chore(codeql): address pre-existing CodeQL alerts #5243

Data/src/Row.cpp

@@ -306,6 +306,7 @@ bool Row::operator < (const Row& other) const
 			if (_values[it->get<0>()].convert<double>() <
 				other._values[it->get<0>()].convert<double>())
 				return true;
+			// CodeQL [cpp/float-equality]: intentional exact comparison in dynamic type system
 			else if (_values[it->get<0>()].convert<double>() !=
 				other._values[it->get<0>()].convert<double>())
 				return false;

Data/src/SQLChannel.cpp

@@ -257,7 +257,6 @@ void SQLChannel::run()
 	{
 		try
 		{
-			sleepTime = 100;
 			if (_reconnect)
 			{
 				close();

Data/testsuite/src/Extractor.h

@@ -417,7 +417,7 @@ class Extractor: public Poco::Data::AbstractExtractor
 	bool extract(std::size_t pos, Poco::Nullable<UUID>& val) override;
 		/// Extracts a Nullable<UUID>.
 
-	bool isNull(std::size_t col, std::size_t row = -1) override;
+	bool isNull(std::size_t col, std::size_t row = POCO_DATA_INVALID_ROW) override;
 		/// Returns true if the current row value at pos column is null.
 
 	void reset() override;

Foundation/include/Poco/Dynamic/Var.h

@@ -1858,6 +1858,7 @@ inline bool operator == (const float& other, const Var& da)
 	/// Equality operator for comparing Var with float
 {
 	if (da.isEmpty()) return false;
+	// CodeQL [cpp/float-equality]: intentional exact comparison in dynamic type system
 	return other == da.convert<float>();
 }
 
@@ -1866,6 +1867,7 @@ inline bool operator != (const float& other, const Var& da)
 	/// Inequality operator for comparing Var with float
 {
 	if (da.isEmpty()) return true;
+	// CodeQL [cpp/float-equality]: intentional exact comparison in dynamic type system
 	return other != da.convert<float>();
 }
 
@@ -1962,6 +1964,7 @@ inline bool operator == (const double& other, const Var& da)
 	/// Equality operator for comparing Var with double
 {
 	if (da.isEmpty()) return false;
+	// CodeQL [cpp/float-equality]: intentional exact comparison in dynamic type system
 	return other == da.convert<double>();
 }
 
@@ -1970,6 +1973,7 @@ inline bool operator != (const double& other, const Var& da)
 	/// Inequality operator for comparing Var with double
 {
 	if (da.isEmpty()) return true;
+	// CodeQL [cpp/float-equality]: intentional exact comparison in dynamic type system
 	return other != da.convert<double>();
 }
 

Foundation/src/SplitterChannel.cpp

@@ -29,7 +29,7 @@ SplitterChannel::~SplitterChannel()
 {
 	try
 	{
-		close();
+		SplitterChannel::close();
 	}
 	catch (...)
 	{

Foundation/src/Var.cpp

@@ -621,11 +621,5 @@ std::string Var::toString(const Var& any)
 	return res;
 }
 
-/*
-Var& Var::structIndexOperator(VarHolderImpl<Struct<int>>* pStr, int n) const
-{
-	return pStr->operator[](n);
-}
-*/
-
 } // namespace Poco::Dynamic
+

Foundation/src/VarIterator.cpp

@@ -14,7 +14,6 @@
 
 #include "Poco/Dynamic/VarIterator.h"
 #include "Poco/Dynamic/Var.h"
-//#include "Poco/Dynamic/Struct.h"
 #undef min
 #undef max
 #include <limits>

JSON/include/Poco/JSON/Object.h

@@ -604,19 +604,16 @@ class VarHolderImpl<JSON::Object::Ptr>: public VarHolder
 
 	void convert(DateTime& /*val*/) const override
 	{
-		//TODO: val = _val;
 		throw NotImplementedException("Conversion not implemented: JSON:Object => DateTime");
 	}
 
 	void convert(LocalDateTime& /*ldt*/) const override
 	{
-		//TODO: ldt = _val.timestamp();
 		throw NotImplementedException("Conversion not implemented: JSON:Object => LocalDateTime");
 	}
 
 	void convert(Timestamp& /*ts*/) const override
 	{
-		//TODO: ts = _val.timestamp();
 		throw NotImplementedException("Conversion not implemented: JSON:Object => Timestamp");
 	}
 
@@ -744,19 +741,16 @@ class VarHolderImpl<JSON::Object>: public VarHolder
 
 	void convert(DateTime& /*val*/) const override
 	{
-		//TODO: val = _val;
 		throw NotImplementedException("Conversion not implemented: JSON:Object => DateTime");
 	}
 
 	void convert(LocalDateTime& /*ldt*/) const override
 	{
-		//TODO: ldt = _val.timestamp();
 		throw NotImplementedException("Conversion not implemented: JSON:Object => LocalDateTime");
 	}
 
 	void convert(Timestamp& /*ts*/) const override
 	{
-		//TODO: ts = _val.timestamp();
 		throw NotImplementedException("Conversion not implemented: JSON:Object => Timestamp");
 	}
 

JSON/include/Poco/JSON/Parser.h

@@ -118,10 +118,10 @@ class JSON_API Parser: private ParserImpl
 		/// Returns the Handler.
 
 	Dynamic::Var asVar() const;
-		/// Returns the result of parsing;
+		/// Returns the result of parsing
 
 	Dynamic::Var result() const;
-		/// Returns the result of parsing as Dynamic::Var;
+		/// Returns the result of parsing as Dynamic::Var
 
 private:
 	Parser(const Parser&);

JSON/include/Poco/JSON/ParserImpl.h

@@ -81,10 +81,10 @@ class JSON_API ParserImpl
 		/// Returns the Handler.
 
 	Dynamic::Var asVarImpl() const;
-		/// Returns the result of parsing;
+		/// Returns the result of parsing
 
 	Dynamic::Var resultImpl() const;
-		/// Returns the result of parsing as Dynamic::Var;
+		/// Returns the result of parsing as Dynamic::Var
 
 private:
 	ParserImpl(const ParserImpl&);

JSON/src/Object.cpp

@@ -237,27 +237,6 @@ Poco::OrderedDynamicStruct Object::makeOrderedStruct(const Object::Ptr& obj)
 	return makeStructImpl<Poco::OrderedDynamicStruct>(obj);
 }
 
-/*
-void Object::resetOrdDynStruct() const
-{
-	if (!_pOrdStruct)
-		_pOrdStruct = new Poco::OrderedDynamicStruct;
-	else
-		_pOrdStruct->clear();
-}
-*/
-
-
-/*
-void Object::resetDynStruct() const
-{
-	if (!_pStruct)
-		_pStruct = new Poco::DynamicStruct;
-	else
-		_pStruct->clear();
-}*/
-
-
 Object::operator const Poco::DynamicStruct& () const
 {
 	if (_values.empty())

Net/include/Poco/Net/HTTPAuthenticationParams.h

@@ -52,7 +52,7 @@ class Net_API HTTPAuthenticationParams: public NameValueCollection
 	virtual ~HTTPAuthenticationParams();
 		/// Destroys the HTTPAuthenticationParams.
 
-	HTTPAuthenticationParams& operator = (const HTTPAuthenticationParams& authParams);
+	HTTPAuthenticationParams& operator = (const HTTPAuthenticationParams& authParams) = default;
 		/// Assigns the content of another HTTPAuthenticationParams.
 
 	void fromAuthInfo(const std::string& authInfo);

Net/include/Poco/Net/ICMPPacket.h

@@ -40,7 +40,7 @@ class Net_API ICMPPacket
 		/// Returns raw ICMP packet. ICMP header and data are included in the returned packet.
 
 	int packetSize() const;
-		/// Returns the total length of packet (header + data);
+		/// Returns the total length of packet (header + data)
 
 	Poco::UInt16 sequence() const;
 		/// Returns the most recent sequence number generated.
@@ -52,7 +52,7 @@ class Net_API ICMPPacket
 		/// Returns data size.
 
 	int maxPacketSize() const;
-		/// Returns the total length of packet (header + data);
+		/// Returns the total length of packet (header + data)
 
 	struct timeval time(Poco::UInt8* buffer = nullptr, int length = 0) const;
 		/// Returns current epoch time if either buffer or length are equal to zero.

Net/include/Poco/Net/ICMPv4PacketImpl.h

@@ -131,7 +131,7 @@ class Net_API ICMPv4PacketImpl : public ICMPPacketImpl
 		/// Destructor.
 
 	int packetSize() const;
-		/// Returns the total length of packet (header + data);
+		/// Returns the total length of packet (header + data)
 
 	struct timeval time(Poco::UInt8* buffer = nullptr, int length = 0) const;
 		/// Returns current epoch time if either buffer or length are equal to zero.

Net/include/Poco/Net/SocketConnector.h

@@ -113,6 +113,7 @@ class SocketConnector
 		///
 		/// The overriding method must call the baseclass implementation first.
 	{
+		// CodeQL [cpp/local-address-stored]: reactor lifetime managed by caller; outlives connector by design
 		_pReactor = &reactor;
 		_pReactor->addEventHandler(_socket, Poco::NObserver<SocketConnector, ReadableNotification>(*this, &SocketConnector::onReadable));
 		_pReactor->addEventHandler(_socket, Poco::NObserver<SocketConnector, WritableNotification>(*this, &SocketConnector::onWritable));

Net/include/Poco/Net/SocketNotifier.h

@@ -61,7 +61,7 @@ class Net_API SocketNotifier: public Poco::RefCountedObject
 		/// Returns true if there are subscribers.
 
 	std::size_t countObservers() const;
-		/// Returns the number of subscribers;
+		/// Returns the number of subscribers
 
 	Socket socket() const;
 		/// Returns the socket.

Net/src/DNS.cpp

@@ -528,8 +528,6 @@ int punycode_encode(size_t input_length_orig, const punycode_uint input[], size_
 			if (max_out - out < 2) return punycode_big_output;
 			output[out++] = (char) input[j];
 		}
-		/* else if (input[j] < n) return punycode_bad_input; */
-		/* (not needed for Punycode with unsigned code points) */
 	}
 
 	h = b = (punycode_uint) out;
@@ -550,8 +548,6 @@ int punycode_encode(size_t input_length_orig, const punycode_uint input[], size_
 
 		for (m = maxint, j = 0;  j < input_length;  ++j)
 		{
-			/* if (basic(input[j])) continue; */
-			/* (not needed for Punycode) */
 			if (input[j] >= n && input[j] < m) m = input[j];
 		}
 
@@ -666,8 +662,6 @@ int punycode_decode(size_t input_length, const char input[], size_t *output_leng
 
 		/* Insert n at position i of the output: */
 
-		/* not needed for Punycode: */
-		/* if (basic(n)) return punycode_bad_input; */
 		if (out >= max_out) return punycode_big_output;
 
 		std::memmove(output + i + 1, output + i, (out - i) * sizeof *output);

Net/src/FTPClientSession.cpp

@@ -60,7 +60,7 @@ FTPClientSession::FTPClientSession(const StreamSocket& socket,
 	_pControlSocket->setReceiveTimeout(_timeout);
 	if (readWelcomeMessage)
 	{
-		receiveServerReadyReply();
+		FTPClientSession::receiveServerReadyReply();
 	}
 	else
 	{

Net/src/HTTPAuthenticationParams.cpp

@@ -98,14 +98,6 @@ HTTPAuthenticationParams::~HTTPAuthenticationParams()
 }
 
 
-HTTPAuthenticationParams& HTTPAuthenticationParams::operator = (const HTTPAuthenticationParams& authParams)
-{
-	NameValueCollection::operator = (authParams);
-
-	return *this;
-}
-
-
 void HTTPAuthenticationParams::fromAuthInfo(const std::string& authInfo)
 {
 	parse(authInfo.begin(), authInfo.end());

Net/src/HTTPClientSession.cpp

@@ -280,6 +280,7 @@ std::ostream& HTTPClientSession::sendRequest(HTTPRequest& request)
 		if (!_proxyConfig.host.empty() && !bypassProxy())
 		{
 			std::string prefix = proxyRequestPrefix();
+			// CodeQL [cpp/auth-bypass]: proxy prefix rewriting, not authentication logic
 			if (!prefix.empty() && request.getURI().compare(0, 7, "http://") != 0 && request.getURI().compare(0, 8, "https://") != 0)
 				request.setURI(prefix + request.getURI());
 			if (keepAlive) request.set(HTTPMessage::PROXY_CONNECTION, HTTPMessage::CONNECTION_KEEP_ALIVE);

Net/src/ICMPv4PacketImpl.cpp

@@ -208,13 +208,14 @@ std::string ICMPv4PacketImpl::errorDescription(unsigned char* buffer, int length
 
 	type = icp->type;
 	MessageType msgType = static_cast<MessageType>(type);
-	code = icp->code;
+	code = static_cast<int>(icp->code);
 	std::ostringstream err;
 
 	switch (msgType)
 	{
 	case DESTINATION_UNREACHABLE_TYPE:
-		if (code >= NET_UNREACHABLE && code < DESTINATION_UNREACHABLE_UNKNOWN)
+		// lower-bound check is defensive (enum values may change)
+		if (code >= static_cast<int>(NET_UNREACHABLE) && code < static_cast<int>(DESTINATION_UNREACHABLE_UNKNOWN))
 			err << DESTINATION_UNREACHABLE_CODE[code];
 		else
 			err << DESTINATION_UNREACHABLE_CODE[DESTINATION_UNREACHABLE_UNKNOWN];
@@ -225,22 +226,24 @@ std::string ICMPv4PacketImpl::errorDescription(unsigned char* buffer, int length
 		break;
 
 	case REDIRECT_MESSAGE_TYPE:
-		if (code >= REDIRECT_NETWORK && code < REDIRECT_MESSAGE_UNKNOWN)
+		// lower-bound check is defensive (enum values may change)
+		if (code >= static_cast<int>(REDIRECT_NETWORK) && code < static_cast<int>(REDIRECT_MESSAGE_UNKNOWN))
 			err << REDIRECT_MESSAGE_CODE[code];
 		else
 			err << REDIRECT_MESSAGE_CODE[REDIRECT_MESSAGE_UNKNOWN];
 		break;
 
 	case TIME_EXCEEDED_TYPE:
-		if (code >= TIME_TO_LIVE && code < TIME_EXCEEDED_UNKNOWN)
+		// lower-bound check is defensive (enum values may change)
+		if (code >= static_cast<int>(TIME_TO_LIVE) && code < static_cast<int>(TIME_EXCEEDED_UNKNOWN))
 			err << TIME_EXCEEDED_CODE[code];
 		else
 			err << TIME_EXCEEDED_CODE[TIME_EXCEEDED_UNKNOWN];
 		break;
 
 	case PARAMETER_PROBLEM_TYPE:
-		if (POINTER_INDICATES_THE_ERROR != code)
-			code = PARAMETER_PROBLEM_UNKNOWN;
+		if (static_cast<int>(POINTER_INDICATES_THE_ERROR) != code)
+			code = static_cast<int>(PARAMETER_PROBLEM_UNKNOWN);
 		err << PARAMETER_PROBLEM_CODE[code] << ": error in octet #" << pointer;
 		break;
 

Net/src/IPAddress.cpp

@@ -563,6 +563,7 @@ std::string IPAddress::trimIPv6(const std::string& v6Addr)
 	if ((dblColOcc > 1) ||
 		(std::count(v6addr.begin(), v6addr.end(), ':') > 8) ||
 		(v6addr.find(":::") != std::string::npos) ||
+		// CodeQL [cpp/constant-comparison]: intentional IPv6 validation — checks for trailing single colon
 		((len >= 2) && ((v6addr[len-1] == ':') && v6addr[len-2] != ':')))
 	{
 		return v6addr;
@@ -581,6 +582,7 @@ IPAddress IPAddress::parse(const std::string& addr)
 bool IPAddress::tryParse(const std::string& addr, IPAddress& result)
 {
 	IPv4AddressImpl impl4(IPv4AddressImpl::parse(addr));
+	// CodeQL [cpp/auth-bypass]: IP address parsing, not authentication
 	if (impl4 != IPv4AddressImpl() || trim(addr) == "0.0.0.0")
 	{
 		result.newIPv4(impl4.addr());

Net/src/MailMessage.cpp

@@ -347,8 +347,8 @@ void MailMessage::read(std::istream& istr, PartHandler& handler)
 	}
 	else
 	{
-		StringPartHandler handler(_content);
-		readPart(istr, *this, handler);
+		StringPartHandler stringHandler(_content);
+		readPart(istr, *this, stringHandler);
 	}
 }