test) { + for (const auto& [filename, tests] : test) { total += tests.size(); - for (auto &t : tests) { + for (const auto &t : tests) { ModSecurityTestResults r; if (!test.m_automake_output) { @@ -286,7 +286,7 @@ int main(int argc, char **argv) { if (!test.m_automake_output) { std::cout << "Total >> " << total << std::endl; - for (const auto t : results) { + for (const auto& t : results) { std::cout << t->print() << std::endl; } } From e4f3feba757fcf12426274b9e475398a8ab74bdc Mon Sep 17 00:00:00 2001 From: edding3000 Date: Fri, 21 Nov 2025 12:37:45 +0100 Subject: [PATCH 4/8] Use const pointers --- src/variables/xml.cc | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/variables/xml.cc b/src/variables/xml.cc index 0a2d33a0dd..98b9102371 100644 --- a/src/variables/xml.cc +++ b/src/variables/xml.cc @@ -90,8 +90,8 @@ void XML::evaluate(Transaction *t, ms_dbg_a(t, 2, "XML: Can't look for xmlns, internal error."); } else { std::vector acts = rule->getActionsByName("xmlns", t); - for (auto &x : acts) { - actions::XmlNS *z = static_cast(x); + for (const auto *x : acts) { + const auto *z = static_cast(x); if (xmlXPathRegisterNs(xpathCtx, reinterpret_cast(z->m_scope.c_str()), reinterpret_cast(z->m_href.c_str())) != 0) { ms_dbg_a(t, 1, "Failed to register XML namespace href \"" + \ From c7b2fdf7abc5a3096e3aa37c3f3de3e7c036da33 Mon Sep 17 00:00:00 2001 From: edding3000 Date: Fri, 21 Nov 2025 12:38:47 +0100 Subject: [PATCH 5/8] Use explicit '*' with auto for pointers in tests --- test/unit/unit.cc | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/test/unit/unit.cc b/test/unit/unit.cc index 93b9c38e7b..3f23880577 100644 --- a/test/unit/unit.cc +++ b/test/unit/unit.cc @@ -61,7 +61,7 @@ struct OperatorTest { using ItemType = Operator; static ItemType* init(const UnitTest &t) { - auto op = Operator::instantiate(t.name, t.param); + auto *op = Operator::instantiate(t.name, t.param); assert(op != nullptr); std::string error; @@ -86,7 +86,7 @@ struct TransformationTest { using ItemType = Transformation; static ItemType* init(const UnitTest &t) { - auto tfn = Transformation::instantiate("t:" + t.name); + auto *tfn = Transformation::instantiate("t:" + t.name); assert(tfn != nullptr); return tfn; @@ -264,7 +264,7 @@ int main(int argc, char **argv) { if (r.size() == 0) { std::cout << KGRN << "0 tests failed."; } else { - for (const auto &i : r) { + for (const auto *i : r) { if (i->skipped == true) { skp++; } From ef42d05d84781f24274889c7dc001ab4e8506037 Mon Sep 17 00:00:00 2001 From: edding3000 Date: Fri, 21 Nov 2025 12:40:24 +0100 Subject: [PATCH 6/8] Remove c-cast from test --- test/regression/regression.cc | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/test/regression/regression.cc b/test/regression/regression.cc index d6eb5bcd38..539d914fc7 100644 --- a/test/regression/regression.cc +++ b/test/regression/regression.cc @@ -100,8 +100,8 @@ void actions(ModSecurityTestResults *r, } if (it.url != nullptr) { r->location.append(it.url); - free(it.url); - it.url = nullptr; + free(it.url); + it.url = nullptr; } if (it.log != nullptr) { *serverLog << it.log; @@ -294,7 +294,7 @@ void perform_unit_test(const ModSecurityTest &test, actions(&r, &modsec_transaction, &context.m_server_log); modsec_transaction.appendRequestBody( - (unsigned char *)t->request_body.c_str(), + reinterpret_cast(t->request_body.c_str()), t->request_body.size()); modsec_transaction.processRequestBody(); actions(&r, &modsec_transaction, &context.m_server_log); @@ -309,7 +309,7 @@ void perform_unit_test(const ModSecurityTest &test, actions(&r, &modsec_transaction, &context.m_server_log); modsec_transaction.appendResponseBody( - (unsigned char *)t->response_body.c_str(), + reinterpret_cast(t->response_body.c_str()), t->response_body.size()); modsec_transaction.processResponseBody(); actions(&r, &modsec_transaction, &context.m_server_log); From 72b46c50a453943a235792f3f55cd775ccdeadfa Mon Sep 17 00:00:00 2001 From: edding3000 Date: Fri, 21 Nov 2025 12:41:59 +0100 Subject: [PATCH 7/8] Switch to const string reference as nothing is modified --- src/variables/variable.h | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/variables/variable.h b/src/variables/variable.h index 3adf882dee..c946c92e69 100644 --- a/src/variables/variable.h +++ b/src/variables/variable.h @@ -154,7 +154,7 @@ class KeyExclusions : public std::deque> { KeyExclusions() { } - bool toOmit(std::string a) { + bool toOmit(const std::string &a) { for (const auto& z : *this) { if (z->match(a)) { return true; From c9f2f3550587b0aaec69b30998a5222a5d416aae Mon Sep 17 00:00:00 2001 From: edding3000 Date: Fri, 21 Nov 2025 13:21:28 +0100 Subject: [PATCH 8/8] Add const to parameter with changes from e9bf9ad0e2c4043dc68da276dcc0109e47b066ab nothing is modified anymore --- headers/modsecurity/rules_exceptions.h | 2 +- src/rules_exceptions.cc | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/headers/modsecurity/rules_exceptions.h b/headers/modsecurity/rules_exceptions.h index 8395048d69..42235c53ca 100644 --- a/headers/modsecurity/rules_exceptions.h +++ b/headers/modsecurity/rules_exceptions.h @@ -51,7 +51,7 @@ class RulesExceptions { bool addRange(int a, int b); bool addNumber(int a); bool contains(int a); - bool merge(RulesExceptions *from); + bool merge(const RulesExceptions *from); bool loadRemoveRuleByMsg(const std::string &msg, const std::string *error); bool loadRemoveRuleByTag(const std::string &msg, const std::string *error); diff --git a/src/rules_exceptions.cc b/src/rules_exceptions.cc index 798cfb5638..44e1235709 100644 --- a/src/rules_exceptions.cc +++ b/src/rules_exceptions.cc @@ -205,7 +205,7 @@ bool RulesExceptions::contains(int a) { } -bool RulesExceptions::merge(RulesExceptions *from) { +bool RulesExceptions::merge(const RulesExceptions *from) { for (int a : from->m_numbers) { bool ret = addNumber(a); if (ret == false) {