diff --git a/.clang-tidy b/.clang-tidy index c36e9db0e4..77889d4f90 100644 --- a/.clang-tidy +++ b/.clang-tidy @@ -2,6 +2,12 @@ Checks: [-*, bugprone-*, performance-*, + # Enable a very limited number of the cppcoreguidelines checkers. + # See the notes for some of the rest of them below. + cppcoreguidelines-macro-usage, + cppcoreguidelines-misleading-capture-default-by-value, + cppcoreguidelines-virtual-class-destructor, + # Skipping these temporarily because they are very noisy -bugprone-narrowing-conversions, -bugprone-unchecked-optional-access, @@ -29,4 +35,14 @@ Checks: [-*, # This one returns a bunch of findings in DFA and the sqlite library. # We're unlikely to fix either of them. -performance-no-int-to-ptr, + + # These cppcoreguidelines checkers are things we should investigate + # and possibly fix, but there are so many findings that we're holding + # off doing it for now. + #cppcoreguidelines-init-variables, + #cppcoreguidelines-prefer-member-initializer, + #cppcoreguidelines-pro-type-member-init, + #cppcoreguidelines-pro-type-cstyle-cast, + #cppcoreguidelines-pro-type-static-cast-downcast, + #cppcoreguidelines-special-member-functions, ] diff --git a/CHANGES b/CHANGES index 4def870271..f3d7bb4a13 100644 --- a/CHANGES +++ b/CHANGES @@ -1,3 +1,22 @@ +8.0.0-dev.353 | 2025-06-04 09:38:20 -0700 + + * Add some notes about missing/disabled cppcoreguildlines clang-tidy checkers (Tim Wojtulewicz, Corelight) + + * Fix clang-tidy cppcoreguidelines-macro-usage findings (macro functions) (Tim Wojtulewicz, Corelight) + + * Fix clang-tidy cppcoreguidelines-macro-usage findings (macros as constants) (Tim Wojtulewicz, Corelight) + + * script_opt: Add missing virtual destructor (cppcoreguidelines-virtual-class-destructor) (Tim Wojtulewicz, Corelight) + + * Parallelize coverage/bare-mode-errors (Johanna Amann, Corelight) + + Currently, coverage/bare-mode-errors is one of the slowest tests in the + entire test suite. This is caused by the fact that it has to repeatedly + launch Zeek for every script that we ship. This is done sequentially. + + This commit changes this test to use xargs to spawn 20 parallell + processes. + 8.0.0-dev.346 | 2025-06-04 08:39:54 -0400 * Fix Spicy re-enable builtin analyzer debug message (Evan Typanski, Corelight) diff --git a/VERSION b/VERSION index 108bdde5f5..7021555dc0 100644 --- a/VERSION +++ b/VERSION @@ -1 +1 @@ -8.0.0-dev.346 +8.0.0-dev.353 diff --git a/src/Desc.cc b/src/Desc.cc index 3e001ce4e9..d11c9f4ab6 100644 --- a/src/Desc.cc +++ b/src/Desc.cc @@ -11,8 +11,8 @@ #include "zeek/IPAddr.h" #include "zeek/Reporter.h" -#define DEFAULT_SIZE 128 -#define SLOP 10 +constexpr unsigned int DEFAULT_SIZE = 128; +constexpr int SLOP = 10; namespace zeek { diff --git a/src/Expr.cc b/src/Expr.cc index 35391eea34..06f142100f 100644 --- a/src/Expr.cc +++ b/src/Expr.cc @@ -742,6 +742,8 @@ ValPtr BinaryExpr::Fold(Val* v1, Val* v2) const { RuntimeErrorWithCallStack("bad type in BinaryExpr::Fold"); switch ( tag ) { + // Once we have C++20, these macros can become templated lambdas. + // NOLINTBEGIN(cppcoreguidelines-macro-usage) #define DO_INT_FOLD(op) \ if ( is_integral ) \ i3 = i1 op i2; \ @@ -771,6 +773,7 @@ ValPtr BinaryExpr::Fold(Val* v1, Val* v2) const { i3 = u1 op u2; \ else \ i3 = d1 op d2; + // NOLINTEND(cppcoreguidelines-macro-usage) case EXPR_ADD: case EXPR_ADD_TO: DO_FOLD(+); break; @@ -892,13 +895,13 @@ ValPtr BinaryExpr::StringFold(Val* v1, Val* v2) const { switch ( tag ) { #undef DO_FOLD -// NOLINTBEGIN(bugprone-macro-parentheses) +// NOLINTBEGIN(bugprone-macro-parentheses, cppcoreguidelines-macro-usage) #define DO_FOLD(sense) \ { \ result = Bstr_cmp(s1, s2) sense 0; \ break; \ } - // NOLINTEND(bugprone-macro-parentheses) + // NOLINTEND(bugprone-macro-parentheses, cppcoreguidelines-macro-usage) case EXPR_LT: DO_FOLD(<) case EXPR_LE: DO_FOLD(<=) diff --git a/src/Type.cc b/src/Type.cc index b504dfe59f..c00f0951af 100644 --- a/src/Type.cc +++ b/src/Type.cc @@ -69,6 +69,7 @@ Type::Type(TypeTag t, bool arg_base_type) is_network_order(zeek::is_network_order(t)), base_type(arg_base_type) {} +// NOLINTNEXTLINE(cppcoreguidelines-macro-usage) #define CHECK_TYPE_TAG(tag_type, func_name) CHECK_TAG(tag, tag_type, func_name, type_name) const TypeList* Type::AsTypeList() const { diff --git a/src/Val.cc b/src/Val.cc index d2543ed375..19dd67fcd2 100644 --- a/src/Val.cc +++ b/src/Val.cc @@ -6,6 +6,7 @@ #include #include +// NOLINTNEXTLINE(cppcoreguidelines-macro-usage) #define RAPIDJSON_HAS_STDSTRING 1 #include #include @@ -52,6 +53,8 @@ Val::~Val() { #endif } +// NOLINTBEGIN(cppcoreguidelines-macro-usage) + #define CONVERTER(tag, ctype, name) \ ctype name() { \ CHECK_TAG(type->Tag(), tag, "Val::CONVERTER", type_name) \ @@ -68,6 +71,8 @@ Val::~Val() { CONVERTER(tag, ctype, name) \ CONST_CONVERTER(tag, ctype, name) +// NOLINTEND(cppcoreguidelines-macro-usage) + CONVERTERS(TYPE_FUNC, FuncVal*, Val::AsFuncVal) CONVERTERS(TYPE_FILE, FileVal*, Val::AsFileVal) CONVERTERS(TYPE_PATTERN, PatternVal*, Val::AsPatternVal) diff --git a/src/analyzer/protocol/bittorrent/BitTorrentTracker.cc b/src/analyzer/protocol/bittorrent/BitTorrentTracker.cc index 178687623c..dc4b8acce4 100644 --- a/src/analyzer/protocol/bittorrent/BitTorrentTracker.cc +++ b/src/analyzer/protocol/bittorrent/BitTorrentTracker.cc @@ -456,7 +456,7 @@ void BitTorrentTracker_Analyzer::ResponseBody(void) { } } -int BitTorrentTracker_Analyzer::ResponseParseBenc(void) { +// NOLINTNEXTLINE(cppcoreguidelines-macro-usage) #define VIOLATION_IF(expr, msg) \ { \ if ( expr ) { \ @@ -466,12 +466,12 @@ int BitTorrentTracker_Analyzer::ResponseParseBenc(void) { } \ } -#define INC_COUNT \ - { \ - unsigned int count = benc_count.back(); \ - benc_count.pop_back(); \ - benc_count.push_back(count + 1); \ - } +int BitTorrentTracker_Analyzer::ResponseParseBenc(void) { + auto INC_COUNT = [this]() { + unsigned int count = benc_count.back(); + benc_count.pop_back(); + benc_count.push_back(count + 1); + }; for ( unsigned int len = res_buf_len - (res_buf_pos - res_buf); len; --len, ++res_buf_pos ) { switch ( benc_state ) { @@ -551,7 +551,7 @@ int BitTorrentTracker_Analyzer::ResponseParseBenc(void) { benc_count.pop_back(); if ( benc_stack.size() ) - INC_COUNT + INC_COUNT(); else { // benc parsing successful ++res_buf_pos; return 0; @@ -612,7 +612,7 @@ int BitTorrentTracker_Analyzer::ResponseParseBenc(void) { else VIOLATION_IF(1, "BitTorrentTracker: no valid bencoding") - INC_COUNT + INC_COUNT(); benc_state = detail::BENC_STATE_EMPTY; } @@ -686,7 +686,7 @@ int BitTorrentTracker_Analyzer::ResponseParseBenc(void) { ++len; } - INC_COUNT + INC_COUNT(); benc_state = detail::BENC_STATE_EMPTY; } break; diff --git a/src/analyzer/protocol/login/Login.cc b/src/analyzer/protocol/login/Login.cc index 6fb360bb25..ee06843d5d 100644 --- a/src/analyzer/protocol/login/Login.cc +++ b/src/analyzer/protocol/login/Login.cc @@ -133,10 +133,11 @@ void Login_Analyzer::NewLine(bool orig, char* line) { } } +constexpr char VMS_REPEAT_SEQ[] = "\x1b[A"; + void Login_Analyzer::AuthenticationDialog(bool orig, char* line) { if ( orig ) { if ( is_VMS ) { -#define VMS_REPEAT_SEQ "\x1b[A" char* repeat_prev_line = strstr(line, VMS_REPEAT_SEQ); if ( repeat_prev_line ) { if ( repeat_prev_line[strlen(VMS_REPEAT_SEQ)] ) { diff --git a/src/analyzer/protocol/login/NVT.cc b/src/analyzer/protocol/login/NVT.cc index 1543bdd79d..6de963e323 100644 --- a/src/analyzer/protocol/login/NVT.cc +++ b/src/analyzer/protocol/login/NVT.cc @@ -9,29 +9,24 @@ #include "zeek/analyzer/protocol/login/events.bif.h" #include "zeek/analyzer/protocol/tcp/TCP.h" -#define IS_3_BYTE_OPTION(c) ((c) >= 251 && (c) <= 254) +constexpr bool IS_3_BYTE_OPTION(unsigned int code) { return code >= 251 && code <= 254; } -#define TELNET_OPT_SB 250 -#define TELNET_OPT_SE 240 +static constexpr uint8_t TELNET_OPT_SB = 250; +static constexpr uint8_t TELNET_OPT_SE = 240; -#define TELNET_OPT_IS 0 -#define TELNET_OPT_SEND 1 +static constexpr uint8_t TELNET_OPT_IS = 0; +static constexpr uint8_t TELNET_OPT_SEND = 1; -#define TELNET_OPT_WILL 251 -#define TELNET_OPT_WONT 252 -#define TELNET_OPT_DO 253 -#define TELNET_OPT_DONT 254 +static constexpr uint8_t TELNET_OPT_WILL = 251; +static constexpr uint8_t TELNET_OPT_WONT = 252; +static constexpr uint8_t TELNET_OPT_DO = 253; +static constexpr uint8_t TELNET_OPT_DONT = 254; -#define TELNET_IAC 255 +static constexpr uint8_t TELNET_IAC = 255; namespace zeek::analyzer::login { -TelnetOption::TelnetOption(NVT_Analyzer* arg_endp, unsigned int arg_code) { - endp = arg_endp; - code = arg_code; - flags = 0; - active = 0; -} +TelnetOption::TelnetOption(NVT_Analyzer* arg_endp, unsigned int arg_code) : endp(arg_endp), code(arg_code) {} void TelnetOption::RecvOption(unsigned int type) { TelnetOption* peer = endp->FindPeerOption(code); @@ -114,15 +109,17 @@ void TelnetTerminalOption::RecvSubOption(u_char* data, int len) { endp->SetTerminal(data + 1, len - 1); } -#define ENCRYPT_SET_ALGORITHM 0 -#define ENCRYPT_SUPPORT_ALGORITHM 1 -#define ENCRYPT_REPLY 2 -#define ENCRYPT_STARTING_TO_ENCRYPT 3 -#define ENCRYPT_NO_LONGER_ENCRYPTING 4 -#define ENCRYPT_REQUEST_START_TO_ENCRYPT 5 -#define ENCRYPT_REQUEST_NO_LONGER_ENCRYPT 6 -#define ENCRYPT_ENCRYPT_KEY 7 -#define ENCRYPT_DECRYPT_KEY 8 +enum EncryptOptions : uint8_t { + ENCRYPT_SET_ALGORITHM = 0, + ENCRYPT_SUPPORT_ALGORITHM = 1, + ENCRYPT_REPLY = 2, + ENCRYPT_STARTING_TO_ENCRYPT = 3, + ENCRYPT_NO_LONGER_ENCRYPTING = 4, + ENCRYPT_REQUEST_START_TO_ENCRYPT = 5, + ENCRYPT_REQUEST_NO_LONGER_ENCRYPT = 6, + ENCRYPT_ENCRYPT_KEY = 7, + ENCRYPT_DECRYPT_KEY = 8, +}; void TelnetEncryptOption::RecvSubOption(u_char* data, int len) { if ( ! active ) { @@ -157,13 +154,15 @@ void TelnetEncryptOption::RecvSubOption(u_char* data, int len) { } } -#define HERE_IS_AUTHENTICATION 0 -#define SEND_ME_AUTHENTICATION 1 -#define AUTHENTICATION_STATUS 2 -#define AUTHENTICATION_NAME 3 +enum AuthOptions : uint8_t { + HERE_IS_AUTHENTICATION = 0, + SEND_ME_AUTHENTICATION = 1, + AUTHENTICATION_STATUS = 2, + AUTHENTICATION_NAME = 3, +}; -#define AUTH_REJECT 1 -#define AUTH_ACCEPT 2 +constexpr int AUTH_REJECT = 1; +constexpr int AUTH_ACCEPT = 2; void TelnetAuthenticateOption::RecvSubOption(u_char* data, int len) { if ( len <= 0 ) { @@ -212,14 +211,14 @@ void TelnetAuthenticateOption::RecvSubOption(u_char* data, int len) { } } -#define ENVIRON_IS 0 -#define ENVIRON_SEND 1 -#define ENVIRON_INFO 2 +constexpr uint8_t ENVIRON_IS = 0; +constexpr uint8_t ENVIRON_SEND = 1; +constexpr uint8_t ENVIRON_INFO = 2; -#define ENVIRON_VAR 0 -#define ENVIRON_VAL 1 -#define ENVIRON_ESC 2 -#define ENVIRON_USERVAR 3 +constexpr uint8_t ENVIRON_VAR = 0; +constexpr uint8_t ENVIRON_VAL = 1; +constexpr uint8_t ENVIRON_ESC = 2; +constexpr uint8_t ENVIRON_USERVAR = 3; void TelnetEnvironmentOption::RecvSubOption(u_char* data, int len) { if ( len <= 0 ) { @@ -386,7 +385,7 @@ void NVT_Analyzer::SetEncrypting(int mode) { Event(activating_encryption); } -#define MAX_DELIVER_UNIT 128 +constexpr int MAX_DELIVER_UNIT = 128; void NVT_Analyzer::DoDeliver(int len, const u_char* data) { while ( len > 0 ) { @@ -412,17 +411,13 @@ void NVT_Analyzer::DeliverChunk(int& len, const u_char*& data) { if ( binary_mode && c != TELNET_IAC ) c &= 0x7f; -#define EMIT_LINE \ - { \ - buf[offset] = '\0'; \ - ForwardStream(offset, buf, IsOrig()); \ - offset = 0; \ - } - switch ( c ) { case '\r': - if ( CRLFAsEOL() & CR_as_EOL ) - EMIT_LINE + if ( CRLFAsEOL() & CR_as_EOL ) { + buf[offset] = '\0'; + ForwardStream(offset, buf, IsOrig()); + offset = 0; + } else buf[offset++] = c; break; @@ -434,12 +429,17 @@ void NVT_Analyzer::DeliverChunk(int& len, const u_char*& data) { ; else { --offset; // remove '\r' - EMIT_LINE + buf[offset] = '\0'; + ForwardStream(offset, buf, IsOrig()); + offset = 0; } } - else if ( CRLFAsEOL() & LF_as_EOL ) - EMIT_LINE + else if ( CRLFAsEOL() & LF_as_EOL ) { + buf[offset] = '\0'; + ForwardStream(offset, buf, IsOrig()); + offset = 0; + } else { if ( Conn()->FlagEvent(SINGULAR_LF) ) diff --git a/src/analyzer/protocol/login/NVT.h b/src/analyzer/protocol/login/NVT.h index 4ef15d4351..3f8a99af88 100644 --- a/src/analyzer/protocol/login/NVT.h +++ b/src/analyzer/protocol/login/NVT.h @@ -4,12 +4,12 @@ #include "zeek/analyzer/protocol/tcp/ContentLine.h" -#define TELNET_OPTION_BINARY 0 -#define TELNET_OPTION_TERMINAL 24 -#define TELNET_OPTION_AUTHENTICATE 37 -#define TELNET_OPTION_ENCRYPT 38 -#define TELNET_OPTION_ENVIRON 39 -#define NUM_TELNET_OPTIONS 5 +constexpr uint8_t TELNET_OPTION_BINARY = 0; +constexpr uint8_t TELNET_OPTION_TERMINAL = 24; +constexpr uint8_t TELNET_OPTION_AUTHENTICATE = 37; +constexpr uint8_t TELNET_OPTION_ENCRYPT = 38; +constexpr uint8_t TELNET_OPTION_ENVIRON = 39; +constexpr uint8_t NUM_TELNET_OPTIONS = 5; namespace zeek::analyzer::login { @@ -20,11 +20,8 @@ public: TelnetOption(NVT_Analyzer* endp, unsigned int code); virtual ~TelnetOption() {} -// Whether we told the other side WILL/WONT/DO/DONT. -#define OPT_SAID_WILL 0x1 -#define OPT_SAID_WONT 0x2 -#define OPT_SAID_DO 0x4 -#define OPT_SAID_DONT 0x8 + // Whether we told the other side WILL/WONT/DO/DONT. + enum SaidOptions : uint8_t { OPT_SAID_WILL = 0x1, OPT_SAID_WONT = 0x2, OPT_SAID_DO = 0x4, OPT_SAID_DONT = 0x8 }; unsigned int Code() const { return code; } @@ -52,10 +49,10 @@ protected: virtual void InconsistentOption(unsigned int type); virtual void BadOption(); - NVT_Analyzer* endp; + NVT_Analyzer* endp = nullptr; unsigned int code; - int flags; - int active; + int flags = 0; + bool active = false; }; namespace detail { diff --git a/src/analyzer/protocol/ncp/NCP.cc b/src/analyzer/protocol/ncp/NCP.cc index 03c5a4486d..7cd518d14f 100644 --- a/src/analyzer/protocol/ncp/NCP.cc +++ b/src/analyzer/protocol/ncp/NCP.cc @@ -9,11 +9,6 @@ using namespace std; -#define xbyte(b, n) (((const u_char*)(b))[n]) -#define extract_uint16(little_endian, bytes) \ - ((little_endian) ? uint16(xbyte(bytes, 0)) | ((uint16(xbyte(bytes, 1))) << 8) : \ - uint16(xbyte(bytes, 1)) | ((uint16(xbyte(bytes, 0))) << 8)) - namespace zeek::analyzer::ncp { namespace detail { diff --git a/src/analyzer/protocol/netbios/NetbiosSSN.cc b/src/analyzer/protocol/netbios/NetbiosSSN.cc index c9106537b2..33ef723531 100644 --- a/src/analyzer/protocol/netbios/NetbiosSSN.cc +++ b/src/analyzer/protocol/netbios/NetbiosSSN.cc @@ -10,14 +10,15 @@ #include "zeek/analyzer/protocol/netbios/events.bif.h" #include "zeek/session/Manager.h" -constexpr double netbios_ssn_session_timeout = 15.0; +static constexpr double netbios_ssn_session_timeout = 15.0; -#define MAKE_INT16(dest, src) \ - (dest) = *(src); \ - (dest) <<= 8; \ - (src)++; \ - (dest) |= *(src); \ - (src)++; +static constexpr void MAKE_INT16(uint16_t& dest, const u_char*& src) { + dest = *src; + dest <= 8; + src++; + dest |= *src; + src++; +} namespace zeek::analyzer::netbios_ssn { namespace detail { diff --git a/src/analyzer/protocol/pop3/POP3.cc b/src/analyzer/protocol/pop3/POP3.cc index d9d2466ae7..e1a3e240aa 100644 --- a/src/analyzer/protocol/pop3/POP3.cc +++ b/src/analyzer/protocol/pop3/POP3.cc @@ -24,8 +24,6 @@ static const char* pop3_cmd_word[] = { #include "POP3_cmd.def" }; -#define POP3_CMD_WORD(code) (((code) >= 0) ? pop3_cmd_word[code] : "(UNKNOWN)") - POP3_Analyzer::POP3_Analyzer(Connection* conn) : analyzer::tcp::TCP_ApplicationAnalyzer("POP3", conn) { masterState = detail::POP3_START; subState = detail::POP3_WOK; diff --git a/src/analyzer/protocol/rpc/Portmap.cc b/src/analyzer/protocol/rpc/Portmap.cc index d3ccf6fa5f..4676699941 100644 --- a/src/analyzer/protocol/rpc/Portmap.cc +++ b/src/analyzer/protocol/rpc/Portmap.cc @@ -5,12 +5,14 @@ #include "zeek/analyzer/protocol/rpc/XDR.h" #include "zeek/analyzer/protocol/rpc/events.bif.h" -#define PMAPPROC_NULL 0 -#define PMAPPROC_SET 1 -#define PMAPPROC_UNSET 2 -#define PMAPPROC_GETPORT 3 -#define PMAPPROC_DUMP 4 -#define PMAPPROC_CALLIT 5 +enum PortmapperProcs : uint8_t { + PMAPPROC_NULL = 0, + PMAPPROC_SET = 1, + PMAPPROC_UNSET = 2, + PMAPPROC_GETPORT = 3, + PMAPPROC_DUMP = 4, + PMAPPROC_CALLIT = 5, +}; namespace zeek::analyzer::rpc { namespace detail { diff --git a/src/analyzer/protocol/rpc/RPC.cc b/src/analyzer/protocol/rpc/RPC.cc index 8ca5e37271..f7a1eb67a1 100644 --- a/src/analyzer/protocol/rpc/RPC.cc +++ b/src/analyzer/protocol/rpc/RPC.cc @@ -19,7 +19,7 @@ const bool DEBUG_rpc_resync = false; // TODO: Should we add start_time and last_time to the rpc_* events?? // TODO: make this configurable -#define MAX_RPC_LEN 65536 +constexpr uint32_t MAX_RPC_LEN = 65536; namespace zeek::analyzer::rpc { namespace detail { diff --git a/src/analyzer/protocol/smtp/SMTP.cc b/src/analyzer/protocol/smtp/SMTP.cc index 8edc14b286..06a4d10b4f 100644 --- a/src/analyzer/protocol/smtp/SMTP.cc +++ b/src/analyzer/protocol/smtp/SMTP.cc @@ -14,13 +14,15 @@ #undef SMTP_CMD_DEF #define SMTP_CMD_DEF(cmd) #cmd, +// This could be constexpr too but it would require changing the macro above. It doesn't +// matter that much though. static const char* smtp_cmd_word[] = { #include "SMTP_cmd.def" }; -static const char* unknown_cmd = "(UNKNOWN)"; +static constexpr char unknown_cmd[] = "(UNKNOWN)"; -#define SMTP_CMD_WORD(code) (((code) >= 0) ? smtp_cmd_word[code] : unknown_cmd) +static constexpr const char* SMTP_CMD_WORD(int code) { return code >= 0 ? smtp_cmd_word[code] : unknown_cmd; } namespace zeek::analyzer::smtp { diff --git a/src/broker/Manager.cc b/src/broker/Manager.cc index 22c70981d7..e182764085 100644 --- a/src/broker/Manager.cc +++ b/src/broker/Manager.cc @@ -400,8 +400,6 @@ struct opt_mapping { } }; -#define WITH_OPT_MAPPING(broker_name, zeek_name) if ( auto opt = opt_mapping{&config, broker_name, zeek_name}; true ) - } // namespace class BrokerState { diff --git a/src/broker/WebSocketShim.cc b/src/broker/WebSocketShim.cc index 0bc88158f3..552edb749f 100644 --- a/src/broker/WebSocketShim.cc +++ b/src/broker/WebSocketShim.cc @@ -12,6 +12,7 @@ #include "zeek/iosource/IOSource.h" #include "zeek/iosource/Manager.h" +// NOLINTNEXTLINE(cppcoreguidelines-macro-usage) #define BROKER_WS_DEBUG(...) \ do { \ DBG_LOG(DBG_BROKER, __VA_ARGS__); \ diff --git a/src/cluster/backend/zeromq/ZeroMQ.cc b/src/cluster/backend/zeromq/ZeroMQ.cc index 0479a8bf06..5c1104afbd 100644 --- a/src/cluster/backend/zeromq/ZeroMQ.cc +++ b/src/cluster/backend/zeromq/ZeroMQ.cc @@ -52,6 +52,8 @@ enum class InprocTag : uint8_t { constexpr DebugFlag operator&(uint8_t x, DebugFlag y) { return static_cast(x & static_cast(y)); } +// NOLINTBEGIN(cppcoreguidelines-macro-usage) + #define ZEROMQ_DEBUG(...) PLUGIN_DBG_LOG(zeek::plugin::Zeek_Cluster_Backend_ZeroMQ::plugin, __VA_ARGS__) #define ZEROMQ_THREAD_PRINTF(...) \ @@ -66,6 +68,8 @@ constexpr DebugFlag operator&(uint8_t x, DebugFlag y) { return static_cast es, std::unique_ptr ls, std::unique_ptr ehs) : ThreadedBackend("ZeroMQ", std::move(es), std::move(ls), std::move(ehs)) { diff --git a/src/cluster/serializer/binary-serialization-format/Serializer.cc b/src/cluster/serializer/binary-serialization-format/Serializer.cc index 888b4bdf22..7d9ede592d 100644 --- a/src/cluster/serializer/binary-serialization-format/Serializer.cc +++ b/src/cluster/serializer/binary-serialization-format/Serializer.cc @@ -22,6 +22,7 @@ extern Plugin plugin; } +// NOLINTNEXTLINE(cppcoreguidelines-macro-usage) #define SERIALIZER_DEBUG(...) PLUGIN_DBG_LOG(zeek::plugin::Zeek_Binary_Serializer::plugin, __VA_ARGS__) bool detail::BinarySerializationFormatLogSerializer::SerializeLogWrite(byte_buffer& buf, diff --git a/src/cluster/websocket/WebSocket.cc b/src/cluster/websocket/WebSocket.cc index 2d602180c4..d9797aa0ed 100644 --- a/src/cluster/websocket/WebSocket.cc +++ b/src/cluster/websocket/WebSocket.cc @@ -27,7 +27,7 @@ #include "rapidjson/document.h" #include "rapidjson/rapidjson.h" - +// NOLINTNEXTLINE(cppcoreguidelines-macro-usage) #define WS_DEBUG(...) PLUGIN_DBG_LOG(zeek::plugin::Cluster_WebSocket::plugin, __VA_ARGS__) namespace zeek { diff --git a/src/file_analysis/analyzer/x509/OCSP.cc b/src/file_analysis/analyzer/x509/OCSP.cc index 9728732243..8fead1edf4 100644 --- a/src/file_analysis/analyzer/x509/OCSP.cc +++ b/src/file_analysis/analyzer/x509/OCSP.cc @@ -23,7 +23,7 @@ X509* helper_sk_X509_value(const STACK_OF(X509) * certs, int i) { return sk_X509 namespace zeek::file_analysis::detail { -#define OCSP_STRING_BUF_SIZE 2048 +static constexpr size_t OCSP_STRING_BUF_SIZE = 2048; static bool OCSP_RESPID_bio(OCSP_BASICRESP* basic_resp, BIO* bio) { #if ( OPENSSL_VERSION_NUMBER < 0x10100000L ) || defined(LIBRESSL_VERSION_NUMBER) diff --git a/src/iosource/Manager.cc b/src/iosource/Manager.cc index 12e072fb27..8e0f4d106d 100644 --- a/src/iosource/Manager.cc +++ b/src/iosource/Manager.cc @@ -19,8 +19,6 @@ #include "zeek/iosource/PktSrc.h" #include "zeek/plugin/Manager.h" -#define DEFAULT_PREFIX "pcap" - extern int signal_val; namespace zeek::iosource { @@ -368,6 +366,10 @@ void Manager::Register(PktSrc* src) { poll_interval = 1; } +/** + * Checks if the path comes with a prefix telling us which type of PktSrc to use. If no + * prefix exists, return "pcap" as a default. + */ static std::pair split_prefix(std::string path) { // See if the path comes with a prefix telling us which type of // PktSrc to use. If not, choose default. @@ -378,9 +380,8 @@ static std::pair split_prefix(std::string path) { prefix = path.substr(0, i); path = path.substr(i + 2, std::string::npos); } - else - prefix = DEFAULT_PREFIX; + prefix = "pcap"; return std::make_pair(prefix, path); } diff --git a/src/net_util.cc b/src/net_util.cc index 34a33bccf7..83a8db6dd0 100644 --- a/src/net_util.cc +++ b/src/net_util.cc @@ -123,14 +123,14 @@ int icmp6_checksum(const struct icmp* icmpp, const IP_Hdr* ip, int len) { len); } -#define CLASS_A 0x00000000 -#define CLASS_B 0x80000000 -#define CLASS_C 0xc0000000 -#define CLASS_D 0xe0000000 -#define CLASS_E 0xf0000000 +constexpr uint32_t CLASS_A = 0x00000000; +constexpr uint32_t CLASS_B = 0x80000000; +constexpr uint32_t CLASS_C = 0xc0000000; +constexpr uint32_t CLASS_D = 0xe0000000; +constexpr uint32_t CLASS_E = 0xf0000000; -#define CHECK_CLASS(addr, class) (((addr) & (class)) == (class)) char addr_to_class(uint32_t addr) { + auto CHECK_CLASS = [](uint32_t addr, uint32_t cls) { return (addr & cls) == cls; }; if ( CHECK_CLASS(addr, CLASS_E) ) return 'E'; else if ( CHECK_CLASS(addr, CLASS_D) ) diff --git a/src/packet_analysis/protocol/arp/ARP.cc b/src/packet_analysis/protocol/arp/ARP.cc index d92d003c37..f334e26418 100644 --- a/src/packet_analysis/protocol/arp/ARP.cc +++ b/src/packet_analysis/protocol/arp/ARP.cc @@ -25,6 +25,8 @@ ARPAnalyzer::ARPAnalyzer() : zeek::packet_analysis::Analyzer("ARP") {} // ... and on Solaris we are missing half of the ARPOP codes, so define // them here as necessary: +// NOLINTBEGIN(cppcoreguidelines-macro-usage) + #ifndef ARPOP_REQUEST #define ARPOP_REQUEST 1 // ARP request. #endif @@ -84,6 +86,8 @@ ARPAnalyzer::ARPAnalyzer() : zeek::packet_analysis::Analyzer("ARP") {} #define ARPHRD_IEEE802 6 #endif +// NOLINTEND(cppcoreguidelines-macro-usage) + bool ARPAnalyzer::AnalyzePacket(size_t len, const uint8_t* data, Packet* packet) { packet->l3_proto = L3_ARP; diff --git a/src/packet_analysis/protocol/tcp/Stats.cc b/src/packet_analysis/protocol/tcp/Stats.cc index 3599313852..a19d0ca09d 100644 --- a/src/packet_analysis/protocol/tcp/Stats.cc +++ b/src/packet_analysis/protocol/tcp/Stats.cc @@ -41,6 +41,8 @@ void TCPStateStats::PrintStats(File* file, const char* prefix) { file->Write(prefix); switch ( i ) { +// This macro really doesn't save us much typing, if that was the intention +// NOLINTNEXTLINE(cppcoreguidelines-macro-usage) #define STATE_STRING(state, str) \ case state: file->Write(str); break; diff --git a/src/script_opt/CPP/RuntimeInits.h b/src/script_opt/CPP/RuntimeInits.h index b547097cb4..e582f0f492 100644 --- a/src/script_opt/CPP/RuntimeInits.h +++ b/src/script_opt/CPP/RuntimeInits.h @@ -174,6 +174,8 @@ public: inits_vec.resize(num_inits); } + virtual ~CPP_AbstractInits() = default; + // Initialize the given cohort of elements. void InitializeCohort(InitsManager* im, int cohort) { // Get this object's vector-of-vector-of-indices. diff --git a/src/script_opt/CPP/RuntimeVec.cc b/src/script_opt/CPP/RuntimeVec.cc index e7d61b223d..d93b5c485a 100644 --- a/src/script_opt/CPP/RuntimeVec.cc +++ b/src/script_opt/CPP/RuntimeVec.cc @@ -42,6 +42,8 @@ static VectorTypePtr base_vector_type__CPP(const VectorTypePtr& vt, bool is_bool } } +// NOLINTBEGIN(cppcoreguidelines-macro-usage) + // The kernel used for unary vector operations. #define VEC_OP1_KERNEL(accessor, type, op) \ for ( unsigned int i = 0; i < v->Size(); ++i ) { \ @@ -90,6 +92,8 @@ static VectorTypePtr base_vector_type__CPP(const VectorTypePtr& vt, bool is_bool break; \ }) +// NOLINTEND(cppcoreguidelines-macro-usage) + // The unary operations supported for vectors. VEC_OP1_WITH_DOUBLE(pos, +) VEC_OP1_WITH_DOUBLE(neg, -) @@ -98,6 +102,7 @@ VEC_OP1(comp, ~, ) // A kernel for applying a binary operation element-by-element to two // vectors of a given low-level type. +// NOLINTBEGIN(cppcoreguidelines-macro-usage) // NOLINTBEGIN(bugprone-macro-parentheses) #define VEC_OP2_KERNEL(accessor, type, op, zero_check) \ for ( unsigned int i = 0; i < v1->Size(); ++i ) { \ @@ -167,6 +172,7 @@ VEC_OP1(comp, ~, ) break; \ }, \ zero_check) +// NOLINTEND(cppcoreguidelines-macro-usage) // The binary operations supported for vectors. VEC_OP2_WITH_DOUBLE(add, +, 0) @@ -184,6 +190,7 @@ VEC_OP2_WITH_INT(rshift, >>, , 0) // A version of VEC_OP2 that instead supports relational operations, so // the result type is always vector-of-bool. +// NOLINTNEXTLINE(cppcoreguidelines-macro-usage) #define VEC_REL_OP(name, op) \ VectorValPtr vec_op_##name##__CPP(const VectorValPtr& v1, const VectorValPtr& v2) { \ if ( ! check_vec_sizes__CPP(v1, v2) ) \ diff --git a/src/script_opt/FuncInfo.cc b/src/script_opt/FuncInfo.cc index a06ef289ea..f99d060557 100644 --- a/src/script_opt/FuncInfo.cc +++ b/src/script_opt/FuncInfo.cc @@ -20,29 +20,29 @@ namespace zeek::detail { // to the event engine. // Does not change script-level state (though may change internal state). -#define ATTR_NO_SCRIPT_SIDE_EFFECTS 0x1 +constexpr unsigned int ATTR_NO_SCRIPT_SIDE_EFFECTS = 0x1; // Does not change any Zeek state, internal or external. (May change // state outside of Zeek, such as file system elements.) Implies // ATTR_NO_SCRIPT_SIDE_EFFECTS. -#define ATTR_NO_ZEEK_SIDE_EFFECTS 0x2 +constexpr unsigned int ATTR_NO_ZEEK_SIDE_EFFECTS = 0x2; // Calls made with the same arguments yield the same results, if made // after full Zeek initialization. Implies ATTR_NO_ZEEK_SIDE_EFFECTS. -#define ATTR_IDEMPOTENT 0x4 +constexpr unsigned int ATTR_IDEMPOTENT = 0x4; // Calls with constant arguments can always be folded, even prior to // full Zeek initialization. Such functions must not have the potential // to generate errors. Implies ATTR_IDEMPOTENT. -#define ATTR_FOLDABLE 0x8 +constexpr unsigned int ATTR_FOLDABLE = 0x8; // The event engine knows about this script function and may call it // during its processing. -#define ATTR_SPECIAL_SCRIPT_FUNC 0x10 +constexpr unsigned int ATTR_SPECIAL_SCRIPT_FUNC = 0x10; // ZAM knows about this script function and will replace it with specialized // instructions. -#define ATTR_ZAM_REPLACEABLE_SCRIPT_FUNC 0x20 +constexpr unsigned int ATTR_ZAM_REPLACEABLE_SCRIPT_FUNC = 0x20; static std::unordered_map func_attrs = { // Script functions. diff --git a/src/script_opt/ScriptOpt.cc b/src/script_opt/ScriptOpt.cc index 2a3148bb5a..4fe4a1e291 100644 --- a/src/script_opt/ScriptOpt.cc +++ b/src/script_opt/ScriptOpt.cc @@ -718,8 +718,12 @@ bool has_AST_node_unknown_to_script_opt(const ProfileFunc* prof, bool /* is_ZAM STMT_ASSERT, // STMT_EXTERN, // STMT_STD_FUNCTION, -#define SCRIPT_OPT_NUM_STMTS 24 }; + + // This should be the total number of entries in the set above, including + // the commented values. + constexpr int SCRIPT_OPT_NUM_STMTS = 24; + // clang-format on // Fail compilation if NUM_STMT in StmtEnums.h changes. @@ -803,8 +807,12 @@ bool has_AST_node_unknown_to_script_opt(const ProfileFunc* prof, bool /* is_ZAM // EXPR_ANY_INDEX, // EXPR_SCRIPT_OPT_BUILTIN, // EXPR_NOP, -#define SCRIPT_OPT_NUM_EXPRS 70 }; + + // This should be the total number of entries in the set above, including + // the commented values. + constexpr int SCRIPT_OPT_NUM_EXPRS = 70; + // clang-format on // Fail compilation if NUM_EXPRS in Expr.h changes. diff --git a/src/script_opt/ZAM/ZBody.cc b/src/script_opt/ZAM/ZBody.cc index 4cb96716ce..8ce9d041ab 100644 --- a/src/script_opt/ZAM/ZBody.cc +++ b/src/script_opt/ZAM/ZBody.cc @@ -188,6 +188,8 @@ static void vec_exec(ZOp op, TypePtr t, VectorVal*& v1, const VectorVal* v2, con static void vec_exec(ZOp op, TypePtr t, VectorVal*& v1, const VectorVal* v2, const VectorVal* v3, const ZInst& z); +auto false_func = [](double x) { return false; }; + // Vector coercion. #define VEC_COERCE(tag, lhs_type, cast, rhs_accessor, ov_check, ov_err) \ VectorVal* vec_coerce_##tag(VectorVal* vec, std::shared_ptr z_loc) { \ @@ -216,8 +218,6 @@ static void vec_exec(ZOp op, TypePtr t, VectorVal*& v1, const VectorVal* v2, con return res_zv; \ } -#define false_func(x) false - VEC_COERCE(DI, TYPE_DOUBLE, double, AsInt(), false_func, "") VEC_COERCE(DU, TYPE_DOUBLE, double, AsCount(), false_func, "") VEC_COERCE(ID, TYPE_INT, zeek_int_t, AsDouble(), double_to_int_would_overflow, "double to signed") diff --git a/src/spicy/file-analyzer.cc b/src/spicy/file-analyzer.cc index 732ae68d68..0a7df9ae96 100644 --- a/src/spicy/file-analyzer.cc +++ b/src/spicy/file-analyzer.cc @@ -13,11 +13,13 @@ using namespace zeek; using namespace zeek::spicy; using namespace zeek::spicy::rt; +// NOLINTBEGIN(cppcoreguidelines-macro-usage) #ifdef DEBUG #define STATE_DEBUG_MSG(...) DebugMsg(__VA_ARGS__) #else #define STATE_DEBUG_MSG(...) #endif +// NOLINTEND(cppcoreguidelines-macro-usage) void FileState::debug(const std::string& msg) { spicy::rt::debug(_cookie, msg); } diff --git a/src/spicy/packet-analyzer.cc b/src/spicy/packet-analyzer.cc index f69c301bb4..bccc3275c6 100644 --- a/src/spicy/packet-analyzer.cc +++ b/src/spicy/packet-analyzer.cc @@ -9,11 +9,13 @@ using namespace zeek; using namespace zeek::spicy; using namespace zeek::spicy::rt; +// NOLINTBEGIN(cppcoreguidelines-macro-usage) #ifdef DEBUG #define STATE_DEBUG_MSG(...) DebugMsg(__VA_ARGS__) #else #define STATE_DEBUG_MSG(...) #endif +// NOLINTEND(cppcoreguidelines-macro-usage) void PacketState::debug(const std::string& msg) { spicy::rt::debug(_cookie, msg); } diff --git a/src/spicy/protocol-analyzer.cc b/src/spicy/protocol-analyzer.cc index 274c29643a..6ab424a8b5 100644 --- a/src/spicy/protocol-analyzer.cc +++ b/src/spicy/protocol-analyzer.cc @@ -9,11 +9,13 @@ using namespace zeek; using namespace zeek::spicy; using namespace zeek::spicy::rt; +// NOLINTBEGIN(cppcoreguidelines-macro-usage) #ifdef DEBUG #define STATE_DEBUG_MSG(...) DebugMsg(__VA_ARGS__) #else #define STATE_DEBUG_MSG(...) #endif +// NOLINTEND(cppcoreguidelines-macro-usage) void EndpointState::debug(const std::string& msg) { spicy::rt::debug(_cookie, msg); } diff --git a/src/supervisor/Supervisor.cc b/src/supervisor/Supervisor.cc index f9c8ccc23b..38e02c8073 100644 --- a/src/supervisor/Supervisor.cc +++ b/src/supervisor/Supervisor.cc @@ -16,6 +16,7 @@ #include #include +// NOLINTNEXTLINE(cppcoreguidelines-macro-usage) #define RAPIDJSON_HAS_STDSTRING 1 #include #include @@ -43,11 +44,13 @@ extern "C" { #include "zeek/util.h" #include "zeek/zeek-affinity.h" +// NOLINTBEGIN(cppcoreguidelines-macro-usage) #ifdef DEBUG #define DBG_STEM(...) stem->LogDebug(__VA_ARGS__); #else #define DBG_STEM(...) #endif +// NOLINTEND(cppcoreguidelines-macro-usage) using namespace zeek; using zeek::detail::SupervisedNode; diff --git a/src/telemetry/Manager.cc b/src/telemetry/Manager.cc index 0772879581..51424fe7a3 100644 --- a/src/telemetry/Manager.cc +++ b/src/telemetry/Manager.cc @@ -2,6 +2,7 @@ #include "zeek/telemetry/Manager.h" +// NOLINTNEXTLINE(cppcoreguidelines-macro-usage) #define RAPIDJSON_HAS_STDSTRING 1 // CivetServer is from the civetweb submodule in prometheus-cpp diff --git a/src/threading/formatters/JSON.cc b/src/threading/formatters/JSON.cc index 13ed2eb2a4..38b8dcc4c6 100644 --- a/src/threading/formatters/JSON.cc +++ b/src/threading/formatters/JSON.cc @@ -6,6 +6,7 @@ #define __STDC_LIMIT_MACROS #endif +// NOLINTNEXTLINE(cppcoreguidelines-macro-usage) #define RAPIDJSON_HAS_STDSTRING 1 #include