Performance tweaks

headers/modsecurity/rules_exceptions.h

@@ -51,7 +51,7 @@ class RulesExceptions {
     bool addRange(int a, int b);
     bool addNumber(int a);
     bool contains(int a);
-    bool merge(RulesExceptions *from);
+    bool merge(const RulesExceptions *from);
 
     bool loadRemoveRuleByMsg(const std::string &msg, const std::string *error);
     bool loadRemoveRuleByTag(const std::string &msg, const std::string *error);

src/actions/block.cc

@@ -32,7 +32,7 @@ namespace actions {
 bool Block::evaluate(RuleWithActions *rule, Transaction *transaction, RuleMessage &ruleMessage) {
     ms_dbg_a(transaction, 8, "Marking request as disruptive.");
 
-    for (auto &a : transaction->m_rules->m_defaultActions[rule->getPhase()]) {
+    for (const auto& a : transaction->m_rules->m_defaultActions[rule->getPhase()]) {
         if (a->isDisruptive() == false) {
             continue;
         }

src/collection/backend/in_memory-per_process.cc

@@ -155,7 +155,7 @@ void InMemoryPerProcess::resolveMultiMatches(const std::string& var,
         const std::shared_lock lock(m_mutex); // read lock (shared access)
 
         if (keySize == 0) {
-            for (auto &i : m_map) {
+            for (const auto &i : m_map) {
                 if (ke.toOmit(i.first)) {
                     continue;
                 }

src/engine/lua.cc

@@ -297,7 +297,7 @@ int Lua::getvars(lua_State *L) {
     variables::Variable::stringMatchResolveMulti(t, varname, &l);
 
     lua_newtable(L);
-    for (auto i : l) {
+    for (const auto *i : l) {
         lua_pushnumber(L, idx);
         lua_newtable(L);
 

src/rule_with_actions.cc

@@ -209,7 +209,7 @@ void RuleWithActions::executeActionsIndependentOfChainedRuleResult(Transaction *
         a->evaluate(this, trans);
     }
 
-    for (auto &b :
+    for (const auto& b :
         trans->m_rules->m_exceptions.m_action_pre_update_target_by_id) {
         if (m_ruleId != b.first) {
             continue;
@@ -262,7 +262,7 @@ void RuleWithActions::executeActionsAfterFullMatch(Transaction *trans,
         a->evaluate(this, trans, ruleMessage);
     }
 
-    for (auto &b :
+    for (const auto& b :
         trans->m_rules->m_exceptions.m_action_pos_update_target_by_id) {
         if (m_ruleId != b.first) {
             continue;
@@ -373,7 +373,7 @@ void RuleWithActions::executeTransformations(
     // Notice that first we make sure that won't be a t:none
     // on the target rule.
     if (none == 0) {
-        for (auto &a : trans->m_rules->m_defaultActions[getPhase()]) {
+        for (const auto& a : trans->m_rules->m_defaultActions[getPhase()]) {
             if (a->action_kind \
                 != actions::Action::Kind::RunTimeBeforeMatchAttemptKind) {
                 continue;
@@ -400,7 +400,7 @@ void RuleWithActions::executeTransformations(
 
     // FIXME: It can't be something different from transformation. Sort this
     //        on rules compile time.
-    for (auto &b :
+    for (const auto& b :
         trans->m_rules->m_exceptions.m_action_pre_update_target_by_id) {
         if (m_ruleId != b.first) {
             continue;
@@ -412,7 +412,7 @@ void RuleWithActions::executeTransformations(
         }
     }
 
-    for (auto &b :
+    for (const auto& b :
         trans->m_rules->m_exceptions.m_action_pre_update_target_by_id) {
         if (m_ruleId != b.first) {
             continue;
@@ -442,7 +442,7 @@ void RuleWithActions::executeTransformations(
 
 
 bool RuleWithActions::containsTag(const std::string& name, Transaction *t) {
-    for (auto &tag : m_actionsTag) {
+    for (const auto &tag : m_actionsTag) {
         if (tag != NULL && tag->getName(t) == name) {
             return true;
         }
@@ -459,17 +459,17 @@ bool RuleWithActions::containsMsg(const std::string& name, Transaction *t) {
 std::vector<actions::Action *> RuleWithActions::getActionsByName(const std::string& name,
     const Transaction *trans) {
     std::vector<actions::Action *> ret;
-    for (auto &z : m_actionsRuntimePos) {
+    for (const auto &z : m_actionsRuntimePos) {
         if (*z->m_name.get() == name) {
             ret.push_back(z);
         }
     }
-    for (auto &z : m_transformations) {
+    for (const auto& z : m_transformations) {
         if (*z->m_name.get() == name) {
             ret.push_back(z);
         }
     }
-    for (auto &b :
+    for (const auto& b :
         trans->m_rules->m_exceptions.m_action_pre_update_target_by_id) {
         if (m_ruleId != b.first) {
             continue;
@@ -479,7 +479,7 @@ std::vector<actions::Action *> RuleWithActions::getActionsByName(const std::stri
             ret.push_back(z);
         }
     }
-    for (auto &b :
+    for (const auto& b :
         trans->m_rules->m_exceptions.m_action_pos_update_target_by_id) {
         if (m_ruleId != b.first) {
             continue;

src/rule_with_operator.cc

@@ -252,7 +252,7 @@ bool RuleWithOperator::evaluate(Transaction *trans,
 
     getFinalVars(&vars, &exclusion, trans);
 
-    for (auto &var : vars) {
+    for (const auto &var : vars) {
         std::vector<const VariableValue *> e;
         if (!var) {
             continue;

src/rules_exceptions.cc

@@ -195,7 +195,7 @@ bool RulesExceptions::contains(int a) {
         }
     }
 
-    for (auto z : m_ranges) {
+    for (const auto& z : m_ranges) {
         if (z.first <= a && z.second >= a) {
             return true;
         }
@@ -205,49 +205,49 @@ bool RulesExceptions::contains(int a) {
 }
 
 
-bool RulesExceptions::merge(RulesExceptions *from) {
+bool RulesExceptions::merge(const RulesExceptions *from) {
     for (int a : from->m_numbers) {
         bool ret = addNumber(a);
         if (ret == false) {
             return ret;
         }
     }
-    for (auto b : from->m_ranges) {
+    for (const auto& b : from->m_ranges) {
         bool ret = addRange(b.first, b.second);
         if (ret == false) {
             return ret;
         }
     }
 
-    for (auto &p : from->m_variable_update_target_by_tag) {
+    for (const auto &p : from->m_variable_update_target_by_tag) {
         m_variable_update_target_by_tag.emplace(
             std::pair<std::shared_ptr<std::string>,
             std::shared_ptr<variables::Variable>>(p.first,
                 p.second));
     }
 
-    for (auto &p : from->m_variable_update_target_by_msg) {
+    for (const auto &p : from->m_variable_update_target_by_msg) {
         m_variable_update_target_by_msg.emplace(
             std::pair<std::shared_ptr<std::string>,
             std::shared_ptr<variables::Variable>>(p.first,
                 p.second));
     }
 
-    for (auto &p : from->m_variable_update_target_by_id) {
+    for (const auto &p : from->m_variable_update_target_by_id) {
         m_variable_update_target_by_id.emplace(
             std::pair<double,
                 std::shared_ptr<variables::Variable>>(p.first,
                     p.second));
     }
 
-    for (auto &p : from->m_action_pos_update_target_by_id) {
+    for (const auto &p : from->m_action_pos_update_target_by_id) {
         m_action_pos_update_target_by_id.emplace(
             std::pair<double,
                 std::shared_ptr<actions::Action>>(p.first,
                     p.second));
     }
 
-    for (auto &p : from->m_action_pre_update_target_by_id) {
+    for (const auto &p : from->m_action_pre_update_target_by_id) {
         m_action_pre_update_target_by_id.emplace(
             std::pair<double,
                 std::shared_ptr<actions::Action>>(p.first,

src/run_time_string.cc

@@ -53,7 +53,7 @@ std::string RunTimeString::evaluate(Transaction *t) {
 
 std::string RunTimeString::evaluate(Transaction *t, Rule *r) {
     std::string s;
-    for (auto &z : m_elements) {
+    for (const auto& z : m_elements) {
         if (z->m_string.size() > 0) {
             s.append(z->m_string);
         } else if (z->m_var != NULL && t != NULL) {

src/transaction.cc

@@ -1700,7 +1700,7 @@ std::string Transaction::toJSON(int parts) {
             reinterpret_cast<const unsigned char*>("messages"),
             strlen("messages"));
         yajl_gen_array_open(g);
-        for (auto a : m_rulesMessages) {
+        for (const auto& a : m_rulesMessages) {
             yajl_gen_map_open(g);
             LOGFY_ADD("message", a.m_message);
             yajl_gen_string(g,
@@ -1721,7 +1721,7 @@ std::string Transaction::toJSON(int parts) {
                 reinterpret_cast<const unsigned char*>("tags"),
                 strlen("tags"));
             yajl_gen_array_open(g);
-            for (auto b : a.m_tags) {
+            for (const auto& b : a.m_tags) {
                 yajl_gen_string(g,
                     reinterpret_cast<const unsigned char*>(b.data()),
                     b.length());

src/variables/variable.h

@@ -154,8 +154,8 @@ class KeyExclusions : public std::deque<std::unique_ptr<KeyExclusion>> {
     KeyExclusions() {
     }
 
-    bool toOmit(std::string a) {
-        for (auto &z : *this) {
+    bool toOmit(const std::string &a) {
+        for (const auto& z : *this) {
             if (z->match(a)) {
                 return true;
             }

src/variables/xml.cc

@@ -90,8 +90,8 @@ void XML::evaluate(Transaction *t,
         ms_dbg_a(t, 2, "XML: Can't look for xmlns, internal error.");
     } else {
         std::vector<actions::Action *> acts = rule->getActionsByName("xmlns", t);
-        for (auto &x : acts) {
-            actions::XmlNS *z = static_cast<actions::XmlNS *>(x);
+        for (const auto *x : acts) {
+            const auto *z = static_cast<const actions::XmlNS *>(x);
             if (xmlXPathRegisterNs(xpathCtx, reinterpret_cast<const xmlChar*>(z->m_scope.c_str()),
                     reinterpret_cast<const xmlChar*>(z->m_href.c_str())) != 0) {
                 ms_dbg_a(t, 1, "Failed to register XML namespace href \"" + \

test/regression/regression.cc

@@ -100,8 +100,8 @@ void actions(ModSecurityTestResults<RegressionTest> *r,
         }
         if (it.url != nullptr) {
             r->location.append(it.url);
-	    free(it.url);
-	    it.url = nullptr;
+            free(it.url);
+            it.url = nullptr;
         }
         if (it.log != nullptr) {
             *serverLog << it.log;
@@ -115,7 +115,7 @@ void perform_unit_test(const ModSecurityTest<RegressionTest> &test,
     const std::vector<std::unique_ptr<RegressionTest>> &tests,
     ModSecurityTestResults<RegressionTestResult> *res, int *count)
 {
-    for (auto &t : tests) {
+    for (const auto &t : tests) {
         ModSecurityTestResults<RegressionTest> r;
         RegressionTestResult *testRes = new RegressionTestResult();
 
@@ -294,7 +294,7 @@ void perform_unit_test(const ModSecurityTest<RegressionTest> &test,
         actions(&r, &modsec_transaction, &context.m_server_log);
 
         modsec_transaction.appendRequestBody(
-            (unsigned char *)t->request_body.c_str(),
+            reinterpret_cast<const unsigned char*>(t->request_body.c_str()),
             t->request_body.size());
         modsec_transaction.processRequestBody();
         actions(&r, &modsec_transaction, &context.m_server_log);
@@ -309,7 +309,7 @@ void perform_unit_test(const ModSecurityTest<RegressionTest> &test,
         actions(&r, &modsec_transaction, &context.m_server_log);
 
         modsec_transaction.appendResponseBody(
-            (unsigned char *)t->response_body.c_str(),
+            reinterpret_cast<const unsigned char*>(t->response_body.c_str()),
             t->response_body.size());
         modsec_transaction.processResponseBody();
         actions(&r, &modsec_transaction, &context.m_server_log);

test/unit/unit.cc

@@ -61,7 +61,7 @@ struct OperatorTest {
     using ItemType = Operator;
 
     static ItemType* init(const UnitTest &t) {
-        auto op = Operator::instantiate(t.name, t.param);
+        auto *op = Operator::instantiate(t.name, t.param);
         assert(op != nullptr);
 
         std::string error;
@@ -86,7 +86,7 @@ struct TransformationTest {
     using ItemType = Transformation;
 
     static ItemType* init(const UnitTest &t) {
-        auto tfn = Transformation::instantiate("t:" + t.name);
+        auto *tfn = Transformation::instantiate("t:" + t.name);
         assert(tfn != nullptr);
 
         return tfn;
@@ -249,9 +249,9 @@ int main(int argc, char **argv) {
         test.load_tests("test-cases/secrules-language-tests/transformations");
     }
 
-    for (auto& [filename, tests] : test) {
+    for (const auto& [filename, tests] : test) {
         total += tests.size();
-        for (auto &t : tests) {
+        for (const auto &t : tests) {
             ModSecurityTestResults<UnitTest> r;
 
             if (!test.m_automake_output) {
@@ -264,7 +264,7 @@ int main(int argc, char **argv) {
                 if (r.size() == 0) {
                     std::cout << KGRN << "0 tests failed.";
                 } else {
-                    for (const auto &i : r) {
+                    for (const auto *i : r) {
                         if (i->skipped == true) {
                             skp++;
                         }
@@ -286,7 +286,7 @@ int main(int argc, char **argv) {
     if (!test.m_automake_output) {
         std::cout << "Total >> "  << total << std::endl;
 
-        for (const auto t : results) {
+        for (const auto& t : results) {
             std::cout << t->print() << std::endl;
         }
     }