Fix clang-tidy readability-isolate-declaration warnings

I missed one of these in review so a machine is probably better at
catching them.

I fixed the existing instances which where largely in code which look
dated. Where possible I slightly reorganized the code so we do not have
to leave values uninitialized, but did not touch up anything else.

src/analyzer/protocol/http/HTTP.cc

@@ -375,7 +375,8 @@ void HTTP_Entity::SubmitHeader(analyzer::mime::MIME_Header* h) {
             DEBUG_MSG("Parsed Content-Range: %s %s-%s/%s\n", byte_unit.c_str(), first_byte_pos.c_str(),
                       last_byte_pos.c_str(), instance_length_str.c_str());
 
-        int64_t f, l;
+        int64_t f;
+        int64_t l;
         int fr = util::atoi_n(first_byte_pos.size(), first_byte_pos.c_str(), nullptr, 10, f);
         int lr = util::atoi_n(last_byte_pos.size(), last_byte_pos.c_str(), nullptr, 10, l);
         if ( fr != 1 || lr != 1 ) {

src/analyzer/protocol/ident/Ident.cc

@@ -39,7 +39,6 @@ void Ident_Analyzer::Done() {
 void Ident_Analyzer::DeliverStream(int length, const u_char* data, bool is_orig) {
     analyzer::tcp::TCP_ApplicationAnalyzer::DeliverStream(length, data, is_orig);
 
-    int remote_port, local_port;
     const char* line = (const char*)data;
     const char* orig_line = line;
     const char* end_of_line = line + length;
@@ -56,7 +55,10 @@ void Ident_Analyzer::DeliverStream(int length, const u_char* data, bool is_orig)
         if ( ! ident_request )
             return;
 
+        int remote_port;
+        int local_port;
         line = ParsePair(line, end_of_line, remote_port, local_port);
+
         if ( ! line ) {
             if ( s && s->state == analyzer::tcp::TCP_ENDPOINT_CLOSED &&
                  (s->prev_state == analyzer::tcp::TCP_ENDPOINT_INACTIVE ||
@@ -83,6 +85,8 @@ void Ident_Analyzer::DeliverStream(int length, const u_char* data, bool is_orig)
         if ( ! ident_reply )
             return;
 
+        int remote_port;
+        int local_port;
         line = ParsePair(line, end_of_line, remote_port, local_port);
 
         if ( ! line || line == end_of_line || line[0] != ':' ) {

src/analyzer/protocol/krb/krb-analyzer.pac

@@ -94,8 +94,10 @@ zeek::RecordValPtr proc_krb_kdc_req_arguments(KRB_KDC_REQ* msg, const ZeekAnalyz
 
 bool proc_error_arguments(zeek::RecordVal* rv, const std::vector<KRB_ERROR_Arg*>* args, int64 error_code )
 {
-	uint ctime_i = 0, stime_i = 0;
-	int64 ctime_usecs = 0, stime_usecs = 0;
+	uint ctime_i = 0;
+	uint stime_i = 0;
+	int64 ctime_usecs = 0;
+	int64 stime_usecs = 0;
 
 	// We need to do a pass first, to see if we have microseconds for the timestamp values, which are optional
 

src/analyzer/protocol/login/Login.cc

@@ -76,8 +76,8 @@ void Login_Analyzer::DeliverStream(int length, const u_char* line, bool orig) {
     char* str = new char[length + 1];
 
     // Eliminate NUL characters.
-    int i, j;
-    for ( i = 0, j = 0; i < length; ++i )
+    int j = 0;
+    for ( int i = 0; i < length; ++i )
         if ( line[i] != '\0' )
             str[j++] = line[i];
         else {

src/analyzer/protocol/login/NVT.cc

@@ -239,7 +239,8 @@ void TelnetEnvironmentOption::RecvSubOption(u_char* data, int len) {
     ++data;
 
     while ( len > 0 ) {
-        int code1, code2;
+        int code1;
+        int code2;
         char* var_name = ExtractEnv(data, len, code1);
         char* var_val = ExtractEnv(data, len, code2);
 

src/analyzer/protocol/mime/MIME.cc

@@ -681,10 +681,10 @@ bool MIME_Entity::ParseContentTypeField(MIME_Header* h) {
     int len = val.length;
     const char* data = val.data;
 
-    data_chunk_t ty, subty;
-    int offset;
+    data_chunk_t ty;
+    data_chunk_t subty;
+    int offset = MIME_get_slash_token_pair(len, data, &ty, &subty);
 
-    offset = MIME_get_slash_token_pair(len, data, &ty, &subty);
     if ( offset < 0 ) {
         IllegalFormat("media type/subtype not found in content type");
         return false;
@@ -930,9 +930,8 @@ void MIME_Entity::DecodeQuotedPrintable(int len, const char* data) {
             else {
                 int legal = 0;
                 if ( i + 2 < len ) {
-                    int a, b;
-                    a = util::decode_hex(data[i + 1]);
-                    b = util::decode_hex(data[i + 2]);
+                    int a = util::decode_hex(data[i + 1]);
+                    int b = util::decode_hex(data[i + 2]);
 
                     if ( a >= 0 && b >= 0 ) {
                         DataOctet((a << 4) + b);

src/analyzer/protocol/netbios/functions.bif

@@ -27,10 +27,10 @@ function decode_netbios_name%(name: string%): string
 
 	unsigned char buf[16];
 	const u_char* s = name->Bytes();
-	int i, j;
 	int length = 0;
 
-	for ( i = 0, j = 0; i < 16; ++i )
+	int j = 0;
+	for ( int i = 0; i < 16; ++i ) // NOLINT(modernize-loop-convert)
 		{
 		char c0 = netbios_toupper(s[j++]);
 		char c1 = netbios_toupper(s[j++]);

src/analyzer/protocol/quic/decrypt_crypto.cc

@@ -151,7 +151,8 @@ Function that calls the AEAD decryption routine, and returns the decrypted data.
 */
 hilti::rt::Bytes decrypt(const std::vector<uint8_t>& client_key, const hilti::rt::Bytes& data, uint64_t payload_length,
                          const DecryptionInformation& decryptInfo) {
-    int out, out2;
+    int out = 0;
+    int out2 = 0;
 
     if ( payload_length < decryptInfo.packet_number_length + AEAD_TAG_LENGTH )
         throw hilti::rt::RuntimeError(hilti::rt::fmt("payload too small %ld < %ld", payload_length,

src/analyzer/protocol/ssl/SSL.cc

@@ -141,7 +141,8 @@ std::optional<std::vector<u_char>> SSL_Analyzer::TLS12_PRF(const std::string& se
     // alloc context + params
     EVP_KDF* kdf = EVP_KDF_fetch(nullptr, "TLS1-PRF", nullptr);
     EVP_KDF_CTX* kctx = EVP_KDF_CTX_new(kdf);
-    OSSL_PARAM params[4], *p = params;
+    OSSL_PARAM params[4];
+    OSSL_PARAM* p = params;
     EVP_KDF_free(kdf);
 #else  /* OSSL 3 */
     // alloc buffers