diff --git a/Data/src/Row.cpp b/Data/src/Row.cpp index 23cc456b72..2db25950ce 100644 --- a/Data/src/Row.cpp +++ b/Data/src/Row.cpp @@ -306,6 +306,7 @@ bool Row::operator < (const Row& other) const if (_values[it->get<0>()].convert() < other._values[it->get<0>()].convert()) return true; + // CodeQL [cpp/float-equality]: intentional exact comparison in dynamic type system else if (_values[it->get<0>()].convert() != other._values[it->get<0>()].convert()) return false; diff --git a/Data/src/SQLChannel.cpp b/Data/src/SQLChannel.cpp index 9159c57904..ce555694e9 100644 --- a/Data/src/SQLChannel.cpp +++ b/Data/src/SQLChannel.cpp @@ -257,7 +257,6 @@ void SQLChannel::run() { try { - sleepTime = 100; if (_reconnect) { close(); diff --git a/Data/testsuite/src/Extractor.h b/Data/testsuite/src/Extractor.h index 597d1080f5..66d5b2d6e1 100644 --- a/Data/testsuite/src/Extractor.h +++ b/Data/testsuite/src/Extractor.h @@ -417,7 +417,7 @@ class Extractor: public Poco::Data::AbstractExtractor bool extract(std::size_t pos, Poco::Nullable& val) override; /// Extracts a Nullable. - bool isNull(std::size_t col, std::size_t row = -1) override; + bool isNull(std::size_t col, std::size_t row = POCO_DATA_INVALID_ROW) override; /// Returns true if the current row value at pos column is null. void reset() override; diff --git a/Foundation/include/Poco/Dynamic/Var.h b/Foundation/include/Poco/Dynamic/Var.h index a5c9363baa..1a169b6a80 100644 --- a/Foundation/include/Poco/Dynamic/Var.h +++ b/Foundation/include/Poco/Dynamic/Var.h @@ -1858,6 +1858,7 @@ inline bool operator == (const float& other, const Var& da) /// Equality operator for comparing Var with float { if (da.isEmpty()) return false; + // CodeQL [cpp/float-equality]: intentional exact comparison in dynamic type system return other == da.convert(); } @@ -1866,6 +1867,7 @@ inline bool operator != (const float& other, const Var& da) /// Inequality operator for comparing Var with float { if (da.isEmpty()) return true; + // CodeQL [cpp/float-equality]: intentional exact comparison in dynamic type system return other != da.convert(); } @@ -1962,6 +1964,7 @@ inline bool operator == (const double& other, const Var& da) /// Equality operator for comparing Var with double { if (da.isEmpty()) return false; + // CodeQL [cpp/float-equality]: intentional exact comparison in dynamic type system return other == da.convert(); } @@ -1970,6 +1973,7 @@ inline bool operator != (const double& other, const Var& da) /// Inequality operator for comparing Var with double { if (da.isEmpty()) return true; + // CodeQL [cpp/float-equality]: intentional exact comparison in dynamic type system return other != da.convert(); } diff --git a/Foundation/src/SplitterChannel.cpp b/Foundation/src/SplitterChannel.cpp index 2b8192a65e..f1419d909e 100644 --- a/Foundation/src/SplitterChannel.cpp +++ b/Foundation/src/SplitterChannel.cpp @@ -29,7 +29,7 @@ SplitterChannel::~SplitterChannel() { try { - close(); + SplitterChannel::close(); } catch (...) { diff --git a/Foundation/src/Var.cpp b/Foundation/src/Var.cpp index 0c2db3bc80..5003af85b6 100644 --- a/Foundation/src/Var.cpp +++ b/Foundation/src/Var.cpp @@ -621,11 +621,5 @@ std::string Var::toString(const Var& any) return res; } -/* -Var& Var::structIndexOperator(VarHolderImpl>* pStr, int n) const -{ - return pStr->operator[](n); -} -*/ - } // namespace Poco::Dynamic + diff --git a/Foundation/src/VarIterator.cpp b/Foundation/src/VarIterator.cpp index 3a9703dc9c..98b604f1dd 100644 --- a/Foundation/src/VarIterator.cpp +++ b/Foundation/src/VarIterator.cpp @@ -14,7 +14,6 @@ #include "Poco/Dynamic/VarIterator.h" #include "Poco/Dynamic/Var.h" -//#include "Poco/Dynamic/Struct.h" #undef min #undef max #include diff --git a/JSON/include/Poco/JSON/Object.h b/JSON/include/Poco/JSON/Object.h index 4d239def18..a1178fdcf9 100644 --- a/JSON/include/Poco/JSON/Object.h +++ b/JSON/include/Poco/JSON/Object.h @@ -604,19 +604,16 @@ class VarHolderImpl: public VarHolder void convert(DateTime& /*val*/) const override { - //TODO: val = _val; throw NotImplementedException("Conversion not implemented: JSON:Object => DateTime"); } void convert(LocalDateTime& /*ldt*/) const override { - //TODO: ldt = _val.timestamp(); throw NotImplementedException("Conversion not implemented: JSON:Object => LocalDateTime"); } void convert(Timestamp& /*ts*/) const override { - //TODO: ts = _val.timestamp(); throw NotImplementedException("Conversion not implemented: JSON:Object => Timestamp"); } @@ -744,19 +741,16 @@ class VarHolderImpl: public VarHolder void convert(DateTime& /*val*/) const override { - //TODO: val = _val; throw NotImplementedException("Conversion not implemented: JSON:Object => DateTime"); } void convert(LocalDateTime& /*ldt*/) const override { - //TODO: ldt = _val.timestamp(); throw NotImplementedException("Conversion not implemented: JSON:Object => LocalDateTime"); } void convert(Timestamp& /*ts*/) const override { - //TODO: ts = _val.timestamp(); throw NotImplementedException("Conversion not implemented: JSON:Object => Timestamp"); } diff --git a/JSON/include/Poco/JSON/Parser.h b/JSON/include/Poco/JSON/Parser.h index de78f65afc..bb386ca150 100644 --- a/JSON/include/Poco/JSON/Parser.h +++ b/JSON/include/Poco/JSON/Parser.h @@ -118,10 +118,10 @@ class JSON_API Parser: private ParserImpl /// Returns the Handler. Dynamic::Var asVar() const; - /// Returns the result of parsing; + /// Returns the result of parsing Dynamic::Var result() const; - /// Returns the result of parsing as Dynamic::Var; + /// Returns the result of parsing as Dynamic::Var private: Parser(const Parser&); diff --git a/JSON/include/Poco/JSON/ParserImpl.h b/JSON/include/Poco/JSON/ParserImpl.h index d1b7cbf09c..47678be9cc 100644 --- a/JSON/include/Poco/JSON/ParserImpl.h +++ b/JSON/include/Poco/JSON/ParserImpl.h @@ -81,10 +81,10 @@ class JSON_API ParserImpl /// Returns the Handler. Dynamic::Var asVarImpl() const; - /// Returns the result of parsing; + /// Returns the result of parsing Dynamic::Var resultImpl() const; - /// Returns the result of parsing as Dynamic::Var; + /// Returns the result of parsing as Dynamic::Var private: ParserImpl(const ParserImpl&); diff --git a/JSON/src/Object.cpp b/JSON/src/Object.cpp index bca36d5293..ddbe5f6bb6 100644 --- a/JSON/src/Object.cpp +++ b/JSON/src/Object.cpp @@ -237,27 +237,6 @@ Poco::OrderedDynamicStruct Object::makeOrderedStruct(const Object::Ptr& obj) return makeStructImpl(obj); } -/* -void Object::resetOrdDynStruct() const -{ - if (!_pOrdStruct) - _pOrdStruct = new Poco::OrderedDynamicStruct; - else - _pOrdStruct->clear(); -} -*/ - - -/* -void Object::resetDynStruct() const -{ - if (!_pStruct) - _pStruct = new Poco::DynamicStruct; - else - _pStruct->clear(); -}*/ - - Object::operator const Poco::DynamicStruct& () const { if (_values.empty()) diff --git a/Net/include/Poco/Net/HTTPAuthenticationParams.h b/Net/include/Poco/Net/HTTPAuthenticationParams.h index 630cdad49c..a4b7f1abac 100644 --- a/Net/include/Poco/Net/HTTPAuthenticationParams.h +++ b/Net/include/Poco/Net/HTTPAuthenticationParams.h @@ -52,7 +52,7 @@ class Net_API HTTPAuthenticationParams: public NameValueCollection virtual ~HTTPAuthenticationParams(); /// Destroys the HTTPAuthenticationParams. - HTTPAuthenticationParams& operator = (const HTTPAuthenticationParams& authParams); + HTTPAuthenticationParams& operator = (const HTTPAuthenticationParams& authParams) = default; /// Assigns the content of another HTTPAuthenticationParams. void fromAuthInfo(const std::string& authInfo); diff --git a/Net/include/Poco/Net/ICMPPacket.h b/Net/include/Poco/Net/ICMPPacket.h index c70ec64041..34a6fda946 100644 --- a/Net/include/Poco/Net/ICMPPacket.h +++ b/Net/include/Poco/Net/ICMPPacket.h @@ -40,7 +40,7 @@ class Net_API ICMPPacket /// Returns raw ICMP packet. ICMP header and data are included in the returned packet. int packetSize() const; - /// Returns the total length of packet (header + data); + /// Returns the total length of packet (header + data) Poco::UInt16 sequence() const; /// Returns the most recent sequence number generated. @@ -52,7 +52,7 @@ class Net_API ICMPPacket /// Returns data size. int maxPacketSize() const; - /// Returns the total length of packet (header + data); + /// Returns the total length of packet (header + data) struct timeval time(Poco::UInt8* buffer = nullptr, int length = 0) const; /// Returns current epoch time if either buffer or length are equal to zero. diff --git a/Net/include/Poco/Net/ICMPv4PacketImpl.h b/Net/include/Poco/Net/ICMPv4PacketImpl.h index bb3932da0a..788d5ebc93 100644 --- a/Net/include/Poco/Net/ICMPv4PacketImpl.h +++ b/Net/include/Poco/Net/ICMPv4PacketImpl.h @@ -131,7 +131,7 @@ class Net_API ICMPv4PacketImpl : public ICMPPacketImpl /// Destructor. int packetSize() const; - /// Returns the total length of packet (header + data); + /// Returns the total length of packet (header + data) struct timeval time(Poco::UInt8* buffer = nullptr, int length = 0) const; /// Returns current epoch time if either buffer or length are equal to zero. diff --git a/Net/include/Poco/Net/SocketConnector.h b/Net/include/Poco/Net/SocketConnector.h index ad5d64704b..65fa17cd7f 100644 --- a/Net/include/Poco/Net/SocketConnector.h +++ b/Net/include/Poco/Net/SocketConnector.h @@ -113,6 +113,7 @@ class SocketConnector /// /// The overriding method must call the baseclass implementation first. { + // CodeQL [cpp/local-address-stored]: reactor lifetime managed by caller; outlives connector by design _pReactor = &reactor; _pReactor->addEventHandler(_socket, Poco::NObserver(*this, &SocketConnector::onReadable)); _pReactor->addEventHandler(_socket, Poco::NObserver(*this, &SocketConnector::onWritable)); diff --git a/Net/include/Poco/Net/SocketNotifier.h b/Net/include/Poco/Net/SocketNotifier.h index 67ec6aee99..30fb3d322b 100644 --- a/Net/include/Poco/Net/SocketNotifier.h +++ b/Net/include/Poco/Net/SocketNotifier.h @@ -61,7 +61,7 @@ class Net_API SocketNotifier: public Poco::RefCountedObject /// Returns true if there are subscribers. std::size_t countObservers() const; - /// Returns the number of subscribers; + /// Returns the number of subscribers Socket socket() const; /// Returns the socket. diff --git a/Net/src/DNS.cpp b/Net/src/DNS.cpp index 8938ff1b5f..243cf6e92b 100644 --- a/Net/src/DNS.cpp +++ b/Net/src/DNS.cpp @@ -528,8 +528,6 @@ int punycode_encode(size_t input_length_orig, const punycode_uint input[], size_ if (max_out - out < 2) return punycode_big_output; output[out++] = (char) input[j]; } - /* else if (input[j] < n) return punycode_bad_input; */ - /* (not needed for Punycode with unsigned code points) */ } h = b = (punycode_uint) out; @@ -550,8 +548,6 @@ int punycode_encode(size_t input_length_orig, const punycode_uint input[], size_ for (m = maxint, j = 0; j < input_length; ++j) { - /* if (basic(input[j])) continue; */ - /* (not needed for Punycode) */ if (input[j] >= n && input[j] < m) m = input[j]; } @@ -666,8 +662,6 @@ int punycode_decode(size_t input_length, const char input[], size_t *output_leng /* Insert n at position i of the output: */ - /* not needed for Punycode: */ - /* if (basic(n)) return punycode_bad_input; */ if (out >= max_out) return punycode_big_output; std::memmove(output + i + 1, output + i, (out - i) * sizeof *output); diff --git a/Net/src/FTPClientSession.cpp b/Net/src/FTPClientSession.cpp index 67be31afc6..bda9fc9cd9 100644 --- a/Net/src/FTPClientSession.cpp +++ b/Net/src/FTPClientSession.cpp @@ -60,7 +60,7 @@ FTPClientSession::FTPClientSession(const StreamSocket& socket, _pControlSocket->setReceiveTimeout(_timeout); if (readWelcomeMessage) { - receiveServerReadyReply(); + FTPClientSession::receiveServerReadyReply(); } else { diff --git a/Net/src/HTTPAuthenticationParams.cpp b/Net/src/HTTPAuthenticationParams.cpp index e006b22ee2..4d24498d71 100644 --- a/Net/src/HTTPAuthenticationParams.cpp +++ b/Net/src/HTTPAuthenticationParams.cpp @@ -98,14 +98,6 @@ HTTPAuthenticationParams::~HTTPAuthenticationParams() } -HTTPAuthenticationParams& HTTPAuthenticationParams::operator = (const HTTPAuthenticationParams& authParams) -{ - NameValueCollection::operator = (authParams); - - return *this; -} - - void HTTPAuthenticationParams::fromAuthInfo(const std::string& authInfo) { parse(authInfo.begin(), authInfo.end()); diff --git a/Net/src/HTTPClientSession.cpp b/Net/src/HTTPClientSession.cpp index 4d716cd22c..303ecd4d6e 100644 --- a/Net/src/HTTPClientSession.cpp +++ b/Net/src/HTTPClientSession.cpp @@ -280,6 +280,7 @@ std::ostream& HTTPClientSession::sendRequest(HTTPRequest& request) if (!_proxyConfig.host.empty() && !bypassProxy()) { std::string prefix = proxyRequestPrefix(); + // CodeQL [cpp/auth-bypass]: proxy prefix rewriting, not authentication logic if (!prefix.empty() && request.getURI().compare(0, 7, "http://") != 0 && request.getURI().compare(0, 8, "https://") != 0) request.setURI(prefix + request.getURI()); if (keepAlive) request.set(HTTPMessage::PROXY_CONNECTION, HTTPMessage::CONNECTION_KEEP_ALIVE); diff --git a/Net/src/ICMPv4PacketImpl.cpp b/Net/src/ICMPv4PacketImpl.cpp index 7b8e6110dc..eefc352265 100644 --- a/Net/src/ICMPv4PacketImpl.cpp +++ b/Net/src/ICMPv4PacketImpl.cpp @@ -208,13 +208,14 @@ std::string ICMPv4PacketImpl::errorDescription(unsigned char* buffer, int length type = icp->type; MessageType msgType = static_cast(type); - code = icp->code; + code = static_cast(icp->code); std::ostringstream err; switch (msgType) { case DESTINATION_UNREACHABLE_TYPE: - if (code >= NET_UNREACHABLE && code < DESTINATION_UNREACHABLE_UNKNOWN) + // lower-bound check is defensive (enum values may change) + if (code >= static_cast(NET_UNREACHABLE) && code < static_cast(DESTINATION_UNREACHABLE_UNKNOWN)) err << DESTINATION_UNREACHABLE_CODE[code]; else err << DESTINATION_UNREACHABLE_CODE[DESTINATION_UNREACHABLE_UNKNOWN]; @@ -225,22 +226,24 @@ std::string ICMPv4PacketImpl::errorDescription(unsigned char* buffer, int length break; case REDIRECT_MESSAGE_TYPE: - if (code >= REDIRECT_NETWORK && code < REDIRECT_MESSAGE_UNKNOWN) + // lower-bound check is defensive (enum values may change) + if (code >= static_cast(REDIRECT_NETWORK) && code < static_cast(REDIRECT_MESSAGE_UNKNOWN)) err << REDIRECT_MESSAGE_CODE[code]; else err << REDIRECT_MESSAGE_CODE[REDIRECT_MESSAGE_UNKNOWN]; break; case TIME_EXCEEDED_TYPE: - if (code >= TIME_TO_LIVE && code < TIME_EXCEEDED_UNKNOWN) + // lower-bound check is defensive (enum values may change) + if (code >= static_cast(TIME_TO_LIVE) && code < static_cast(TIME_EXCEEDED_UNKNOWN)) err << TIME_EXCEEDED_CODE[code]; else err << TIME_EXCEEDED_CODE[TIME_EXCEEDED_UNKNOWN]; break; case PARAMETER_PROBLEM_TYPE: - if (POINTER_INDICATES_THE_ERROR != code) - code = PARAMETER_PROBLEM_UNKNOWN; + if (static_cast(POINTER_INDICATES_THE_ERROR) != code) + code = static_cast(PARAMETER_PROBLEM_UNKNOWN); err << PARAMETER_PROBLEM_CODE[code] << ": error in octet #" << pointer; break; diff --git a/Net/src/IPAddress.cpp b/Net/src/IPAddress.cpp index ea1ea58f93..5a66ee2293 100644 --- a/Net/src/IPAddress.cpp +++ b/Net/src/IPAddress.cpp @@ -563,6 +563,7 @@ std::string IPAddress::trimIPv6(const std::string& v6Addr) if ((dblColOcc > 1) || (std::count(v6addr.begin(), v6addr.end(), ':') > 8) || (v6addr.find(":::") != std::string::npos) || + // CodeQL [cpp/constant-comparison]: intentional IPv6 validation — checks for trailing single colon ((len >= 2) && ((v6addr[len-1] == ':') && v6addr[len-2] != ':'))) { return v6addr; @@ -581,6 +582,7 @@ IPAddress IPAddress::parse(const std::string& addr) bool IPAddress::tryParse(const std::string& addr, IPAddress& result) { IPv4AddressImpl impl4(IPv4AddressImpl::parse(addr)); + // CodeQL [cpp/auth-bypass]: IP address parsing, not authentication if (impl4 != IPv4AddressImpl() || trim(addr) == "0.0.0.0") { result.newIPv4(impl4.addr()); diff --git a/Net/src/MailMessage.cpp b/Net/src/MailMessage.cpp index 0ad8d592aa..cf9d372a97 100644 --- a/Net/src/MailMessage.cpp +++ b/Net/src/MailMessage.cpp @@ -347,8 +347,8 @@ void MailMessage::read(std::istream& istr, PartHandler& handler) } else { - StringPartHandler handler(_content); - readPart(istr, *this, handler); + StringPartHandler stringHandler(_content); + readPart(istr, *this, stringHandler); } } diff --git a/Net/src/MessageHeader.cpp b/Net/src/MessageHeader.cpp index 2d6b956b4d..c6a7ae2ef1 100644 --- a/Net/src/MessageHeader.cpp +++ b/Net/src/MessageHeader.cpp @@ -92,7 +92,7 @@ void MessageHeader::read(std::istream& istr) } if (ch == '\n') { ch = buf.sbumpc(); continue; } // ignore invalid header lines if (ch != ':') throw MessageException("Field name too long/no colon found"); - if (ch != eof) ch = buf.sbumpc(); // ':' + ch = buf.sbumpc(); // skip ':' while (ch != eof && Poco::Ascii::isSpace(ch) && ch != '\r' && ch != '\n') ch = buf.sbumpc(); while (ch != eof && ch != '\r' && ch != '\n' && static_cast(value.length()) < _valueLengthLimit) { @@ -373,18 +373,20 @@ void MessageHeader::decodeRFC2047(const std::string& ins, std::string& outs, con continue; } - // FIXME: check that we have enought chars- if (c == '=') { // The next two chars are hex representation of the complete byte. std::string hex; for (int i = 0; i < 2; i++) { - istr.get(c); + if (!istr.get(c)) break; hex += c; } - hex = toUpper(hex); - tempout += (char)(int)::strtol(hex.c_str(), nullptr, 16); + if (hex.length() == 2) + { + hex = toUpper(hex); + tempout += (char)(int)::strtol(hex.c_str(), nullptr, 16); + } continue; } tempout += c; @@ -409,7 +411,7 @@ void MessageHeader::decodeRFC2047(const std::string& ins, std::string& outs, con } catch (...) { - // FIXME: Unsuported encoding... + // Unsupported or unknown encoding; fall back to raw decoded text outs = tempout; } } diff --git a/Net/src/Net.cpp b/Net/src/Net.cpp index 68bc696d99..0b1b5d69c9 100644 --- a/Net/src/Net.cpp +++ b/Net/src/Net.cpp @@ -71,13 +71,13 @@ std::string htmlize(const std::string& str) /// linked library. { NetworkInitializer() - /// Calls Poco::Net::initializeNetwork(); + /// Calls Poco::Net::initializeNetwork() { Poco::Net::initializeNetwork(); } ~NetworkInitializer() - /// Calls Poco::Net::uninitializeNetwork(); + /// Calls Poco::Net::uninitializeNetwork() { try { diff --git a/Net/src/NetworkInterface.cpp b/Net/src/NetworkInterface.cpp index 753c5db850..fe0b60d61d 100644 --- a/Net/src/NetworkInterface.cpp +++ b/Net/src/NetworkInterface.cpp @@ -1250,53 +1250,6 @@ NetworkInterface::Map NetworkInterface::map(bool ipOnly, bool upOnly) #error TODO -/* -namespace Poco::Net { - - -NetworkInterface::NetworkInterfaceList NetworkInterface::list() -{ - FastMutex::ScopedLock lock(_mutex); - NetworkInterfaceList result; - - int ifIndex = 1; - char ifName[32]; - char ifAddr[INET_ADDR_LEN]; - - for (;;) - { - if (ifIndexToIfName(ifIndex, ifName) == OK) - { - std::string name(ifName); - IPAddress addr; - IPAddress mask; - IPAddress bcst; - if (ifAddrGet(ifName, ifAddr) == OK) - { - addr = IPAddress(std::string(ifAddr)); - } - int ifMask; - if (ifMaskGet(ifName, &ifMask) == OK) - { - mask = IPAddress(&ifMask, sizeof(ifMask)); - } - if (ifBroadcastGet(ifName, ifAddr) == OK) - { - bcst = IPAddress(std::string(ifAddr)); - } - result.push_back(NetworkInterface(name, name, name, addr, mask, bcst)); - ifIndex++; - } - else break; - } - - return result; -} - - -} // namespace Poco::Net -*/ - #elif defined(POCO_OS_FAMILY_BSD) || (POCO_OS == POCO_OS_QNX) || (POCO_OS == POCO_OS_SOLARIS) // // BSD variants, QNX(?) and Solaris @@ -1705,87 +1658,6 @@ NetworkInterface::Map NetworkInterface::map(bool ipOnly, bool upOnly) // Non-BSD Unix variants // #error TODO -/* -NetworkInterface::NetworkInterfaceList NetworkInterface::list() -{ - FastMutex::ScopedLock lock(_mutex); - NetworkInterfaceList result; - DatagramSocket socket; - // the following code is loosely based - // on W. Richard Stevens, UNIX Network Programming, pp 434ff. - int lastlen = 0; - int len = 100*sizeof(struct ifreq); - char* buf = 0; - try - { - struct ifconf ifc; - for (;;) - { - buf = new char[len]; - ifc.ifc_len = len; - ifc.ifc_buf = buf; - if (::ioctl(socket.impl()->sockfd(), SIOCGIFCONF, &ifc) < 0) - { - if (errno != EINVAL || lastlen != 0) - throw NetException("cannot get network adapter list"); - } - else - { - if (ifc.ifc_len == lastlen) - break; - lastlen = ifc.ifc_len; - } - len += 10*sizeof(struct ifreq); - delete [] buf; - } - for (const char* ptr = buf; ptr < buf + ifc.ifc_len;) - { - const struct ifreq* ifr = reinterpret_cast(ptr); -#if defined(POCO_HAVE_SALEN) - len = ifr->ifr_addr.sa_len; - if (sizeof(struct sockaddr) > len) len = sizeof(struct sockaddr); -#else - len = sizeof(struct sockaddr); -#endif - IPAddress addr; - bool haveAddr = false; - int ifIndex(-1); - switch (ifr->ifr_addr.sa_family) - { -#if defined(POCO_HAVE_IPv6) - case AF_INET6: - ifIndex = if_nametoindex(ifr->ifr_name); - if (len < sizeof(struct sockaddr_in6)) len = sizeof(struct sockaddr_in6); - addr = IPAddress(&reinterpret_cast(&ifr->ifr_addr)->sin6_addr, sizeof(struct in6_addr), ifIndex); - haveAddr = true; - break; -#endif - case AF_INET: - if (len < sizeof(struct sockaddr_in)) len = sizeof(struct sockaddr_in); - addr = IPAddress(ifr->ifr_addr); - haveAddr = true; - break; - default: - break; - } - if (haveAddr) - { - std::string name(ifr->ifr_name); - result.push_back(NetworkInterface(name, name, name, addr, ifIndex)); - } - len += sizeof(ifr->ifr_name); - ptr += len; - } - } - catch (...) - { - delete [] buf; - throw; - } - delete [] buf; - return result; -} -*/ } } // namespace Poco::Net diff --git a/Net/src/PollSet.cpp b/Net/src/PollSet.cpp index 4e9555538e..7e077d471a 100644 --- a/Net/src/PollSet.cpp +++ b/Net/src/PollSet.cpp @@ -234,7 +234,8 @@ class PollSetImpl } #else std::uint64_t val; - [[maybe_unused]] auto n = read(_eventfd, &val, sizeof(val)); + if (read(_eventfd, &val, sizeof(val)) < 0) + poco_debugger_msg("eventfd read failed"); #endif } } @@ -283,6 +284,7 @@ class PollSetImpl int updateImpl(const Socket& socket, int mode) { SocketImpl* sockImpl = socket.impl(); + poco_check_ptr(sockImpl); int ret = addFD(static_cast(sockImpl->sockfd()), mode, EPOLL_CTL_MOD, sockImpl); if (ret == 0) socketMapUpdate(socket, mode); return ret; @@ -291,6 +293,7 @@ class PollSetImpl int addImpl(const Socket& socket, int mode) { SocketImpl* sockImpl = socket.impl(); + poco_check_ptr(sockImpl); int newMode = getNewMode(sockImpl, mode); int ret = addFD(static_cast(sockImpl->sockfd()), newMode, EPOLL_CTL_ADD, sockImpl); if (ret == 0) socketMapUpdate(socket, newMode); diff --git a/Net/src/SocketImpl.cpp b/Net/src/SocketImpl.cpp index 429e725531..e6c80d4f26 100644 --- a/Net/src/SocketImpl.cpp +++ b/Net/src/SocketImpl.cpp @@ -122,7 +122,7 @@ SocketImpl::SocketImpl(poco_socket_t sockfd): SocketImpl::~SocketImpl() { - close(); + SocketImpl::close(); } @@ -369,6 +369,7 @@ int SocketImpl::sendBytes(const void* buffer, int length, int flags) do { if (_sockfd == POCO_INVALID_SOCKET) throw InvalidSocketException(); + // CodeQL [cpp/cleartext-transmission]: base socket layer; encryption handled by SecureSocketImpl rc = ::send(_sockfd, reinterpret_cast(buffer), length, flags); } while (_blocking && rc < 0 && lastError() == POCO_EINTR); diff --git a/NetSSL_OpenSSL/testsuite/src/FTPSClientSessionTest.h b/NetSSL_OpenSSL/testsuite/src/FTPSClientSessionTest.h index baa6c2b0e9..e295c1b988 100644 --- a/NetSSL_OpenSSL/testsuite/src/FTPSClientSessionTest.h +++ b/NetSSL_OpenSSL/testsuite/src/FTPSClientSessionTest.h @@ -10,8 +10,8 @@ // -#ifndef FTPClientSessionTest_INCLUDED -#define FTPClientSessionTest_INCLUDED +#ifndef FTPSClientSessionTest_INCLUDED +#define FTPSClientSessionTest_INCLUDED #include "Poco/Net/Net.h" @@ -58,4 +58,4 @@ class FTPSClientSessionTest: public CppUnit::TestCase }; -#endif // FTPClientSessionTest_INCLUDED +#endif // FTPSClientSessionTest_INCLUDED diff --git a/Prometheus/include/Poco/Prometheus/Histogram.h b/Prometheus/include/Poco/Prometheus/Histogram.h index ff18ce2a98..110a16ff45 100644 --- a/Prometheus/include/Poco/Prometheus/Histogram.h +++ b/Prometheus/include/Poco/Prometheus/Histogram.h @@ -64,7 +64,7 @@ class Prometheus_API HistogramSample /// Returns the histogram's data. const std::vector& bucketBounds() const; - /// Returns the buckets upper bounds; + /// Returns the buckets upper bounds private: const std::vector& _bucketBounds; diff --git a/Prometheus/src/Registry.cpp b/Prometheus/src/Registry.cpp index 211d3d6737..477c8a78c3 100644 --- a/Prometheus/src/Registry.cpp +++ b/Prometheus/src/Registry.cpp @@ -32,6 +32,7 @@ void Registry::registerCollector(Collector* pCollector) const auto it = _collectors.find(pCollector->name()); if (it == _collectors.end()) { + // CodeQL [cpp/local-address-stored]: collector lifetime managed by caller _collectors[pCollector->name()] = pCollector; } else diff --git a/Util/src/AbstractConfiguration.cpp b/Util/src/AbstractConfiguration.cpp index 9bc415edee..26a8d2f359 100644 --- a/Util/src/AbstractConfiguration.cpp +++ b/Util/src/AbstractConfiguration.cpp @@ -541,10 +541,10 @@ std::string AbstractConfiguration::uncheckedExpand(const std::string& value) con else prop += *it++; } if (it != end) ++it; - std::string value; - if (getRaw(prop, value)) + std::string propValue; + if (getRaw(prop, propValue)) { - result.append(internalExpand(value)); + result.append(internalExpand(propValue)); } else if (haveDefault) { diff --git a/Util/src/Application.cpp b/Util/src/Application.cpp index 4b0612c0b8..f6dce1a943 100644 --- a/Util/src/Application.cpp +++ b/Util/src/Application.cpp @@ -85,6 +85,8 @@ Application::Application(): Application::Application(int argc, char** argv): Application() { + // CodeQL [cpp/virtual-call-in-ctor]: init() chain calls virtual defineOptions(), + // but only Application::defineOptions() runs here (derived vtable not yet constructed) init(argc, argv); } @@ -114,6 +116,7 @@ void Application::setup() setUnixOptions(false); #endif + // CodeQL [cpp/local-address-stored]: singleton pattern; instance lifetime is process-scoped _pInstance = this; AutoPtr pCC = new ConsoleChannel; diff --git a/XML/include/Poco/DOM/Document.h b/XML/include/Poco/DOM/Document.h index 7eaa9fe62e..1202268865 100644 --- a/XML/include/Poco/DOM/Document.h +++ b/XML/include/Poco/DOM/Document.h @@ -92,7 +92,7 @@ class XML_API Document: public AbstractContainerNode, public DocumentEvent /// Suspends all events until resumeEvents() is called. void resumeEvents(); - /// Resumes all events suspended with suspendEvent(); + /// Resumes all events suspended with suspendEvent() bool eventsSuspended() const; /// Returns true if events are suspended. diff --git a/XML/include/Poco/SAX/ContentHandler.h b/XML/include/Poco/SAX/ContentHandler.h index 4ca1dd9a04..c33cf4a565 100644 --- a/XML/include/Poco/SAX/ContentHandler.h +++ b/XML/include/Poco/SAX/ContentHandler.h @@ -125,6 +125,7 @@ class XML_API ContentHandler /// /// For information on the names, see startElement. + // CodeQL [cpp/raw-array-interface]: SAX specification API virtual void characters(const XMLChar ch[], int start, int length) = 0; /// Receive notification of character data. /// @@ -157,6 +158,7 @@ class XML_API ContentHandler /// ignorableWhitespace method rather than this one (validating parsers must /// do so). + // CodeQL [cpp/raw-array-interface]: SAX specification API virtual void ignorableWhitespace(const XMLChar ch[], int start, int length) = 0; /// Receive notification of ignorable whitespace in element content. /// diff --git a/XML/include/Poco/SAX/LexicalHandler.h b/XML/include/Poco/SAX/LexicalHandler.h index 3ef9d5a030..d3bd2788f9 100644 --- a/XML/include/Poco/SAX/LexicalHandler.h +++ b/XML/include/Poco/SAX/LexicalHandler.h @@ -106,6 +106,7 @@ class XML_API LexicalHandler virtual void endCDATA() = 0; /// Report the end of a CDATA section. + // CodeQL [cpp/raw-array-interface]: SAX specification API virtual void comment(const XMLChar ch[], int start, int length) = 0; /// Report an XML comment anywhere in the document. /// diff --git a/XML/src/AbstractContainerNode.cpp b/XML/src/AbstractContainerNode.cpp index 2a0208d6f7..202727fe9c 100644 --- a/XML/src/AbstractContainerNode.cpp +++ b/XML/src/AbstractContainerNode.cpp @@ -99,9 +99,11 @@ Node* AbstractContainerNode::insertBefore(Node* newChild, Node* refChild) { while (pLast->_pNext) { + // CodeQL [cpp/local-address-stored]: DOM tree parent-child relationship; node lifetime managed by tree pLast->_pParent = this; pLast = pLast->_pNext; } + // CodeQL [cpp/local-address-stored]: DOM tree parent-child relationship; node lifetime managed by tree pLast->_pParent = this; } pFrag->_pFirstChild = nullptr; @@ -113,6 +115,7 @@ Node* AbstractContainerNode::insertBefore(Node* newChild, Node* refChild) if (pParent) pParent->removeChild(newChild); pFirst = static_cast(newChild); pLast = pFirst; + // CodeQL [cpp/local-address-stored]: DOM tree parent-child relationship; node lifetime managed by tree pFirst->_pParent = this; } if (_pFirstChild && pFirst) diff --git a/XML/src/DOMImplementation.cpp b/XML/src/DOMImplementation.cpp index 63aba1d064..16b8e95f27 100644 --- a/XML/src/DOMImplementation.cpp +++ b/XML/src/DOMImplementation.cpp @@ -44,11 +44,13 @@ DOMImplementation::~DOMImplementation() bool DOMImplementation::hasFeature(const XMLString& feature, const XMLString& version) const { XMLString lcFeature = Poco::toLower(feature); - return (lcFeature == FEATURE_XML && version == VERSION_1_0) || - (lcFeature == FEATURE_CORE && version == VERSION_2_0) || - (lcFeature == FEATURE_EVENTS && version == VERSION_2_0) || - (lcFeature == FEATURE_MUTATIONEVENTS && version == VERSION_2_0) || - (lcFeature == FEATURE_TRAVERSAL && version == VERSION_2_0); + bool isXML = (lcFeature == FEATURE_XML && version == VERSION_1_0); + bool isV2Feature = (version == VERSION_2_0) && + (lcFeature == FEATURE_CORE || + lcFeature == FEATURE_EVENTS || + lcFeature == FEATURE_MUTATIONEVENTS || + lcFeature == FEATURE_TRAVERSAL); + return isXML || isV2Feature; } diff --git a/XML/src/DefaultHandler.cpp b/XML/src/DefaultHandler.cpp index 4fe17584ff..b9364c0dff 100644 --- a/XML/src/DefaultHandler.cpp +++ b/XML/src/DefaultHandler.cpp @@ -74,11 +74,13 @@ void DefaultHandler::endElement(const XMLString& uri, const XMLString& localName } +// CodeQL [cpp/raw-array-interface]: SAX specification API void DefaultHandler::characters(const XMLChar ch[], int start, int length) { } +// CodeQL [cpp/raw-array-interface]: SAX specification API void DefaultHandler::ignorableWhitespace(const XMLChar ch[], int start, int length) { } diff --git a/XML/src/Element.cpp b/XML/src/Element.cpp index 37504e3883..ee76d3b5f3 100644 --- a/XML/src/Element.cpp +++ b/XML/src/Element.cpp @@ -116,6 +116,7 @@ Attr* Element::setAttributeNode(Attr* newAttr) } else _pFirstAttr = newAttr; newAttr->duplicate(); + // CodeQL [cpp/local-address-stored]: DOM tree attribute-element relationship newAttr->_pParent = this; if (_pOwner->events()) dispatchAttrModified(newAttr, MutationEvent::ADDITION, EMPTY_STRING, newAttr->getValue()); diff --git a/XML/src/Event.cpp b/XML/src/Event.cpp index 3d1854ed29..cfd04061d6 100644 --- a/XML/src/Event.cpp +++ b/XML/src/Event.cpp @@ -76,6 +76,7 @@ void Event::initEvent(const XMLString& eventType, bool canBubble, bool isCancela void Event::setTarget(EventTarget* pTarget) { + // CodeQL [cpp/local-address-stored]: event target set by caller who manages target lifetime _pTarget = pTarget; } @@ -88,6 +89,7 @@ void Event::setCurrentPhase(PhaseType phase) void Event::setCurrentTarget(EventTarget* pTarget) { + // CodeQL [cpp/local-address-stored]: event target set by caller who manages target lifetime _pCurrentTarget = pTarget; } diff --git a/XML/src/ParserEngine.cpp b/XML/src/ParserEngine.cpp index dd7ebe1236..e389306240 100644 --- a/XML/src/ParserEngine.cpp +++ b/XML/src/ParserEngine.cpp @@ -147,6 +147,7 @@ void ParserEngine::addEncoding(const XMLString& name, TextEncoding* pEncoding) poco_check_ptr (pEncoding); if (_encodings.find(name) == _encodings.end()) + // CodeQL [cpp/local-address-stored]: encoding lifetime managed by caller (SAX registration pattern) _encodings[name] = pEncoding; else throw XMLException("Encoding already defined"); @@ -182,30 +183,35 @@ void ParserEngine::setExternalParameterEntities(bool flag) void ParserEngine::setEntityResolver(EntityResolver* pResolver) { + // CodeQL [cpp/local-address-stored]: SAX handler registration; handler lifetime managed by caller _pEntityResolver = pResolver; } void ParserEngine::setDTDHandler(DTDHandler* pDTDHandler) { + // CodeQL [cpp/local-address-stored]: SAX handler registration; handler lifetime managed by caller _pDTDHandler = pDTDHandler; } void ParserEngine::setDeclHandler(DeclHandler* pDeclHandler) { + // CodeQL [cpp/local-address-stored]: SAX handler registration; handler lifetime managed by caller _pDeclHandler = pDeclHandler; } void ParserEngine::setContentHandler(ContentHandler* pContentHandler) { + // CodeQL [cpp/local-address-stored]: SAX handler registration; handler lifetime managed by caller _pContentHandler = pContentHandler; } void ParserEngine::setLexicalHandler(LexicalHandler* pLexicalHandler) { + // CodeQL [cpp/local-address-stored]: SAX handler registration; handler lifetime managed by caller _pLexicalHandler = pLexicalHandler; } diff --git a/XML/src/SAXParser.cpp b/XML/src/SAXParser.cpp index c5c99ff019..be5eb83c68 100644 --- a/XML/src/SAXParser.cpp +++ b/XML/src/SAXParser.cpp @@ -194,6 +194,7 @@ void SAXParser::parse(InputSource* pInputSource) setupParse(); _engine->parse(pInputSource); } + // CodeQL [cpp/xxe]: external general entities disabled by default; user must explicitly enable via FEATURE_EXTERNAL_GENERAL_ENTITIES else parse(pInputSource->getSystemId()); } diff --git a/XML/src/WhitespaceFilter.cpp b/XML/src/WhitespaceFilter.cpp index d4f946b460..6b0cc95e7b 100644 --- a/XML/src/WhitespaceFilter.cpp +++ b/XML/src/WhitespaceFilter.cpp @@ -99,6 +99,7 @@ void WhitespaceFilter::endElement(const XMLString& uri, const XMLString& localNa } +// CodeQL [cpp/raw-array-interface]: SAX specification API void WhitespaceFilter::characters(const XMLChar ch[], int start, int length) { if (_filter) @@ -127,6 +128,7 @@ void WhitespaceFilter::characters(const XMLChar ch[], int start, int length) } +// CodeQL [cpp/raw-array-interface]: SAX specification API void WhitespaceFilter::ignorableWhitespace(const XMLChar ch[], int start, int length) { // the handler name already says that this data can be ignored @@ -191,6 +193,7 @@ void WhitespaceFilter::endCDATA() } +// CodeQL [cpp/raw-array-interface]: SAX specification API void WhitespaceFilter::comment(const XMLChar ch[], int start, int length) { if (_pLexicalHandler) diff --git a/XML/src/XMLFilterImpl.cpp b/XML/src/XMLFilterImpl.cpp index deec18494e..fa56a0d958 100644 --- a/XML/src/XMLFilterImpl.cpp +++ b/XML/src/XMLFilterImpl.cpp @@ -235,6 +235,7 @@ void XMLFilterImpl::endElement(const XMLString& uri, const XMLString& localName, } +// CodeQL [cpp/raw-array-interface]: SAX specification API void XMLFilterImpl::characters(const XMLChar ch[], int start, int length) { if (_pContentHandler) @@ -242,6 +243,7 @@ void XMLFilterImpl::characters(const XMLChar ch[], int start, int length) } +// CodeQL [cpp/raw-array-interface]: SAX specification API void XMLFilterImpl::ignorableWhitespace(const XMLChar ch[], int start, int length) { if (_pContentHandler) diff --git a/XML/src/XMLStreamParser.cpp b/XML/src/XMLStreamParser.cpp index 0f1e81ce99..e46fd0b912 100644 --- a/XML/src/XMLStreamParser.cpp +++ b/XML/src/XMLStreamParser.cpp @@ -524,29 +524,34 @@ XMLStreamParser::EventType XMLStreamParser::nextBody() { // Based on the previous event determine what's the next one must be. // - switch (_currentEvent) - { - case EV_END_NAMESPACE_DECL: + if (_currentEvent == EV_END_NAMESPACE_DECL) { if (++_endNamespaceIndex == _endNamespace.size()) { _endNamespaceIndex = 0; _endNamespace.clear(); _qualifiedName = &_qname; - break; // No more declarations. + // No more declarations. + } + else + { + // The end namespace declaration comes before the end element + // which means it can follow pretty much any other event. + // + _currentEvent = EV_END_NAMESPACE_DECL; + _qualifiedName = &_endNamespace[_endNamespaceIndex]; + return _currentEvent; } - [[fallthrough]]; } + else + { // The end namespace declaration comes before the end element // which means it can follow pretty much any other event. // - default: - { _currentEvent = EV_END_NAMESPACE_DECL; _qualifiedName = &_endNamespace[_endNamespaceIndex]; return _currentEvent; } - } } // Check the queue. @@ -767,10 +772,10 @@ void XMLStreamParser::handleStartElement(void* v, const XMLChar* name, const XML { QName qn; splitName(*atts, qn); - AttributeMapType::value_type v(qn, AttributeValueType()); - v.second.value = *(atts + 1); - v.second.handled = false; - pe->attributeMap.insert(v); + AttributeMapType::value_type attrEntry(qn, AttributeValueType()); + attrEntry.second.value = *(atts + 1); + attrEntry.second.handled = false; + pe->attributeMap.insert(attrEntry); } else { diff --git a/XML/src/XMLWriter.cpp b/XML/src/XMLWriter.cpp index 895219edc1..8b44ded94c 100644 --- a/XML/src/XMLWriter.cpp +++ b/XML/src/XMLWriter.cpp @@ -310,6 +310,7 @@ void XMLWriter::emptyElement(const XMLString& namespaceURI, const XMLString& loc } +// CodeQL [cpp/raw-array-interface]: SAX specification API void XMLWriter::characters(const XMLChar ch[], int start, int length) { if (length == 0) return; @@ -360,6 +361,7 @@ void XMLWriter::rawCharacters(const XMLString& str) } +// CodeQL [cpp/raw-array-interface]: SAX specification API void XMLWriter::ignorableWhitespace(const XMLChar ch[], int start, int length) { characters(ch, start, length); @@ -454,6 +456,7 @@ void XMLWriter::endCDATA() } +// CodeQL [cpp/raw-array-interface]: SAX specification API void XMLWriter::comment(const XMLChar ch[], int start, int length) { if (_unclosedStartTag) closeStartTag(); diff --git a/Zip/src/Compress.cpp b/Zip/src/Compress.cpp index 827933a19e..c7dd1dd0e7 100644 --- a/Zip/src/Compress.cpp +++ b/Zip/src/Compress.cpp @@ -179,8 +179,8 @@ void Compress::addFileRaw(std::istream& in, const ZipLocalFileHeader& h, const P if (hdr.hasExtraField()) // Update sizes in header extension. hdr.setZip64Data(); _out.seekp(hdr.getStartPos(), std::ios_base::beg); - std::string header = hdr.createHeader(); - _out.write(header.c_str(), static_cast(header.size())); + std::string headerData = hdr.createHeader(); + _out.write(headerData.c_str(), static_cast(headerData.size())); _out.seekp(0, std::ios_base::end); } @@ -297,8 +297,8 @@ void Compress::addRecursive(const Poco::Path& entry, ZipCommon::CompressionMetho { Poco::Path realFile(entry, *it); Poco::Path renamedFile(aName, *it); - Poco::File aFile(realFile); - if (aFile.isDirectory()) + Poco::File childFile(realFile); + if (childFile.isDirectory()) { realFile.makeDirectory(); renamedFile.makeDirectory();