Mirror/zeek
1
0
Fork 0
mirror of https://github.com/zeek/zeek.git synced 2025-10-02 14:48:21 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 2

Merge remote-tracking branch 'origin/topic/timw/clang-tidy-modernize-fixes'

Browse source 
* origin/topic/timw/clang-tidy-modernize-fixes:
  Move initialization of RandTest members to header
  Update .clang-tidy to have modernize-* enabled with some exclusions
  Fix clang-tidy modernize-use-transparent-functors findings
  Fix clang-tidy modernize-use-override findings
  Fix clang-tidy modernize-use-nullptr findings
  Fix clang-tidy modernize-use-emplace findings
  Fix clang-tidy modernize-use-default-member-init findings
  Fix clang-tidy modernize-use-bool-literals findings
  Fix clang-tidy modernize-return-braced-init-list findings
  Fix clang-tidy modernize-redundant-void-arg findings
  Fix clang-tidy modernize-pass-by-value findings
  Fix clang-tidy modernize-min-max-use-initializer-list findings
  Fix clang-tidy modernize-make-unique findings
  Fix clang-tidy modernize-loop-convert findings (LOOP_OVER_ macros)
  Fix clang-tidy modernize-loop-convert findings
  Update bifcl submodule with clang-tidy fixes [nomail]
This commit is contained in:
Tim Wojtulewicz 2025-06-06 11:45:33 -07:00
commit ac9ee9f219
134 changed files with 888 additions and 987 deletions
Download patch file Download diff file Expand all files Collapse all files

19
.clang-tidy
View file

@ -1,6 +1,7 @@
Checks: [-*, Checks: [-*,
bugprone-*, bugprone-*,
performance-*, performance-*,
modernize-*,
# Enable a very limited number of the cppcoreguidelines checkers. # Enable a very limited number of the cppcoreguidelines checkers.
# See the notes for some of the rest of them below. # See the notes for some of the rest of them below.
@ -12,6 +13,7 @@ Checks: [-*,
-bugprone-narrowing-conversions, -bugprone-narrowing-conversions,
-bugprone-unchecked-optional-access, -bugprone-unchecked-optional-access,
-performance-unnecessary-value-param, -performance-unnecessary-value-param,
-modernize-use-equals-default,
# The following cause either lots of pointless or advisory warnings # The following cause either lots of pointless or advisory warnings
-bugprone-easily-swappable-parameters, -bugprone-easily-swappable-parameters,
@ -26,11 +28,19 @@ Checks: [-*,
# and so this one generates a lot of warnings. # and so this one generates a lot of warnings.
-bugprone-switch-missing-default-case, -bugprone-switch-missing-default-case,
# These report warnings that are rather difficult to fix. # These report warnings that are rather difficult to fix or are things
# we simply don't want to fix.
-bugprone-undefined-memory-manipulation, -bugprone-undefined-memory-manipulation,
-bugprone-pointer-arithmetic-on-polymorphic-object, -bugprone-pointer-arithmetic-on-polymorphic-object,
-bugprone-empty-catch, -bugprone-empty-catch,
-bugprone-exception-escape, -bugprone-exception-escape,
-modernize-avoid-c-arrays,
-modernize-concat-nested-namespaces,
-modernize-raw-string-literal,
-modernize-use-auto,
-modernize-use-nodiscard,
-modernize-use-ranges,
-modernize-use-trailing-return-type,
# This one returns a bunch of findings in DFA and the sqlite library. # This one returns a bunch of findings in DFA and the sqlite library.
# We're unlikely to fix either of them. # We're unlikely to fix either of them.
@ -45,4 +55,11 @@ Checks: [-*,
#cppcoreguidelines-pro-type-cstyle-cast, #cppcoreguidelines-pro-type-cstyle-cast,
#cppcoreguidelines-pro-type-static-cast-downcast, #cppcoreguidelines-pro-type-static-cast-downcast,
#cppcoreguidelines-special-member-functions, #cppcoreguidelines-special-member-functions,
# These are features in newer version of C++ that we don't have
# access to yet.
-modernize-use-starts-ends-with,
-modernize-use-std-format,
-modernize-use-std-numbers,
-modernize-use-std-print,
] ]

10
CHANGES
View file

@ -1,3 +1,13 @@
8.0.0-dev.406 | 2025-06-06 11:45:33 -0700
* Move initialization of RandTest members to header (Tim Wojtulewicz, Corelight)
* Update .clang-tidy to have modernize-* enabled with some exclusions (Tim Wojtulewicz, Corelight)
* Fix clang-tidy modernize findings (Tim Wojtulewicz, Corelight)
* Update bifcl submodule with clang-tidy fixes [nomail] (Tim Wojtulewicz, Corelight)
8.0.0-dev.389 | 2025-06-06 10:43:07 -0700 8.0.0-dev.389 | 2025-06-06 10:43:07 -0700
* Make Zeekygen docs generation (-X) imply parse-only (-a) (Christian Kreibich, Corelight) * Make Zeekygen docs generation (-X) imply parse-only (-a) (Christian Kreibich, Corelight)

2
VERSION
View file

@ -1 +1 @@
8.0.0-dev.389 8.0.0-dev.406

2
auxil/bifcl

@ -1 +1 @@
Subproject commit 49e956cd278ad0ca72040536ff606f4bb8d4224f Subproject commit 82eb0ce207ef9d11bda880d3ff1287f9cd3b769e

6
src/Attr.cc
View file

@ -136,9 +136,9 @@ void Attr::DescribeReST(ODesc* d, bool shorten) const {
expr->Eval(nullptr)->Describe(&dd); expr->Eval(nullptr)->Describe(&dd);
std::string s = dd.Description(); std::string s = dd.Description();
for ( size_t i = 0; i < s.size(); ++i ) for ( auto& c : s )
if ( s[i] == '\n' ) if ( c == '\n' )
s[i] = ' '; c = ' ';
add_long_expr_string(d, s, shorten); add_long_expr_string(d, s, shorten);
} }

22
src/DNS_Mapping.cc
View file

@ -128,7 +128,7 @@ void DNS_Mapping::Init(struct hostent* h) {
names.emplace_back(h->h_name); names.emplace_back(h->h_name);
if ( h->h_addr_list ) { if ( h->h_addr_list ) {
for ( int i = 0; h->h_addr_list[i] != NULL; ++i ) { for ( int i = 0; h->h_addr_list[i] != nullptr; ++i ) {
if ( h->h_addrtype == AF_INET ) if ( h->h_addrtype == AF_INET )
addrs.emplace_back(IPv4, (uint32_t*)h->h_addr_list[i], IPAddr::Network); addrs.emplace_back(IPv4, (uint32_t*)h->h_addr_list[i], IPAddr::Network);
else if ( h->h_addrtype == AF_INET6 ) else if ( h->h_addrtype == AF_INET6 )
@ -203,11 +203,11 @@ TEST_CASE("dns_mapping init host") {
struct hostent he; struct hostent he;
he.h_name = util::copy_string("testing.home"); he.h_name = util::copy_string("testing.home");
he.h_aliases = NULL; he.h_aliases = nullptr;
he.h_addrtype = AF_INET; he.h_addrtype = AF_INET;
he.h_length = sizeof(in_addr); he.h_length = sizeof(in_addr);
std::vector<in_addr*> addrs = {&in4, NULL}; std::vector<in_addr*> addrs = {&in4, nullptr};
he.h_addr_list = reinterpret_cast<char**>(addrs.data()); he.h_addr_list = reinterpret_cast<char**>(addrs.data());
DNS_Mapping mapping("testing.home", &he, 123, T_A); DNS_Mapping mapping("testing.home", &he, 123, T_A);
@ -241,11 +241,11 @@ TEST_CASE("dns_mapping init addr") {
struct hostent he; struct hostent he;
he.h_name = util::copy_string("testing.home"); he.h_name = util::copy_string("testing.home");
he.h_aliases = NULL; he.h_aliases = nullptr;
he.h_addrtype = AF_INET; he.h_addrtype = AF_INET;
he.h_length = sizeof(in_addr); he.h_length = sizeof(in_addr);
std::vector<in_addr*> addrs = {&in4, NULL}; std::vector<in_addr*> addrs = {&in4, nullptr};
he.h_addr_list = reinterpret_cast<char**>(addrs.data()); he.h_addr_list = reinterpret_cast<char**>(addrs.data());
DNS_Mapping mapping(addr, &he, 123); DNS_Mapping mapping(addr, &he, 123);
@ -282,11 +282,11 @@ TEST_CASE("dns_mapping save reload") {
struct hostent he; struct hostent he;
he.h_name = util::copy_string("testing.home"); he.h_name = util::copy_string("testing.home");
he.h_aliases = NULL; he.h_aliases = nullptr;
he.h_addrtype = AF_INET; he.h_addrtype = AF_INET;
he.h_length = sizeof(in_addr); he.h_length = sizeof(in_addr);
std::vector<in_addr*> addrs = {&in4, NULL}; std::vector<in_addr*> addrs = {&in4, nullptr};
he.h_addr_list = reinterpret_cast<char**>(addrs.data()); he.h_addr_list = reinterpret_cast<char**>(addrs.data());
// Create a temporary file in memory and fseek to the end of it so we're at // Create a temporary file in memory and fseek to the end of it so we're at
@ -350,11 +350,11 @@ TEST_CASE("dns_mapping multiple addresses") {
struct hostent he; struct hostent he;
he.h_name = util::copy_string("testing.home"); he.h_name = util::copy_string("testing.home");
he.h_aliases = NULL; he.h_aliases = nullptr;
he.h_addrtype = AF_INET; he.h_addrtype = AF_INET;
he.h_length = sizeof(in_addr); he.h_length = sizeof(in_addr);
std::vector<in_addr*> addrs = {&in4_1, &in4_2, NULL}; std::vector<in_addr*> addrs = {&in4_1, &in4_2, nullptr};
he.h_addr_list = reinterpret_cast<char**>(addrs.data()); he.h_addr_list = reinterpret_cast<char**>(addrs.data());
DNS_Mapping mapping("testing.home", &he, 123, T_A); DNS_Mapping mapping("testing.home", &he, 123, T_A);
@ -382,11 +382,11 @@ TEST_CASE("dns_mapping ipv6") {
struct hostent he; struct hostent he;
he.h_name = util::copy_string("testing.home"); he.h_name = util::copy_string("testing.home");
he.h_aliases = NULL; he.h_aliases = nullptr;
he.h_addrtype = AF_INET6; he.h_addrtype = AF_INET6;
he.h_length = sizeof(in6_addr); he.h_length = sizeof(in6_addr);
std::vector<in6_addr*> addrs = {&in6, NULL}; std::vector<in6_addr*> addrs = {&in6, nullptr};
he.h_addr_list = reinterpret_cast<char**>(addrs.data()); he.h_addr_list = reinterpret_cast<char**>(addrs.data());
DNS_Mapping mapping(addr, &he, 123); DNS_Mapping mapping(addr, &he, 123);

18
src/DNS_Mgr.cc
View file

@ -189,7 +189,7 @@ void DNS_Request::MakeRequest(ares_channel channel, DNS_Mgr* mgr) {
// back in the same request if use ares_getaddrinfo() so we can store them both // back in the same request if use ares_getaddrinfo() so we can store them both
// in the same mapping. // in the same mapping.
ares_addrinfo_hints hints = {ARES_AI_CANONNAME, AF_UNSPEC, 0, 0}; ares_addrinfo_hints hints = {ARES_AI_CANONNAME, AF_UNSPEC, 0, 0};
ares_getaddrinfo(channel, host.c_str(), NULL, &hints, addrinfo_cb, req_data.release()); ares_getaddrinfo(channel, host.c_str(), nullptr, &hints, addrinfo_cb, req_data.release());
} }
else { else {
std::string query_host; std::string query_host;
@ -214,7 +214,7 @@ void DNS_Request::MakeRequest(ares_channel channel, DNS_Mgr* mgr) {
// Store this so it can be destroyed when the request is destroyed. // Store this so it can be destroyed when the request is destroyed.
this->query_rec = std::move(dnsrec); this->query_rec = std::move(dnsrec);
ares_send_dnsrec(channel, query_rec.get(), query_cb, req_data.release(), NULL); ares_send_dnsrec(channel, query_rec.get(), query_cb, req_data.release(), nullptr);
} }
} }
@ -302,7 +302,7 @@ static void addrinfo_cb(void* arg, int status, int timeouts, struct ares_addrinf
else { else {
std::vector<in_addr*> addrs; std::vector<in_addr*> addrs;
std::vector<in6_addr*> addrs6; std::vector<in6_addr*> addrs6;
for ( ares_addrinfo_node* entry = result->nodes; entry != NULL; entry = entry->ai_next ) { for ( ares_addrinfo_node* entry = result->nodes; entry != nullptr; entry = entry->ai_next ) {
if ( entry->ai_family == AF_INET ) { if ( entry->ai_family == AF_INET ) {
struct sockaddr_in* addr = reinterpret_cast<sockaddr_in*>(entry->ai_addr); struct sockaddr_in* addr = reinterpret_cast<sockaddr_in*>(entry->ai_addr);
addrs.push_back(&addr->sin_addr); addrs.push_back(&addr->sin_addr);
@ -315,7 +315,7 @@ static void addrinfo_cb(void* arg, int status, int timeouts, struct ares_addrinf
if ( ! addrs.empty() ) { if ( ! addrs.empty() ) {
// Push a null on the end so the addr list has a final point during later parsing. // Push a null on the end so the addr list has a final point during later parsing.
addrs.push_back(NULL); addrs.push_back(nullptr);
struct hostent he{}; struct hostent he{};
he.h_name = util::copy_string(result->name); he.h_name = util::copy_string(result->name);
@ -330,7 +330,7 @@ static void addrinfo_cb(void* arg, int status, int timeouts, struct ares_addrinf
if ( ! addrs6.empty() ) { if ( ! addrs6.empty() ) {
// Push a null on the end so the addr list has a final point during later parsing. // Push a null on the end so the addr list has a final point during later parsing.
addrs6.push_back(NULL); addrs6.push_back(nullptr);
struct hostent he{}; struct hostent he{};
he.h_name = util::copy_string(result->name); he.h_name = util::copy_string(result->name);
@ -389,7 +389,7 @@ static void query_cb(void* arg, ares_status_t status, size_t timeouts, const are
if ( type == ARES_REC_TYPE_PTR ) { if ( type == ARES_REC_TYPE_PTR ) {
const char* txt = ares_dns_rr_get_str(rr, ARES_RR_PTR_DNAME); const char* txt = ares_dns_rr_get_str(rr, ARES_RR_PTR_DNAME);
if ( txt == NULL ) { if ( txt == nullptr ) {
// According to the c-ares docs, this can happen but only in cases of "misuse". We // According to the c-ares docs, this can happen but only in cases of "misuse". We
// still need to check for it though. // still need to check for it though.
error = true; error = true;
@ -411,7 +411,7 @@ static void query_cb(void* arg, ares_status_t status, size_t timeouts, const are
// TODO: We only process the first abin in the response. There might be more. // TODO: We only process the first abin in the response. There might be more.
size_t abin_len; size_t abin_len;
const unsigned char* abin = ares_dns_rr_get_abin(rr, ARES_RR_TXT_DATA, 0, &abin_len); const unsigned char* abin = ares_dns_rr_get_abin(rr, ARES_RR_TXT_DATA, 0, &abin_len);
if ( abin == NULL ) { if ( abin == nullptr ) {
// According to the c-ares docs, this can happen but only in cases of "misuse". We // According to the c-ares docs, this can happen but only in cases of "misuse". We
// still need to check for it though. // still need to check for it though.
error = true; error = true;
@ -1306,9 +1306,9 @@ double DNS_Mgr::GetNextTimeout() {
return -1; return -1;
struct timeval tv; struct timeval tv;
struct timeval* tvp = ares_timeout(channel, NULL, &tv); struct timeval* tvp = ares_timeout(channel, nullptr, &tv);
// If you pass NULL as the max time argument to ares_timeout, it will return null if there // If you pass nullptr as the max time argument to ares_timeout, it will return null if there
// isn't anything waiting to be processed. // isn't anything waiting to be processed.
if ( ! tvp ) if ( ! tvp )
return -1; return -1;

14
src/DebugCmds.cc
View file

@ -60,7 +60,7 @@ static void lookup_global_symbols_regex(const string& orig_regex, vector<ID*>& m
for ( const auto& sym : syms ) { for ( const auto& sym : syms ) {
ID* nextid = sym.second.get(); ID* nextid = sym.second.get();
if ( ! func_only || nextid->GetType()->Tag() == TYPE_FUNC ) if ( ! func_only || nextid->GetType()->Tag() == TYPE_FUNC )
if ( ! regexec(&re, nextid->Name(), 0, 0, 0) ) if ( ! regexec(&re, nextid->Name(), 0, nullptr, 0) )
matches.push_back(nextid); matches.push_back(nextid);
} }
} }
@ -336,19 +336,19 @@ int dbg_cmd_break(DebugCmd cmd, const vector<string>& args) {
if ( string_is_regex(args[0]) ) { if ( string_is_regex(args[0]) ) {
vector<ID*> choices; vector<ID*> choices;
choose_global_symbols_regex(args[0], choices, true); choose_global_symbols_regex(args[0], choices, true);
for ( unsigned int i = 0; i < choices.size(); ++i ) for ( const auto& choice : choices )
locstrings.emplace_back(choices[i]->Name()); locstrings.emplace_back(choice->Name());
} }
else else
locstrings.push_back(args[0]); locstrings.push_back(args[0]);
for ( unsigned int strindex = 0; strindex < locstrings.size(); ++strindex ) { for ( const auto& loc_str : locstrings ) {
debug_msg("Setting breakpoint on %s:\n", locstrings[strindex].c_str()); debug_msg("Setting breakpoint on %s:\n", loc_str.c_str());
vector<ParseLocationRec> plrs = parse_location_string(locstrings[strindex]); vector<ParseLocationRec> plrs = parse_location_string(loc_str);
for ( const auto& plr : plrs ) { for ( const auto& plr : plrs ) {
DbgBreakpoint* bp = new DbgBreakpoint(); DbgBreakpoint* bp = new DbgBreakpoint();
bp->SetID(g_debugger_state.NextBPID()); bp->SetID(g_debugger_state.NextBPID());
if ( ! bp->SetLocation(plr, locstrings[strindex]) ) { if ( ! bp->SetLocation(plr, loc_str) ) {
debug_msg("Breakpoint not set.\n"); debug_msg("Breakpoint not set.\n");
delete bp; delete bp;
} }

10
src/DebugLogger.cc
View file

@ -44,7 +44,7 @@ void DebugLogger::OpenDebugLog(const char* filename) {
} }
} }
util::detail::setvbuf(file, NULL, _IOLBF, 0); util::detail::setvbuf(file, nullptr, _IOLBF, 0);
} }
else else
file = stderr; file = stderr;
@ -90,9 +90,9 @@ void DebugLogger::EnableStreams(const char* s) {
std::string ltok{util::strreplace(util::strtolower(tok), "_", "-")}; std::string ltok{util::strreplace(util::strtolower(tok), "_", "-")};
if ( strcasecmp("all", tok) == 0 ) { if ( strcasecmp("all", tok) == 0 ) {
for ( int i = 0; i < NUM_DBGS; ++i ) { for ( auto& strm : streams ) {
streams[i].enabled = true; strm.enabled = true;
enabled_streams.insert(streams[i].prefix); enabled_streams.insert(strm.prefix);
} }
all = true; all = true;
@ -130,7 +130,7 @@ void DebugLogger::EnableStreams(const char* s) {
reporter->FatalError("unknown debug stream '%s', try -B help.\n", tok); reporter->FatalError("unknown debug stream '%s', try -B help.\n", tok);
next: next:
tok = strtok(0, ","); tok = strtok(nullptr, ",");
} }
delete[] tmp; delete[] tmp;

4
src/Dict.cc
View file

@ -39,7 +39,7 @@ TEST_CASE("dict operation") {
dict.Remove(key2); dict.Remove(key2);
CHECK(dict.Length() == 0); CHECK(dict.Length() == 0);
uint32_t* lookup2 = dict.Lookup(key2); uint32_t* lookup2 = dict.Lookup(key2);
CHECK(lookup2 == (uint32_t*)0); CHECK(lookup2 == (uint32_t*)nullptr);
delete key2; delete key2;
CHECK(dict.MaxLength() == 1); CHECK(dict.MaxLength() == 1);
@ -89,7 +89,7 @@ TEST_CASE("dict nthentry") {
// NthEntry returns null for unordered dicts // NthEntry returns null for unordered dicts
uint32_t* lookup = unordered.NthEntry(0); uint32_t* lookup = unordered.NthEntry(0);
CHECK(lookup == (uint32_t*)0); CHECK(lookup == (uint32_t*)nullptr);
// Ordered dicts are based on order of insertion, nothing about the // Ordered dicts are based on order of insertion, nothing about the
// data itself // data itself

2
src/Discard.cc
View file

@ -134,7 +134,7 @@ Val* Discarder::BuildData(const u_char* data, int hdrlen, int len, int caplen) {
caplen -= hdrlen; caplen -= hdrlen;
data += hdrlen; data += hdrlen;
len = std::max(std::min(std::min(len, caplen), discarder_maxlen), 0); len = std::max(std::min({len, caplen, discarder_maxlen}), 0);
return new StringVal(new String(data, len, true)); return new StringVal(new String(data, len, true));
} }

4
src/EventHandler.cc
View file

@ -65,8 +65,8 @@ void EventHandler::Call(Args* vl, bool no_remote, double ts) {
xs.Reserve(vl->size()); xs.Reserve(vl->size());
bool valid_args = true; bool valid_args = true;
for ( size_t index = 0; index < vl->size(); ++index ) { for ( const auto& v : *vl ) {
if ( ! xs.Add((*vl)[index]) ) { if ( ! xs.Add(v) ) {
valid_args = false; valid_args = false;
auto_publish.clear(); auto_publish.clear();
reporter->Error("failed auto-remote event '%s', disabled", Name()); reporter->Error("failed auto-remote event '%s', disabled", Name());

2
src/EventTrace.cc
View file

@ -51,7 +51,7 @@ static std::string escape_string(const u_char* b, int len) {
return res + "\""; return res + "\"";
} }
ValTrace::ValTrace(const ValPtr& _v) : v(_v) { ValTrace::ValTrace(ValPtr _v) : v(std::move(_v)) {
t = v->GetType(); t = v->GetType();
switch ( t->Tag() ) { switch ( t->Tag() ) {

2
src/EventTrace.h
View file

@ -45,7 +45,7 @@ using DeltaVector = std::vector<std::unique_ptr<ValDelta>>;
// be readily compared against future instances. // be readily compared against future instances.
class ValTrace { class ValTrace {
public: public:
ValTrace(const ValPtr& v); ValTrace(ValPtr v);
~ValTrace() = default; ~ValTrace() = default;
const ValPtr& GetVal() const { return v; } const ValPtr& GetVal() const { return v; }

2
src/File.cc
View file

@ -180,7 +180,7 @@ void File::SetBuf(bool arg_buffered) {
if ( ! f ) if ( ! f )
return; return;
if ( util::detail::setvbuf(f, NULL, arg_buffered ? _IOFBF : _IOLBF, 0) != 0 ) if ( util::detail::setvbuf(f, nullptr, arg_buffered ? _IOFBF : _IOLBF, 0) != 0 )
reporter->Error("setvbuf failed"); reporter->Error("setvbuf failed");
buffered = arg_buffered; buffered = arg_buffered;

4
src/Func.cc
View file

@ -696,8 +696,8 @@ StmtPtr ScriptFunc::AddInits(StmtPtr body, const std::vector<IDPtr>& inits) {
auto stmt_series = with_location_of(make_intrusive<StmtList>(), body); auto stmt_series = with_location_of(make_intrusive<StmtList>(), body);
auto init = with_location_of(make_intrusive<InitStmt>(inits), body); auto init = with_location_of(make_intrusive<InitStmt>(inits), body);
stmt_series->Stmts().push_back(std::move(init)); stmt_series->Stmts().emplace_back(std::move(init));
stmt_series->Stmts().push_back(std::move(body)); stmt_series->Stmts().emplace_back(std::move(body));
return stmt_series; return stmt_series;
} }

10
src/IP.cc
View file

@ -457,8 +457,8 @@ static inline bool isIPv6ExtHeader(uint8_t type) {
} }
IPv6_Hdr_Chain::~IPv6_Hdr_Chain() { IPv6_Hdr_Chain::~IPv6_Hdr_Chain() {
for ( size_t i = 0; i < chain.size(); ++i ) for ( auto& c : chain )
delete chain[i]; delete c;
delete homeAddr; delete homeAddr;
delete finalDst; delete finalDst;
} }
@ -702,9 +702,9 @@ IPv6_Hdr_Chain* IPv6_Hdr_Chain::Copy(const ip6_hdr* new_hdr) const {
const u_char* new_data = (const u_char*)new_hdr; const u_char* new_data = (const u_char*)new_hdr;
const u_char* old_data = chain[0]->Data(); const u_char* old_data = chain[0]->Data();
for ( size_t i = 0; i < chain.size(); ++i ) { for ( const auto& c : chain ) {
int off = chain[i]->Data() - old_data; int off = c->Data() - old_data;
rval->chain.push_back(new IPv6_Hdr(chain[i]->Type(), new_data + off)); rval->chain.push_back(new IPv6_Hdr(c->Type(), new_data + off));
} }
return rval; return rval;

4
src/IPAddr.cc
View file

@ -205,8 +205,8 @@ bool IPAddr::ConvertString(const char* s, in6_addr* result) {
if ( s[n] != '\0' ) if ( s[n] != '\0' )
return false; return false;
for ( auto i = 0; i < 4; ++i ) for ( int num : a )
if ( a[i] < 0 || a[i] > 255 ) if ( num < 0 || num > 255 )
return false; return false;
uint32_t addr = (a[0] << 24) | (a[1] << 16) | (a[2] << 8) | a[3]; uint32_t addr = (a[0] << 24) | (a[1] << 16) | (a[2] << 8) | a[3];

4
src/PolicyFile.cc
View file

@ -121,8 +121,8 @@ bool LoadPolicyFileText(const char* policy_filename, const std::optional<std::st
} }
} }
for ( int i = 0; i < int(pf->lines.size()); ++i ) for ( const auto& l : pf->lines )
assert(pf->lines[i][0] != '\n'); assert(l[0] != '\n');
return true; return true;
} }

4
src/PrefixTable.cc
View file

@ -19,8 +19,8 @@ prefix_t* PrefixTable::MakePrefix(const IPAddr& addr, int width) {
} }
IPPrefix PrefixTable::PrefixToIPPrefix(prefix_t* prefix) { IPPrefix PrefixTable::PrefixToIPPrefix(prefix_t* prefix) {
return IPPrefix(IPAddr(IPv6, reinterpret_cast<const uint32_t*>(&prefix->add.sin6), IPAddr::Network), prefix->bitlen, return {IPAddr(IPv6, reinterpret_cast<const uint32_t*>(&prefix->add.sin6), IPAddr::Network),
true); static_cast<uint8_t>(prefix->bitlen), true};
} }
void* PrefixTable::Insert(const IPAddr& addr, int width, void* data) { void* PrefixTable::Insert(const IPAddr& addr, int width, void* data) {

6
src/RE.cc
View file

@ -19,7 +19,7 @@ zeek::detail::NFA_Machine* zeek::detail::nfa = nullptr;
bool zeek::detail::case_insensitive = false; bool zeek::detail::case_insensitive = false;
bool zeek::detail::re_single_line = false; bool zeek::detail::re_single_line = false;
extern int RE_parse(void); extern int RE_parse();
extern void RE_set_input(const char* str); extern void RE_set_input(const char* str);
extern void RE_done_with_scan(); extern void RE_done_with_scan();
@ -271,8 +271,8 @@ void Specific_RE_Matcher::Dump(FILE* f) { dfa->Dump(f); }
inline void RE_Match_State::AddMatches(const AcceptingSet& as, MatchPos position) { inline void RE_Match_State::AddMatches(const AcceptingSet& as, MatchPos position) {
using am_idx = std::pair<AcceptIdx, MatchPos>; using am_idx = std::pair<AcceptIdx, MatchPos>;
for ( AcceptingSet::const_iterator it = as.begin(); it != as.end(); ++it ) for ( const auto& entry : as )
accepted_matches.insert(am_idx(*it, position)); accepted_matches.insert(am_idx(entry, position));
} }
bool RE_Match_State::Match(const u_char* bv, int n, bool bol, bool eol, bool clear) { bool RE_Match_State::Match(const u_char* bv, int n, bool bol, bool eol, bool clear) {

13
src/RandTest.cc
View file

@ -17,6 +17,7 @@
#include "zeek/RandTest.h" #include "zeek/RandTest.h"
#include <cmath> #include <cmath>
#include <cstring>
constexpr double log2of10 = 3.32192809488736234787; constexpr double log2of10 = 3.32192809488736234787;
@ -28,18 +29,6 @@ constexpr double RT_INCIRC = 281474943156225.0;
namespace zeek::detail { namespace zeek::detail {
RandTest::RandTest() {
totalc = 0;
mp = 0;
sccfirst = 1;
inmont = mcount = 0;
cexp = montex = montey = montepi = sccu0 = scclast = scct1 = scct2 = scct3 = 0.0;
for ( int i = 0; i < 256; i++ ) {
ccount[i] = 0;
}
}
void RandTest::add(const void* buf, int bufl) { void RandTest::add(const void* buf, int bufl) {
const unsigned char* bp = static_cast<const unsigned char*>(buf); const unsigned char* bp = static_cast<const unsigned char*>(buf);
int oc; int oc;

24
src/RandTest.h
View file

@ -16,20 +16,30 @@ namespace detail {
class RandTest { class RandTest {
public: public:
RandTest();
void add(const void* buf, int bufl); void add(const void* buf, int bufl);
void end(double* r_ent, double* r_chisq, double* r_mean, double* r_montepicalc, double* r_scc); void end(double* r_ent, double* r_chisq, double* r_mean, double* r_montepicalc, double* r_scc);
private: private:
friend class zeek::EntropyVal; friend class zeek::EntropyVal;
int64_t ccount[256]; /* Bins to count occurrences of values */ int64_t ccount[256] = {0}; /* Bins to count occurrences of values */
int64_t totalc; /* Total bytes counted */ int64_t totalc = 0; /* Total bytes counted */
int mp; int mp = 0;
int sccfirst; int sccfirst = 1;
unsigned int monte[RT_MONTEN] = {0}; unsigned int monte[RT_MONTEN] = {0};
int64_t inmont, mcount;
double cexp, montex, montey, montepi, sccu0, scclast, scct1, scct2, scct3; int64_t inmont = 0;
int64_t mcount = 0;
double cexp = 0.0;
double montex = 0.0;
double montey = 0.0;
double montepi = 0.0;
double sccu0 = 0.0;
double scclast = 0.0;
double scct1 = 0.0;
double scct2 = 0.0;
double scct3 = 0.0;
}; };
} // namespace detail } // namespace detail

7
src/Reassem.cc
View file

@ -243,12 +243,7 @@ uint64_t DataBlockList::Trim(uint64_t seq, uint64_t max_old, DataBlockList* old_
} }
Reassembler::Reassembler(uint64_t init_seq, ReassemblerType reassem_type) Reassembler::Reassembler(uint64_t init_seq, ReassemblerType reassem_type)
: block_list(this), : block_list(this), old_block_list(this), last_reassem_seq(init_seq), trim_seq(init_seq), rtype(reassem_type) {}
old_block_list(this),
last_reassem_seq(init_seq),
trim_seq(init_seq),
max_old_blocks(0),
rtype(reassem_type) {}
void Reassembler::CheckOverlap(const DataBlockList& list, uint64_t seq, uint64_t len, const u_char* data) { void Reassembler::CheckOverlap(const DataBlockList& list, uint64_t seq, uint64_t len, const u_char* data) {
if ( list.Empty() ) if ( list.Empty() )

8
src/RuleAction.cc
View file

@ -92,15 +92,15 @@ void RuleActionEvent::DoAction(const Rule* parent, RuleEndpointState* state, con
if ( handler ) { if ( handler ) {
zeek::Args args; zeek::Args args;
args.reserve(msg ? 3 : 2); args.reserve(msg ? 3 : 2);
args.push_back({AdoptRef{}, rule_matcher->BuildRuleStateValue(parent, state)}); args.emplace_back(AdoptRef{}, rule_matcher->BuildRuleStateValue(parent, state));
if ( msg ) if ( msg )
args.push_back(msg); args.emplace_back(msg);
if ( data ) if ( data )
args.push_back(make_intrusive<StringVal>(len, reinterpret_cast<const char*>(data))); args.emplace_back(make_intrusive<StringVal>(len, reinterpret_cast<const char*>(data)));
else else
args.push_back(zeek::val_mgr->EmptyString()); args.emplace_back(zeek::val_mgr->EmptyString());
if ( want_end_of_match ) { if ( want_end_of_match ) {
auto* match = state->FindRulePatternMatch(parent); auto* match = state->FindRulePatternMatch(parent);

56
src/RuleMatcher.cc
View file

@ -106,8 +106,8 @@ RuleHdrTest::RuleHdrTest(RuleHdrTest& h) {
prefix_vals = h.prefix_vals; prefix_vals = h.prefix_vals;
for ( int j = 0; j < Rule::TYPES; ++j ) { for ( const auto& pset : h.psets ) {
for ( PatternSet* orig_set : h.psets[j] ) { for ( PatternSet* orig_set : pset ) {
PatternSet* copied_set = new PatternSet; PatternSet* copied_set = new PatternSet;
copied_set->re = nullptr; copied_set->re = nullptr;
copied_set->ids = orig_set->ids; copied_set->ids = orig_set->ids;
@ -133,8 +133,8 @@ RuleHdrTest::~RuleHdrTest() {
delete val; delete val;
delete vals; delete vals;
for ( int i = 0; i < Rule::TYPES; ++i ) { for ( auto& pset_list : psets ) {
for ( auto pset : psets[i] ) { for ( auto& pset : pset_list ) {
delete pset->re; delete pset->re;
delete pset; delete pset;
} }
@ -515,10 +515,10 @@ static inline bool match_or(const maskedvalue_list& mvals, uint32_t v, FuncT com
// Evaluate a prefix list (matches if at least one value matches). // Evaluate a prefix list (matches if at least one value matches).
template<typename FuncT> template<typename FuncT>
static inline bool match_or(const vector<IPPrefix>& prefixes, const IPAddr& a, FuncT comp) { static inline bool match_or(const vector<IPPrefix>& prefixes, const IPAddr& a, FuncT comp) {
for ( size_t i = 0; i < prefixes.size(); ++i ) { for ( const auto& pfx : prefixes ) {
IPAddr masked(a); IPAddr masked(a);
masked.Mask(prefixes[i].LengthIPv6()); masked.Mask(pfx.LengthIPv6());
if ( comp(masked, prefixes[i].Prefix()) ) if ( comp(masked, pfx.Prefix()) )
return true; return true;
} }
return false; return false;
@ -538,10 +538,10 @@ static inline bool match_not_and(const maskedvalue_list& mvals, uint32_t v, Func
// Evaluate a prefix list (doesn't match if any value matches). // Evaluate a prefix list (doesn't match if any value matches).
template<typename FuncT> template<typename FuncT>
static inline bool match_not_and(const vector<IPPrefix>& prefixes, const IPAddr& a, FuncT comp) { static inline bool match_not_and(const vector<IPPrefix>& prefixes, const IPAddr& a, FuncT comp) {
for ( size_t i = 0; i < prefixes.size(); ++i ) { for ( const auto& pfx : prefixes ) {
IPAddr masked(a); IPAddr masked(a);
masked.Mask(prefixes[i].LengthIPv6()); masked.Mask(pfx.LengthIPv6());
if ( comp(masked, prefixes[i].Prefix()) ) if ( comp(masked, pfx.Prefix()) )
return false; return false;
} }
return true; return true;
@ -549,17 +549,17 @@ static inline bool match_not_and(const vector<IPPrefix>& prefixes, const IPAddr&
static inline bool compare(const maskedvalue_list& mvals, uint32_t v, RuleHdrTest::Comp comp) { static inline bool compare(const maskedvalue_list& mvals, uint32_t v, RuleHdrTest::Comp comp) {
switch ( comp ) { switch ( comp ) {
case RuleHdrTest::EQ: return match_or(mvals, v, std::equal_to<uint32_t>()); break; case RuleHdrTest::EQ: return match_or(mvals, v, std::equal_to<>()); break;
case RuleHdrTest::NE: return match_not_and(mvals, v, std::equal_to<uint32_t>()); break; case RuleHdrTest::NE: return match_not_and(mvals, v, std::equal_to<>()); break;
case RuleHdrTest::LT: return match_or(mvals, v, std::less<uint32_t>()); break; case RuleHdrTest::LT: return match_or(mvals, v, std::less<>()); break;
case RuleHdrTest::GT: return match_or(mvals, v, std::greater<uint32_t>()); break; case RuleHdrTest::GT: return match_or(mvals, v, std::greater<>()); break;
case RuleHdrTest::LE: return match_or(mvals, v, std::less_equal<uint32_t>()); break; case RuleHdrTest::LE: return match_or(mvals, v, std::less_equal<>()); break;
case RuleHdrTest::GE: return match_or(mvals, v, std::greater_equal<uint32_t>()); break; case RuleHdrTest::GE: return match_or(mvals, v, std::greater_equal<>()); break;
default: reporter->InternalError("unknown RuleHdrTest comparison type"); break; default: reporter->InternalError("unknown RuleHdrTest comparison type"); break;
} }
@ -568,17 +568,17 @@ static inline bool compare(const maskedvalue_list& mvals, uint32_t v, RuleHdrTes
static inline bool compare(const vector<IPPrefix>& prefixes, const IPAddr& a, RuleHdrTest::Comp comp) { static inline bool compare(const vector<IPPrefix>& prefixes, const IPAddr& a, RuleHdrTest::Comp comp) {
switch ( comp ) { switch ( comp ) {
case RuleHdrTest::EQ: return match_or(prefixes, a, std::equal_to<IPAddr>()); break; case RuleHdrTest::EQ: return match_or(prefixes, a, std::equal_to<>()); break;
case RuleHdrTest::NE: return match_not_and(prefixes, a, std::equal_to<IPAddr>()); break; case RuleHdrTest::NE: return match_not_and(prefixes, a, std::equal_to<>()); break;
case RuleHdrTest::LT: return match_or(prefixes, a, std::less<IPAddr>()); break; case RuleHdrTest::LT: return match_or(prefixes, a, std::less<>()); break;
case RuleHdrTest::GT: return match_or(prefixes, a, std::greater<IPAddr>()); break; case RuleHdrTest::GT: return match_or(prefixes, a, std::greater<>()); break;
case RuleHdrTest::LE: return match_or(prefixes, a, std::less_equal<IPAddr>()); break; case RuleHdrTest::LE: return match_or(prefixes, a, std::less_equal<>()); break;
case RuleHdrTest::GE: return match_or(prefixes, a, std::greater_equal<IPAddr>()); break; case RuleHdrTest::GE: return match_or(prefixes, a, std::greater_equal<>()); break;
default: reporter->InternalError("unknown RuleHdrTest comparison type"); break; default: reporter->InternalError("unknown RuleHdrTest comparison type"); break;
} }
@ -1083,12 +1083,12 @@ void RuleMatcher::GetStats(Stats* stats, RuleHdrTest* hdr_test) const {
DFA_State_Cache::Stats cstats; DFA_State_Cache::Stats cstats;
for ( int i = 0; i < Rule::TYPES; ++i ) { for ( const auto& pset_list : hdr_test->psets ) {
for ( const auto& set : hdr_test->psets[i] ) { for ( const auto& pset : pset_list ) {
assert(set->re); assert(pset->re);
++stats->matchers; ++stats->matchers;
set->re->DFA()->Cache()->GetStats(&cstats); pset->re->DFA()->Cache()->GetStats(&cstats);
stats->dfa_states += cstats.dfa_states; stats->dfa_states += cstats.dfa_states;
stats->computed += cstats.computed; stats->computed += cstats.computed;
@ -1183,7 +1183,9 @@ static bool val_to_maskedval(Val* v, maskedvalue_list* append_to, vector<IPPrefi
v->AsSubNet().Prefix().GetBytes(&n); v->AsSubNet().Prefix().GetBytes(&n);
v->AsSubNetVal()->Mask().CopyIPv6(m); v->AsSubNetVal()->Mask().CopyIPv6(m);
for ( unsigned int i = 0; i < 4; ++i ) // Intentionally leaving this as a normal loop because it's more descriptive.
// NOLINTNEXTLINE(modernize-loop-convert)
for ( unsigned int i = 0; i < 4; i++ )
m[i] = ntohl(m[i]); m[i] = ntohl(m[i]);
bool is_v4_mask = m[0] == 0xffffffff && m[1] == m[0] && m[2] == m[0]; bool is_v4_mask = m[0] == 0xffffffff && m[1] == m[0] && m[2] == m[0];

4
src/RunState.cc
View file

@ -376,8 +376,8 @@ void get_final_stats() {
void delete_run() { void delete_run() {
util::detail::set_processing_status("TERMINATING", "delete_run"); util::detail::set_processing_status("TERMINATING", "delete_run");
for ( int i = 0; i < zeek::detail::NUM_ADDR_ANONYMIZATION_METHODS; ++i ) for ( auto& anon : zeek::detail::ip_anonymizer )
delete zeek::detail::ip_anonymizer[i]; delete anon;
} }
double check_pseudo_time(const Packet* pkt) { double check_pseudo_time(const Packet* pkt) {

2
src/Scope.cc
View file

@ -182,6 +182,6 @@ ScopePtr pop_scope() {
ScopePtr current_scope() { return top_scope; } ScopePtr current_scope() { return top_scope; }
ScopePtr global_scope() { return scopes.empty() ? 0 : scopes.front(); } ScopePtr global_scope() { return scopes.empty() ? nullptr : scopes.front(); }
} // namespace zeek::detail } // namespace zeek::detail

2
src/SmithWaterman.cc
View file

@ -425,7 +425,7 @@ Substring::Vec* smith_waterman(const String* s1, const String* s2, SWParams& par
if ( current->swn_byte_assigned ) if ( current->swn_byte_assigned )
current->swn_score = score_tl; current->swn_score = score_tl;
else else
current->swn_score = std::max(std::max(score_t, score_l), score_tl); current->swn_score = std::max({score_t, score_l, score_tl});
// Establish predecessor chain according to neighbor // Establish predecessor chain according to neighbor
// with best score. // with best score.

13
src/Stats.cc
View file

@ -194,14 +194,13 @@ void ProfileLogger::Log() {
file->Write(util::fmt("%0.6f Threads: current=%zu\n", run_state::network_time, thread_mgr->NumThreads())); file->Write(util::fmt("%0.6f Threads: current=%zu\n", run_state::network_time, thread_mgr->NumThreads()));
const threading::Manager::msg_stats_list& thread_stats = thread_mgr->GetMsgThreadStats(); const threading::Manager::msg_stats_list& thread_stats = thread_mgr->GetMsgThreadStats();
for ( threading::Manager::msg_stats_list::const_iterator i = thread_stats.begin(); i != thread_stats.end(); ++i ) { for ( const auto& [name, s] : thread_stats ) {
threading::MsgThread::Stats s = i->second;
file->Write(util::fmt("%0.6f %-25s in=%" PRIu64 " out=%" PRIu64 " pending=%" PRIu64 "/%" PRIu64 file->Write(util::fmt("%0.6f %-25s in=%" PRIu64 " out=%" PRIu64 " pending=%" PRIu64 "/%" PRIu64
" (#queue r/w: in=%" PRIu64 "/%" PRIu64 " out=%" PRIu64 "/%" PRIu64 ")" " (#queue r/w: in=%" PRIu64 "/%" PRIu64 " out=%" PRIu64 "/%" PRIu64 ")"
"\n", "\n",
run_state::network_time, i->first.c_str(), s.sent_in, s.sent_out, s.pending_in, run_state::network_time, name.c_str(), s.sent_in, s.sent_out, s.pending_in, s.pending_out,
s.pending_out, s.queue_in_stats.num_reads, s.queue_in_stats.num_writes, s.queue_in_stats.num_reads, s.queue_in_stats.num_writes, s.queue_out_stats.num_reads,
s.queue_out_stats.num_reads, s.queue_out_stats.num_writes)); s.queue_out_stats.num_writes));
} }
auto cs = broker_mgr->GetStatistics(); auto cs = broker_mgr->GetStatistics();
@ -288,7 +287,7 @@ void PacketProfiler::ProfilePkt(double t, unsigned int bytes) {
struct rusage res; struct rusage res;
struct timeval ptimestamp; struct timeval ptimestamp;
getrusage(RUSAGE_SELF, &res); getrusage(RUSAGE_SELF, &res);
gettimeofday(&ptimestamp, 0); gettimeofday(&ptimestamp, nullptr);
util::get_memory_usage(&last_mem, nullptr); util::get_memory_usage(&last_mem, nullptr);
last_Utime = res.ru_utime.tv_sec + res.ru_utime.tv_usec / 1e6; last_Utime = res.ru_utime.tv_sec + res.ru_utime.tv_usec / 1e6;
@ -303,7 +302,7 @@ void PacketProfiler::ProfilePkt(double t, unsigned int bytes) {
struct rusage res; struct rusage res;
struct timeval ptimestamp; struct timeval ptimestamp;
getrusage(RUSAGE_SELF, &res); getrusage(RUSAGE_SELF, &res);
gettimeofday(&ptimestamp, 0); gettimeofday(&ptimestamp, nullptr);
double curr_Utime = res.ru_utime.tv_sec + res.ru_utime.tv_usec / 1e6; double curr_Utime = res.ru_utime.tv_sec + res.ru_utime.tv_usec / 1e6;
double curr_Stime = res.ru_stime.tv_sec + res.ru_stime.tv_usec / 1e6; double curr_Stime = res.ru_stime.tv_sec + res.ru_stime.tv_usec / 1e6;

9
src/Trigger.cc
View file

@ -162,8 +162,8 @@ void Trigger::Terminate() {
Trigger::~Trigger() { Trigger::~Trigger() {
DBG_LOG(DBG_NOTIFIERS, "%s: deleting", Name()); DBG_LOG(DBG_NOTIFIERS, "%s: deleting", Name());
for ( ValCache::iterator i = cache.begin(); i != cache.end(); ++i ) for ( auto& [_, trigger] : cache )
Unref(i->second); Unref(trigger);
Unref(frame); Unref(frame);
UnregisterAll(); UnregisterAll();
@ -457,9 +457,8 @@ void Manager::Process() {
TriggerList tmp; TriggerList tmp;
pending = &tmp; pending = &tmp;
for ( TriggerList::iterator i = orig->begin(); i != orig->end(); ++i ) { for ( auto* t : *orig ) {
Trigger* t = *i; t->Eval();
(*i)->Eval();
Unref(t); Unref(t);
} }

18
src/Type.cc
View file

@ -756,9 +756,7 @@ void FuncType::DescribeReST(ODesc* d, bool roles_only) const {
void FuncType::AddPrototype(Prototype p) { prototypes.emplace_back(std::move(p)); } void FuncType::AddPrototype(Prototype p) { prototypes.emplace_back(std::move(p)); }
std::optional<FuncType::Prototype> FuncType::FindPrototype(const RecordType& args) const { std::optional<FuncType::Prototype> FuncType::FindPrototype(const RecordType& args) const {
for ( auto i = 0u; i < prototypes.size(); ++i ) { for ( const auto& p : prototypes ) {
const auto& p = prototypes[i];
if ( args.NumFields() != p.args->NumFields() ) if ( args.NumFields() != p.args->NumFields() )
continue; continue;
@ -904,7 +902,7 @@ public:
auto v = init_expr->Eval(nullptr); auto v = init_expr->Eval(nullptr);
if ( ! v ) { if ( ! v ) {
reporter->Error("failed &default in record creation"); reporter->Error("failed &default in record creation");
return ZVal(); return {};
} }
if ( coerce_type ) if ( coerce_type )
@ -913,7 +911,7 @@ public:
else if ( init_type->Tag() == TYPE_VECTOR ) else if ( init_type->Tag() == TYPE_VECTOR )
concretize_if_unspecified(cast_intrusive<VectorVal>(v), init_type->Yield()); concretize_if_unspecified(cast_intrusive<VectorVal>(v), init_type->Yield());
return ZVal(v, init_type); return {v, init_type};
} }
bool IsDeferrable() const override { return false; } bool IsDeferrable() const override { return false; }
@ -932,7 +930,7 @@ class RecordFieldInit final : public FieldInit {
public: public:
RecordFieldInit(RecordTypePtr _init_type) : init_type(std::move(_init_type)) {} RecordFieldInit(RecordTypePtr _init_type) : init_type(std::move(_init_type)) {}
ZVal Generate() const override { return ZVal(new RecordVal(init_type)); } ZVal Generate() const override { return {new RecordVal(init_type)}; }
bool IsDeferrable() const override { bool IsDeferrable() const override {
assert(! run_state::is_parsing); assert(! run_state::is_parsing);
@ -950,7 +948,7 @@ public:
TableFieldInit(TableTypePtr _init_type, detail::AttributesPtr _attrs) TableFieldInit(TableTypePtr _init_type, detail::AttributesPtr _attrs)
: init_type(std::move(_init_type)), attrs(std::move(_attrs)) {} : init_type(std::move(_init_type)), attrs(std::move(_attrs)) {}
ZVal Generate() const override { return ZVal(new TableVal(init_type, attrs)); } ZVal Generate() const override { return {new TableVal(init_type, attrs)}; }
private: private:
TableTypePtr init_type; TableTypePtr init_type;
@ -963,7 +961,7 @@ class VectorFieldInit final : public FieldInit {
public: public:
VectorFieldInit(VectorTypePtr _init_type) : init_type(std::move(_init_type)) {} VectorFieldInit(VectorTypePtr _init_type) : init_type(std::move(_init_type)) {}
ZVal Generate() const override { return ZVal(new VectorVal(init_type)); } ZVal Generate() const override { return {new VectorVal(init_type)}; }
private: private:
VectorTypePtr init_type; VectorTypePtr init_type;
@ -1661,8 +1659,8 @@ const char* EnumType::Lookup(zeek_int_t value) const {
EnumType::enum_name_list EnumType::Names() const { EnumType::enum_name_list EnumType::Names() const {
enum_name_list n; enum_name_list n;
for ( auto iter = names.begin(); iter != names.end(); ++iter ) for ( const auto& [name, value] : names )
n.emplace_back(iter->first, iter->second); n.emplace_back(name, value);
return n; return n;
} }

7
src/UID.cc
View file

@ -12,8 +12,7 @@ namespace zeek {
void UID::Set(zeek_uint_t bits, const uint64_t* v, size_t n) { void UID::Set(zeek_uint_t bits, const uint64_t* v, size_t n) {
initialized = true; initialized = true;
for ( size_t i = 0; i < UID_LEN; ++i ) memset(uid, 0, sizeof(uid));
uid[i] = 0;
if ( bits > UID_LEN * 64 ) if ( bits > UID_LEN * 64 )
bits = UID_LEN * 64; bits = UID_LEN * 64;
@ -33,8 +32,8 @@ std::string UID::Base62(std::string prefix) const {
reporter->InternalError("use of uninitialized UID"); reporter->InternalError("use of uninitialized UID");
char tmp[sizeof(uid) * 8 + 1]; // enough for even binary representation char tmp[sizeof(uid) * 8 + 1]; // enough for even binary representation
for ( size_t i = 0; i < UID_LEN; ++i ) for ( const auto& digit : uid )
prefix.append(util::uitoa_n(uid[i], tmp, sizeof(tmp), 62)); prefix.append(util::uitoa_n(digit, tmp, sizeof(tmp), 62));
return prefix; return prefix;
} }

8
src/Val.cc
View file

@ -738,8 +738,8 @@ IPAddr SubNetVal::Mask() const {
// We need to special-case a mask width of zero, since // We need to special-case a mask width of zero, since
// the compiler doesn't guarantee that 1 << 32 yields 0. // the compiler doesn't guarantee that 1 << 32 yields 0.
uint32_t m[4]; uint32_t m[4];
for ( unsigned int i = 0; i < 4; ++i ) for ( uint32_t& digit : m )
m[i] = 0; digit = 0;
IPAddr rval(IPv6, m, IPAddr::Host); IPAddr rval(IPv6, m, IPAddr::Host);
return rval; return rval;
} }
@ -1638,7 +1638,7 @@ bool detail::TablePatternMatcher::MatchAll(const StringValPtr& s) {
void detail::TablePatternMatcher::Build() { void detail::TablePatternMatcher::Build() {
matcher_yields.clear(); matcher_yields.clear();
matcher_yields.push_back(nullptr); matcher_yields.emplace_back(nullptr);
auto& tbl_dict = *tbl->Get(); auto& tbl_dict = *tbl->Get();
auto& tbl_hash = *tbl->GetTableHash(); auto& tbl_hash = *tbl->GetTableHash();
@ -2141,7 +2141,7 @@ bool TableVal::Contains(const IPAddr& addr) const {
return false; return false;
} }
return (subnets->Lookup(addr, 128, false) != 0); return (subnets->Lookup(addr, 128, false) != nullptr);
} }
VectorValPtr TableVal::LookupSubnets(const SubNetVal* search) { VectorValPtr TableVal::LookupSubnets(const SubNetVal* search) {

6
src/Var.cc
View file

@ -438,9 +438,9 @@ static Attr* find_attr(const std::vector<AttrPtr>* al, AttrTag tag) {
if ( ! al ) if ( ! al )
return nullptr; return nullptr;
for ( size_t i = 0; i < al->size(); ++i ) for ( const auto& attr : *al )
if ( (*al)[i]->Tag() == tag ) if ( attr->Tag() == tag )
return (*al)[i].get(); return attr.get();
return nullptr; return nullptr;
} }

9
src/ZeekString.cc
View file

@ -352,8 +352,8 @@ String::Vec* String::VecFromPolicy(VectorVal* vec) {
char* String::VecToString(const Vec* vec) { char* String::VecToString(const Vec* vec) {
std::string result("["); std::string result("[");
for ( String::VecCIt it = vec->begin(); it != vec->end(); ++it ) { for ( const auto* str : *vec ) {
result += (*it)->CheckString(); result += str->CheckString();
result += ","; result += ",";
} }
@ -442,10 +442,7 @@ String* concatenate(String::CVec& v) {
String* concatenate(String::Vec& v) { String* concatenate(String::Vec& v) {
String::CVec cv; String::CVec cv;
std::copy(v.begin(), v.end(), std::back_inserter<String::CVec>(cv));
for ( String::VecIt it = v.begin(); it != v.end(); ++it )
cv.push_back(*it);
return concatenate(cv); return concatenate(cv);
} }

76
src/analyzer/Analyzer.cc
View file

@ -116,8 +116,8 @@ Analyzer::~Analyzer() {
assert(finished); assert(finished);
assert(new_children.empty()); assert(new_children.empty());
LOOP_OVER_CHILDREN(i) for ( Analyzer* a : children )
delete *i; delete a;
SupportAnalyzer* next = nullptr; SupportAnalyzer* next = nullptr;
@ -139,9 +139,9 @@ void Analyzer::Init() {}
void Analyzer::InitChildren() { void Analyzer::InitChildren() {
AppendNewChildren(); AppendNewChildren();
LOOP_OVER_CHILDREN(i) { for ( Analyzer* a : children ) {
(*i)->Init(); a->Init();
(*i)->InitChildren(); a->InitChildren();
} }
} }
@ -157,9 +157,9 @@ void Analyzer::Done() {
AppendNewChildren(); AppendNewChildren();
LOOP_OVER_CHILDREN(i) for ( Analyzer* a : children )
if ( ! (*i)->finished ) if ( ! a->finished )
(*i)->Done(); a->Done();
for ( SupportAnalyzer* a = orig_supporters; a; a = a->sibling ) for ( SupportAnalyzer* a = orig_supporters; a; a = a->sibling )
if ( ! a->finished ) if ( ! a->finished )
@ -424,25 +424,25 @@ bool Analyzer::IsPreventedChildAnalyzer(const zeek::Tag& tag) const {
bool Analyzer::HasChildAnalyzer(const zeek::Tag& tag) const { return GetChildAnalyzer(tag) != nullptr; } bool Analyzer::HasChildAnalyzer(const zeek::Tag& tag) const { return GetChildAnalyzer(tag) != nullptr; }
Analyzer* Analyzer::GetChildAnalyzer(const zeek::Tag& tag) const { Analyzer* Analyzer::GetChildAnalyzer(const zeek::Tag& tag) const {
LOOP_OVER_CHILDREN(i) for ( Analyzer* a : children )
if ( (*i)->tag == tag && ! ((*i)->removing || (*i)->finished) ) if ( a->tag == tag && ! (a->removing || a->finished) )
return *i; return a;
LOOP_OVER_GIVEN_CHILDREN(i, new_children) for ( Analyzer* a : new_children )
if ( (*i)->tag == tag && ! ((*i)->removing || (*i)->finished) ) if ( a->tag == tag && ! (a->removing || a->finished) )
return *i; return a;
return nullptr; return nullptr;
} }
Analyzer* Analyzer::GetChildAnalyzer(const std::string& name) const { Analyzer* Analyzer::GetChildAnalyzer(const std::string& name) const {
LOOP_OVER_CHILDREN(i) for ( Analyzer* a : children )
if ( (*i)->GetAnalyzerName() == name && ! ((*i)->removing || (*i)->finished) ) if ( a->GetAnalyzerName() == name && ! (a->removing || a->finished) )
return *i; return a;
LOOP_OVER_GIVEN_CHILDREN(i, new_children) for ( Analyzer* a : new_children )
if ( (*i)->GetAnalyzerName() == name && ! ((*i)->removing || (*i)->finished) ) if ( a->GetAnalyzerName() == name && ! (a->removing || a->finished) )
return *i; return a;
return nullptr; return nullptr;
} }
@ -451,15 +451,13 @@ Analyzer* Analyzer::FindChild(ID arg_id) {
if ( id == arg_id && ! (removing || finished) ) if ( id == arg_id && ! (removing || finished) )
return this; return this;
LOOP_OVER_CHILDREN(i) { for ( Analyzer* a : children ) {
Analyzer* child = (*i)->FindChild(arg_id); if ( Analyzer* child = a->FindChild(arg_id) )
if ( child )
return child; return child;
} }
LOOP_OVER_GIVEN_CHILDREN(i, new_children) { for ( Analyzer* a : new_children ) {
Analyzer* child = (*i)->FindChild(arg_id); if ( Analyzer* child = a->FindChild(arg_id) )
if ( child )
return child; return child;
} }
@ -470,15 +468,13 @@ Analyzer* Analyzer::FindChild(zeek::Tag arg_tag) {
if ( tag == arg_tag && ! (removing || finished) ) if ( tag == arg_tag && ! (removing || finished) )
return this; return this;
LOOP_OVER_CHILDREN(i) { for ( Analyzer* a : children ) {
Analyzer* child = (*i)->FindChild(arg_tag); if ( Analyzer* child = a->FindChild(arg_tag) )
if ( child )
return child; return child;
} }
LOOP_OVER_GIVEN_CHILDREN(i, new_children) { for ( Analyzer* a : new_children ) {
Analyzer* child = (*i)->FindChild(arg_tag); if ( Analyzer* child = a->FindChild(arg_tag) )
if ( child )
return child; return child;
} }
@ -607,11 +603,11 @@ void Analyzer::EndOfData(bool is_orig) {
void Analyzer::FlipRoles() { void Analyzer::FlipRoles() {
DBG_LOG(DBG_ANALYZER, "%s FlipRoles()", fmt_analyzer(this).c_str()); DBG_LOG(DBG_ANALYZER, "%s FlipRoles()", fmt_analyzer(this).c_str());
LOOP_OVER_CHILDREN(i) for ( Analyzer* a : children )
(*i)->FlipRoles(); a->FlipRoles();
LOOP_OVER_GIVEN_CHILDREN(i, new_children) for ( Analyzer* a : new_children )
(*i)->FlipRoles(); a->FlipRoles();
for ( SupportAnalyzer* a = orig_supporters; a; a = a->sibling ) for ( SupportAnalyzer* a = orig_supporters; a; a = a->sibling )
a->FlipRoles(); a->FlipRoles();
@ -707,14 +703,14 @@ void Analyzer::CancelTimers() {
} }
void Analyzer::AppendNewChildren() { void Analyzer::AppendNewChildren() {
LOOP_OVER_GIVEN_CHILDREN(i, new_children) for ( Analyzer* a : new_children )
children.push_back(*i); children.push_back(a);
new_children.clear(); new_children.clear();
} }
void Analyzer::UpdateConnVal(RecordVal* conn_val) { void Analyzer::UpdateConnVal(RecordVal* conn_val) {
LOOP_OVER_CHILDREN(i) for ( Analyzer* a : children )
(*i)->UpdateConnVal(conn_val); a->UpdateConnVal(conn_val);
} }
const RecordValPtr& Analyzer::ConnVal() { return conn->GetVal(); } const RecordValPtr& Analyzer::ConnVal() { return conn->GetVal(); }

8
src/analyzer/Manager.cc
View file

@ -388,8 +388,8 @@ bool Manager::ApplyScheduledAnalyzers(Connection* conn, bool init, packet_analys
tag_set expected = GetScheduled(conn); tag_set expected = GetScheduled(conn);
for ( tag_set::iterator it = expected.begin(); it != expected.end(); ++it ) { for ( const auto& tag : expected ) {
Analyzer* analyzer = analyzer_mgr->InstantiateAnalyzer(*it, conn); Analyzer* analyzer = analyzer_mgr->InstantiateAnalyzer(tag, conn);
if ( ! analyzer ) if ( ! analyzer )
continue; continue;
@ -397,9 +397,9 @@ bool Manager::ApplyScheduledAnalyzers(Connection* conn, bool init, packet_analys
parent->AddChildAnalyzer(analyzer, init); parent->AddChildAnalyzer(analyzer, init);
if ( scheduled_analyzer_applied ) if ( scheduled_analyzer_applied )
conn->EnqueueEvent(scheduled_analyzer_applied, nullptr, conn->GetVal(), it->AsVal()); conn->EnqueueEvent(scheduled_analyzer_applied, nullptr, conn->GetVal(), tag.AsVal());
DBG_ANALYZER_ARGS(conn, "activated %s analyzer as scheduled", analyzer_mgr->GetComponentName(*it).c_str()); DBG_ANALYZER_ARGS(conn, "activated %s analyzer as scheduled", analyzer_mgr->GetComponentName(tag).c_str());
} }
return expected.size(); return expected.size();

10
src/analyzer/protocol/bittorrent/BitTorrentTracker.cc
View file

@ -195,7 +195,7 @@ void BitTorrentTracker_Analyzer::EndpointEOF(bool is_orig) {
analyzer::tcp::TCP_ApplicationAnalyzer::EndpointEOF(is_orig); analyzer::tcp::TCP_ApplicationAnalyzer::EndpointEOF(is_orig);
} }
void BitTorrentTracker_Analyzer::InitBencParser(void) { void BitTorrentTracker_Analyzer::InitBencParser() {
benc_stack.clear(); benc_stack.clear();
benc_count.clear(); benc_count.clear();
@ -304,7 +304,7 @@ bool BitTorrentTracker_Analyzer::ParseRequest(char* line) {
void BitTorrentTracker_Analyzer::RequestGet(char* uri) { req_val_uri = new StringVal(uri); } void BitTorrentTracker_Analyzer::RequestGet(char* uri) { req_val_uri = new StringVal(uri); }
void BitTorrentTracker_Analyzer::EmitRequest(void) { void BitTorrentTracker_Analyzer::EmitRequest() {
AnalyzerConfirmation(); AnalyzerConfirmation();
if ( bt_tracker_request ) if ( bt_tracker_request )
@ -443,7 +443,7 @@ void BitTorrentTracker_Analyzer::ResponseBenc(int name_len, char* name, detail::
res_val_benc->Assign(std::move(name_), std::move(benc_value)); res_val_benc->Assign(std::move(name_), std::move(benc_value));
} }
void BitTorrentTracker_Analyzer::ResponseBody(void) { void BitTorrentTracker_Analyzer::ResponseBody() {
switch ( ResponseParseBenc() ) { switch ( ResponseParseBenc() ) {
case 0: case 0:
EmitResponse(); EmitResponse();
@ -466,7 +466,7 @@ void BitTorrentTracker_Analyzer::ResponseBody(void) {
} \ } \
} }
int BitTorrentTracker_Analyzer::ResponseParseBenc(void) { int BitTorrentTracker_Analyzer::ResponseParseBenc() {
auto INC_COUNT = [this]() { auto INC_COUNT = [this]() {
unsigned int count = benc_count.back(); unsigned int count = benc_count.back();
benc_count.pop_back(); benc_count.pop_back();
@ -696,7 +696,7 @@ int BitTorrentTracker_Analyzer::ResponseParseBenc(void) {
return -2; // need more data return -2; // need more data
} }
void BitTorrentTracker_Analyzer::EmitResponse(void) { void BitTorrentTracker_Analyzer::EmitResponse() {
AnalyzerConfirmation(); AnalyzerConfirmation();
if ( bt_tracker_response ) if ( bt_tracker_response )

6
src/analyzer/protocol/dce-rpc/dce_rpc-auth.pac
View file

@ -10,9 +10,9 @@ refine connection DCE_RPC_Conn += {
%} %}
%init{ %init{
ntlm = 0; ntlm = nullptr;
gssapi = 0; gssapi = nullptr;
krb = 0; krb = nullptr;
%} %}
%cleanup{ %cleanup{

2
src/analyzer/protocol/dce-rpc/dce_rpc-protocol.pac
View file

@ -204,7 +204,7 @@ flow DCE_RPC_Flow(is_orig: bool) {
{ {
// first frag, but not last so we start a flowbuffer // first frag, but not last so we start a flowbuffer
auto it = fb.emplace(${header.call_id}, auto it = fb.emplace(${header.call_id},
std::unique_ptr<FlowBuffer>(new FlowBuffer())); std::make_unique<FlowBuffer>());
auto& flowbuf = it.first->second; auto& flowbuf = it.first->second;
flowbuf->NewFrame(0, true); flowbuf->NewFrame(0, true);
flowbuf->BufferData(frag.begin(), frag.end()); flowbuf->BufferData(frag.begin(), frag.end());

7
src/analyzer/protocol/dhcp/dhcp-options.pac
View file

@ -756,12 +756,11 @@ refine flow DHCP_Flow += {
uint16 i = 0; uint16 i = 0;
for ( auto ptrsubopt = ${v.relay_agent_inf}->begin(); for ( const auto& ptrsubopt : *${v.relay_agent_inf} )
ptrsubopt != ${v.relay_agent_inf}->end(); ++ptrsubopt )
{ {
auto r = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::DHCP::SubOpt); auto r = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::DHCP::SubOpt);
r->Assign(0, (*ptrsubopt)->code()); r->Assign(0, ptrsubopt->code());
r->Assign(1, to_stringval((*ptrsubopt)->value())); r->Assign(1, to_stringval(ptrsubopt->value()));
relay_agent_sub_opt->Assign(i, std::move(r)); relay_agent_sub_opt->Assign(i, std::move(r));
++i; ++i;

8
src/analyzer/protocol/dns/DNS.cc
View file

@ -699,8 +699,8 @@ bool DNS_Interpreter::ParseRR_EDNS(detail::DNS_MsgInfo* msg, const u_char*& data
bits_left -= 8; bits_left -= 8;
} }
for ( uint8_t i = 0; i < 4; i++ ) { for ( uint32_t& a : addr ) {
addr[i] = htonl(addr[i]); a = htonl(a);
} }
opt.ecs_addr = make_intrusive<AddrVal>(addr); opt.ecs_addr = make_intrusive<AddrVal>(addr);
} }
@ -1372,7 +1372,9 @@ bool DNS_Interpreter::ParseRR_A(detail::DNS_MsgInfo* msg, const u_char*& data, i
bool DNS_Interpreter::ParseRR_AAAA(detail::DNS_MsgInfo* msg, const u_char*& data, int& len, int rdlength) { bool DNS_Interpreter::ParseRR_AAAA(detail::DNS_MsgInfo* msg, const u_char*& data, int& len, int rdlength) {
uint32_t addr[4]; uint32_t addr[4];
for ( int i = 0; i < 4; ++i ) { // Intentionally leaving this as a normal loop because it's more descriptive.
// NOLINTNEXTLINE(modernize-loop-convert)
for ( size_t i = 0; i < 4; i++ ) {
addr[i] = htonl(ExtractLong(data, len)); addr[i] = htonl(ExtractLong(data, len));
if ( len < 0 ) { if ( len < 0 ) {

10
src/analyzer/protocol/ftp/functions.bif
View file

@ -20,8 +20,8 @@ static zeek::RecordValPtr parse_port(const std::string& line)
{ {
good = true; good = true;
for ( int i = 0; i < 6; ++i ) for ( int b : bytes )
if ( bytes[i] < 0 || bytes[i] > 255 ) if ( b < 0 || b > 255 )
{ {
good = false; good = false;
break; break;
@ -75,19 +75,19 @@ static zeek::RecordValPtr parse_eftp(const char* line)
if ( *line && *line != delimiter ) if ( *line && *line != delimiter )
{ {
const char* nptr = strchr(line, delimiter); const char* nptr = strchr(line, delimiter);
if ( nptr == NULL ) if ( nptr == nullptr )
nptr = line + strlen(line); nptr = line + strlen(line);
std::string s(line, nptr-line); // extract IP address std::string s(line, nptr-line); // extract IP address
struct in6_addr result; struct in6_addr result;
good = zeek::IPAddr::ConvertString(s.c_str(), &result) ? 1 : 0; good = zeek::IPAddr::ConvertString(s.c_str(), &result);
if ( good ) if ( good )
addr = zeek::IPAddr(result); addr = zeek::IPAddr(result);
} }
line = strchr(line, delimiter); line = strchr(line, delimiter);
if ( line != NULL ) if ( line != nullptr )
{ {
++line; // now the port ++line; // now the port
port = strtol(line, &next_delim, 10); port = strtol(line, &next_delim, 10);

10
src/analyzer/protocol/gssapi/gssapi-analyzer.pac
View file

@ -6,8 +6,8 @@ refine connection GSSAPI_Conn += {
%} %}
%init{ %init{
ntlm=0; ntlm = nullptr;
krb5=0; krb5 = nullptr;
%} %}
%cleanup{ %cleanup{
@ -15,14 +15,14 @@ refine connection GSSAPI_Conn += {
{ {
ntlm->Done(); ntlm->Done();
delete ntlm; delete ntlm;
ntlm=0; ntlm = nullptr;
} }
if ( krb5 ) if ( krb5 )
{ {
krb5->Done(); krb5->Done();
delete krb5; delete krb5;
krb5=0; krb5 = nullptr;
} }
%} %}
@ -50,7 +50,7 @@ refine connection GSSAPI_Conn += {
{ {
krb5->DeliverPacket(${val.krb.blob}.length(), krb5->DeliverPacket(${val.krb.blob}.length(),
${val.krb.blob}.begin(), ${val.krb.blob}.begin(),
is_orig, 0, 0, 0); is_orig, 0, nullptr, 0);
} }
} }

4
src/analyzer/protocol/http/HTTP.cc
View file

@ -1631,11 +1631,11 @@ void HTTP_Analyzer::SkipEntityData(bool is_orig) {
} }
bool is_reserved_URI_char(unsigned char ch) { // see RFC 3986 (definition of URI) bool is_reserved_URI_char(unsigned char ch) { // see RFC 3986 (definition of URI)
return strchr(":/?#[]@!$&'()*+,;=", ch) != 0; return strchr(":/?#[]@!$&'()*+,;=", ch) != nullptr;
} }
bool is_unreserved_URI_char(unsigned char ch) { // see RFC 3986 (definition of URI) bool is_unreserved_URI_char(unsigned char ch) { // see RFC 3986 (definition of URI)
return isalnum(ch) != 0 || strchr("-_.!~*\'()", ch) != 0; return isalnum(ch) != 0 || strchr("-_.!~*\'()", ch) != nullptr;
} }
void escape_URI_char(unsigned char ch, unsigned char*& p) { void escape_URI_char(unsigned char ch, unsigned char*& p) {

2
src/analyzer/protocol/http/functions.bif
View file

@ -52,5 +52,5 @@ function unescape_URI%(URI: string%): string
const u_char* line = URI->Bytes(); const u_char* line = URI->Bytes();
const u_char* const line_end = line + URI->Len(); const u_char* const line_end = line + URI->Len();
return zeek::make_intrusive<zeek::StringVal>(zeek::analyzer::http::unescape_URI(line, line_end, 0)); return zeek::make_intrusive<zeek::StringVal>(zeek::analyzer::http::unescape_URI(line, line_end, nullptr));
%} %}

6
src/analyzer/protocol/irc/IRC.cc
View file

@ -125,8 +125,7 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) {
pos = myline.length(); pos = myline.length();
command = myline.substr(0, pos); command = myline.substr(0, pos);
for ( size_t i = 0; i < command.size(); ++i ) command = util::to_upper(command);
command[i] = toupper(command[i]);
// Adjust for the no-parameter case // Adjust for the no-parameter case
if ( pos == myline.length() ) if ( pos == myline.length() )
@ -743,9 +742,8 @@ void IRC_Analyzer::DeliverStream(int length, const u_char* line, bool orig) {
string empty_string = ""; string empty_string = "";
for ( unsigned int i = 0; i < users.size(); ++i ) { for ( auto nick : users ) {
auto info = make_intrusive<RecordVal>(irc_join_info); auto info = make_intrusive<RecordVal>(irc_join_info);
string nick = users[i];
string mode = "none"; string mode = "none";
if ( nick[0] == '@' ) { if ( nick[0] == '@' ) {

45
src/analyzer/protocol/krb/krb-analyzer.pac
View file

@ -37,9 +37,8 @@ zeek::RecordValPtr proc_krb_kdc_req_arguments(KRB_KDC_REQ* msg, const ZeekAnalyz
if ( msg->padata()->has_padata() ) if ( msg->padata()->has_padata() )
rv->Assign(2, proc_padata(msg->padata()->padata()->padata(), zeek_analyzer, false)); rv->Assign(2, proc_padata(msg->padata()->padata()->padata(), zeek_analyzer, false));
for ( uint i = 0; i < msg->body_args()->size(); ++i ) for ( KRB_REQ_Arg* element : *(msg->body_args()) )
{ {
KRB_REQ_Arg* element = (*msg->body_args())[i];
switch ( element->seq_meta()->index() ) switch ( element->seq_meta()->index() )
{ {
case 0: case 0:
@ -127,35 +126,35 @@ bool proc_error_arguments(zeek::RecordVal* rv, const std::vector<KRB_ERROR_Arg*>
if ( stime_i ) if ( stime_i )
rv->Assign(3, GetTimeFromAsn1((*args)[stime_i]->args()->stime(), stime_usecs)); rv->Assign(3, GetTimeFromAsn1((*args)[stime_i]->args()->stime(), stime_usecs));
for ( uint i = 0; i < args->size(); ++i ) for ( KRB_ERROR_Arg* arg : *args )
{ {
switch ( (*args)[i]->seq_meta()->index() ) switch ( arg->seq_meta()->index() )
{ {
case 0: case 0:
rv->Assign(0, asn1_integer_to_val((*args)[i]->args()->pvno(), zeek::TYPE_COUNT)); rv->Assign(0, asn1_integer_to_val(arg->args()->pvno(), zeek::TYPE_COUNT));
break; break;
case 1: case 1:
rv->Assign(1, asn1_integer_to_val((*args)[i]->args()->msg_type(), zeek::TYPE_COUNT)); rv->Assign(1, asn1_integer_to_val(arg->args()->msg_type(), zeek::TYPE_COUNT));
break; break;
// ctime/stime handled above // ctime/stime handled above
case 7: case 7:
rv->Assign(5, to_stringval((*args)[i]->args()->crealm()->encoding()->content())); rv->Assign(5, to_stringval(arg->args()->crealm()->encoding()->content()));
break; break;
case 8: case 8:
rv->Assign(6, GetStringFromPrincipalName((*args)[i]->args()->cname())); rv->Assign(6, GetStringFromPrincipalName(arg->args()->cname()));
break; break;
case 9: case 9:
rv->Assign(7, to_stringval((*args)[i]->args()->realm()->encoding()->content())); rv->Assign(7, to_stringval(arg->args()->realm()->encoding()->content()));
break; break;
case 10: case 10:
rv->Assign(8, GetStringFromPrincipalName((*args)[i]->args()->sname())); rv->Assign(8, GetStringFromPrincipalName(arg->args()->sname()));
break; break;
case 11: case 11:
rv->Assign(9, to_stringval((*args)[i]->args()->e_text()->encoding()->content())); rv->Assign(9, to_stringval(arg->args()->e_text()->encoding()->content()));
break; break;
case 12: case 12:
if ( error_code == KDC_ERR_PREAUTH_REQUIRED ) if ( error_code == KDC_ERR_PREAUTH_REQUIRED )
rv->Assign(10, proc_padata((*args)[i]->args()->e_data()->padata(), NULL, true)); rv->Assign(10, proc_padata(arg->args()->e_data()->padata(), nullptr, true));
break; break;
default: default:
break; break;
@ -307,27 +306,15 @@ refine connection KRB_Conn += {
{ {
switch ( ${msg.safe_body.args[i].seq_meta.index} ) switch ( ${msg.safe_body.args[i].seq_meta.index} )
{ {
case 0:
rv->Assign(3, to_stringval(${msg.safe_body.args[i].args.user_data.encoding.content}));
break;
case 1: case 1:
timestamp_i = i; timestamp_i = i;
break; break;
case 2: case 2:
timestamp_usecs = binary_to_int64(${msg.safe_body.args[i].args.usec.encoding.content}); timestamp_usecs = binary_to_int64(${msg.safe_body.args[i].args.usec.encoding.content});
break; break;
default:
break;
}
}
if ( timestamp_i )
rv->Assign(4, GetTimeFromAsn1(${msg.safe_body.args[timestamp_i].args.timestamp}, timestamp_usecs));
for ( uint i = 0; i < ${msg.safe_body.args}->size(); ++i )
{
switch ( ${msg.safe_body.args[i].seq_meta.index} )
{
case 0:
rv->Assign(3, to_stringval(${msg.safe_body.args[i].args.user_data.encoding.content}));
break;
case 3: case 3:
rv->Assign(5, asn1_integer_to_val(${msg.safe_body.args[i].args.seq_number}, zeek::TYPE_COUNT)); rv->Assign(5, asn1_integer_to_val(${msg.safe_body.args[i].args.seq_number}, zeek::TYPE_COUNT));
break; break;
@ -341,6 +328,10 @@ refine connection KRB_Conn += {
break; break;
} }
} }
if ( timestamp_i )
rv->Assign(4, GetTimeFromAsn1(${msg.safe_body.args[timestamp_i].args.timestamp}, timestamp_usecs));
zeek::BifEvent::enqueue_krb_safe(zeek_analyzer(), zeek_analyzer()->Conn(), ${msg.is_orig}, std::move(rv)); zeek::BifEvent::enqueue_krb_safe(zeek_analyzer(), zeek_analyzer()->Conn(), ${msg.is_orig}, std::move(rv));
} }
return true; return true;

3
src/analyzer/protocol/krb/krb-padata.pac
View file

@ -18,9 +18,8 @@ zeek::VectorValPtr proc_padata(const KRB_PA_Data_Sequence* data, const ZeekAnaly
if ( ! data->data()->has_padata() ) if ( ! data->data()->has_padata() )
return vv; return vv;
for ( uint i = 0; i < data->data()->padata_elems()->size(); ++i) for ( KRB_PA_Data* element : *(data->data()->padata_elems()) )
{ {
KRB_PA_Data* element = (*data->data()->padata_elems())[i];
uint64_t data_type = element->data_type(); uint64_t data_type = element->data_type();
if ( is_error && ( data_type == PA_PW_AS_REQ || data_type == PA_PW_AS_REP ) ) if ( is_error && ( data_type == PA_PW_AS_REQ || data_type == PA_PW_AS_REP ) )

15
src/analyzer/protocol/krb/krb-types.pac
View file

@ -30,8 +30,8 @@ zeek::ValPtr GetStringFromPrincipalName(const KRB_Principal_Name* pname)
zeek::VectorValPtr proc_cipher_list(const Array* list) zeek::VectorValPtr proc_cipher_list(const Array* list)
{ {
auto ciphers = zeek::make_intrusive<zeek::VectorVal>(zeek::id::index_vec); auto ciphers = zeek::make_intrusive<zeek::VectorVal>(zeek::id::index_vec);
for ( uint i = 0; i < list->data()->size(); ++i ) for ( const auto& data : *(list->data()) )
ciphers->Assign(ciphers->Size(), asn1_integer_to_val((*list->data())[i], zeek::TYPE_COUNT)); ciphers->Assign(ciphers->Size(), asn1_integer_to_val(data, zeek::TYPE_COUNT));
return ciphers; return ciphers;
} }
@ -39,10 +39,8 @@ zeek::VectorValPtr proc_host_address_list(const ZeekAnalyzer a, const KRB_Host_A
{ {
auto addrs = zeek::make_intrusive<zeek::VectorVal>(zeek::id::find_type<zeek::VectorType>("KRB::Host_Address_Vector")); auto addrs = zeek::make_intrusive<zeek::VectorVal>(zeek::id::find_type<zeek::VectorType>("KRB::Host_Address_Vector"));
for ( uint i = 0; i < list->addresses()->size(); ++i ) for ( const auto& addr : *(list->addresses()) )
{ addrs->Assign(addrs->Size(), proc_host_address(a, addr));
addrs->Assign(addrs->Size(), proc_host_address(a, (*list->addresses())[i]));
}
return addrs; return addrs;
} }
@ -98,11 +96,8 @@ zeek::VectorValPtr proc_tickets(const KRB_Ticket_Sequence* list)
{ {
auto tickets = zeek::make_intrusive<zeek::VectorVal>(zeek::id::find_type<zeek::VectorType>("KRB::Ticket_Vector")); auto tickets = zeek::make_intrusive<zeek::VectorVal>(zeek::id::find_type<zeek::VectorType>("KRB::Ticket_Vector"));
for ( uint i = 0; i < list->tickets()->size(); ++i ) for ( KRB_Ticket* element : *(list->tickets()) )
{
KRB_Ticket* element = (*list->tickets())[i];
tickets->Assign(tickets->Size(), proc_ticket(element)); tickets->Assign(tickets->Size(), proc_ticket(element));
}
return tickets; return tickets;
} }

2
src/analyzer/protocol/login/Login.cc
View file

@ -180,7 +180,7 @@ void Login_Analyzer::AuthenticationDialog(bool orig, char* line) {
const char* prompt = IsLoginPrompt(line); const char* prompt = IsLoginPrompt(line);
bool is_timeout = IsTimeout(line); bool is_timeout = IsTimeout(line);
if ( prompt && ! IsSuccessMsg(line) && ! is_timeout ) { if ( prompt && ! IsSuccessMsg(line) && ! is_timeout ) {
is_VMS = strstr(line, "Username:") != 0; is_VMS = strstr(line, "Username:") != nullptr;
// If we see multiple login prompts, presume that // If we see multiple login prompts, presume that
// each is consuming one line of typeahead. // each is consuming one line of typeahead.

42
src/analyzer/protocol/modbus/modbus-analyzer.pac
View file

@ -524,14 +524,14 @@ refine flow ModbusTCP_Flow += {
{ {
auto vect = zeek::make_intrusive<zeek::VectorVal>(zeek::BifType::Vector::ModbusFileRecordRequests); auto vect = zeek::make_intrusive<zeek::VectorVal>(zeek::BifType::Vector::ModbusFileRecordRequests);
for ( unsigned int i = 0; i < (${message.references}->size()); ++i ) for ( const auto& ref : *(${message.references}) )
{ {
auto r = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::ModbusFileRecordRequest); auto r = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::ModbusFileRecordRequest);
r->Assign(0, zeek::val_mgr->Count(${message.references[i].ref_type})); r->Assign(0, zeek::val_mgr->Count(${ref.ref_type}));
r->Assign(1, zeek::val_mgr->Count(${message.references[i].file_num})); r->Assign(1, zeek::val_mgr->Count(${ref.file_num}));
r->Assign(2, zeek::val_mgr->Count(${message.references[i].record_num})); r->Assign(2, zeek::val_mgr->Count(${ref.record_num}));
r->Assign(3, zeek::val_mgr->Count(${message.references[i].record_len})); r->Assign(3, zeek::val_mgr->Count(${ref.record_len}));
vect->Append(r); vect->Append(r);
} }
@ -551,13 +551,13 @@ refine flow ModbusTCP_Flow += {
{ {
auto vect = zeek::make_intrusive<zeek::VectorVal>(zeek::BifType::Vector::ModbusFileRecordResponses); auto vect = zeek::make_intrusive<zeek::VectorVal>(zeek::BifType::Vector::ModbusFileRecordResponses);
for ( unsigned int i = 0; i < (${message.references}->size()); ++i ) for ( const auto& ref : *(${message.references}) )
{ {
auto r = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::ModbusFileRecordResponse); auto r = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::ModbusFileRecordResponse);
r->Assign(0, zeek::val_mgr->Count(${message.references[i].file_len})); r->Assign(0, zeek::val_mgr->Count(${ref.file_len}));
r->Assign(1, zeek::val_mgr->Count(${message.references[i].ref_type})); r->Assign(1, zeek::val_mgr->Count(${ref.ref_type}));
r->Assign(2, to_stringval(${message.references[i].record_data})); r->Assign(2, to_stringval(${ref.record_data}));
vect->Append(r); vect->Append(r);
} }
@ -577,14 +577,14 @@ refine flow ModbusTCP_Flow += {
{ {
auto vect = zeek::make_intrusive<zeek::VectorVal>(zeek::BifType::Vector::ModbusFileReferences); auto vect = zeek::make_intrusive<zeek::VectorVal>(zeek::BifType::Vector::ModbusFileReferences);
for ( unsigned int i = 0; i < (${message.references}->size()); ++i ) for ( const auto& ref : *(${message.references}) )
{ {
auto r = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::ModbusFileReference); auto r = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::ModbusFileReference);
r->Assign(0, zeek::val_mgr->Count(${message.references[i].ref_type})); r->Assign(0, zeek::val_mgr->Count(${ref.ref_type}));
r->Assign(1, zeek::val_mgr->Count(${message.references[i].file_num})); r->Assign(1, zeek::val_mgr->Count(${ref.file_num}));
r->Assign(2, zeek::val_mgr->Count(${message.references[i].record_num})); r->Assign(2, zeek::val_mgr->Count(${ref.record_num}));
r->Assign(3, zeek::val_mgr->Count(${message.references[i].record_length})); r->Assign(3, zeek::val_mgr->Count(${ref.record_length}));
r->Assign(4, to_stringval(${message.references[i].record_data})); r->Assign(4, to_stringval(${ref.record_data}));
vect->Append(r); vect->Append(r);
} }
@ -604,14 +604,14 @@ refine flow ModbusTCP_Flow += {
{ {
auto vect = zeek::make_intrusive<zeek::VectorVal>(zeek::BifType::Vector::ModbusFileReferences); auto vect = zeek::make_intrusive<zeek::VectorVal>(zeek::BifType::Vector::ModbusFileReferences);
for ( unsigned int i = 0; i < (${message.references}->size()); ++i ) for ( const auto& ref : *(${message.references}) )
{ {
auto r = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::ModbusFileReference); auto r = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::ModbusFileReference);
r->Assign(0, zeek::val_mgr->Count(${message.references[i].ref_type})); r->Assign(0, zeek::val_mgr->Count(${ref.ref_type}));
r->Assign(1, zeek::val_mgr->Count(${message.references[i].file_num})); r->Assign(1, zeek::val_mgr->Count(${ref.file_num}));
r->Assign(2, zeek::val_mgr->Count(${message.references[i].record_num})); r->Assign(2, zeek::val_mgr->Count(${ref.record_num}));
r->Assign(3, zeek::val_mgr->Count(${message.references[i].record_length})); r->Assign(3, zeek::val_mgr->Count(${ref.record_length}));
r->Assign(4, to_stringval(${message.references[i].record_data})); r->Assign(4, to_stringval(${ref.record_data}));
vect->Append(r); vect->Append(r);
} }

3
src/analyzer/protocol/pop3/POP3.cc
View file

@ -784,8 +784,7 @@ int POP3_Analyzer::ParseCmd(std::string cmd) {
if ( c == '+' || c == '-' ) if ( c == '+' || c == '-' )
cmd = cmd.substr(1); cmd = cmd.substr(1);
for ( size_t i = 0; i < cmd.size(); ++i ) cmd = util::to_upper(cmd);
cmd[i] = toupper(cmd[i]);
if ( ! cmd.compare(pop3_cmd_word[code]) ) if ( ! cmd.compare(pop3_cmd_word[code]) )
return code; return code;

8
src/analyzer/protocol/radius/radius-analyzer.pac
View file

@ -12,17 +12,17 @@ refine flow RADIUS_Flow += {
result->Assign(1, ${msg.trans_id}); result->Assign(1, ${msg.trans_id});
result->Assign(2, to_stringval(${msg.authenticator})); result->Assign(2, to_stringval(${msg.authenticator}));
if ( ${msg.attributes}->size() ) if ( ! ${msg.attributes}->empty() )
{ {
auto attributes = zeek::make_intrusive<zeek::TableVal>(zeek::BifType::Table::RADIUS::Attributes); auto attributes = zeek::make_intrusive<zeek::TableVal>(zeek::BifType::Table::RADIUS::Attributes);
for ( uint i = 0; i < ${msg.attributes}->size(); ++i ) for ( const auto& attr : *(${msg.attributes}) )
{ {
auto index = zeek::val_mgr->Count(${msg.attributes[i].code}); auto index = zeek::val_mgr->Count(${attr.code});
// Do we already have a vector of attributes for this type? // Do we already have a vector of attributes for this type?
auto current = attributes->FindOrDefault(index); auto current = attributes->FindOrDefault(index);
zeek::ValPtr val = to_stringval(${msg.attributes[i].value}); zeek::ValPtr val = to_stringval(${attr.value});
if ( current ) if ( current )
{ {

30
src/analyzer/protocol/rdp/rdp-analyzer.pac
View file

@ -132,28 +132,28 @@ refine flow RDP_Flow += {
if ( ! rdp_client_network_data ) if ( ! rdp_client_network_data )
return false; return false;
if ( ${cnetwork.channel_def_array}->size() ) if ( ! ${cnetwork.channel_def_array}->empty() )
{ {
auto channels = zeek::make_intrusive<zeek::VectorVal>(zeek::BifType::Vector::RDP::ClientChannelList); auto channels = zeek::make_intrusive<zeek::VectorVal>(zeek::BifType::Vector::RDP::ClientChannelList);
for ( uint i = 0; i < ${cnetwork.channel_def_array}->size(); ++i ) for ( const auto& cdef : *${cnetwork.channel_def_array} )
{ {
auto channel_def = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::RDP::ClientChannelDef); auto channel_def = zeek::make_intrusive<zeek::RecordVal>(zeek::BifType::Record::RDP::ClientChannelDef);
channel_def->Assign(0, to_stringval(${cnetwork.channel_def_array[i].name})); channel_def->Assign(0, to_stringval(${cdef.name}));
channel_def->Assign(1, ${cnetwork.channel_def_array[i].options}); channel_def->Assign(1, ${cdef.options});
channel_def->Assign(2, ${cnetwork.channel_def_array[i].CHANNEL_OPTION_INITIALIZED}); channel_def->Assign(2, ${cdef.CHANNEL_OPTION_INITIALIZED});
channel_def->Assign(3, ${cnetwork.channel_def_array[i].CHANNEL_OPTION_ENCRYPT_RDP}); channel_def->Assign(3, ${cdef.CHANNEL_OPTION_ENCRYPT_RDP});
channel_def->Assign(4, ${cnetwork.channel_def_array[i].CHANNEL_OPTION_ENCRYPT_SC}); channel_def->Assign(4, ${cdef.CHANNEL_OPTION_ENCRYPT_SC});
channel_def->Assign(5, ${cnetwork.channel_def_array[i].CHANNEL_OPTION_ENCRYPT_CS}); channel_def->Assign(5, ${cdef.CHANNEL_OPTION_ENCRYPT_CS});
channel_def->Assign(6, ${cnetwork.channel_def_array[i].CHANNEL_OPTION_PRI_HIGH}); channel_def->Assign(6, ${cdef.CHANNEL_OPTION_PRI_HIGH});
channel_def->Assign(7, ${cnetwork.channel_def_array[i].CHANNEL_OPTION_PRI_MED}); channel_def->Assign(7, ${cdef.CHANNEL_OPTION_PRI_MED});
channel_def->Assign(8, ${cnetwork.channel_def_array[i].CHANNEL_OPTION_PRI_LOW}); channel_def->Assign(8, ${cdef.CHANNEL_OPTION_PRI_LOW});
channel_def->Assign(9, ${cnetwork.channel_def_array[i].CHANNEL_OPTION_COMPRESS_RDP}); channel_def->Assign(9, ${cdef.CHANNEL_OPTION_COMPRESS_RDP});
channel_def->Assign(10, ${cnetwork.channel_def_array[i].CHANNEL_OPTION_COMPRESS}); channel_def->Assign(10, ${cdef.CHANNEL_OPTION_COMPRESS});
channel_def->Assign(11, ${cnetwork.channel_def_array[i].CHANNEL_OPTION_SHOW_PROTOCOL}); channel_def->Assign(11, ${cdef.CHANNEL_OPTION_SHOW_PROTOCOL});
channel_def->Assign(12, ${cnetwork.channel_def_array[i].REMOTE_CONTROL_PERSISTENT}); channel_def->Assign(12, ${cdef.REMOTE_CONTROL_PERSISTENT});
channels->Assign(channels->Size(), std::move(channel_def)); channels->Assign(channels->Size(), std::move(channel_def));
} }

2
src/analyzer/protocol/smb/smb-common.pac
View file

@ -239,7 +239,7 @@ enum SMB_Status {
function determine_transaction_type(header: SMB_Header, name: SMB_string): TransactionType function determine_transaction_type(header: SMB_Header, name: SMB_string): TransactionType
%{ %{
if ( name == NULL ) if ( name == nullptr )
{ {
return SMB_UNKNOWN; return SMB_UNKNOWN;
} }

4
src/analyzer/protocol/smb/smb-gssapi.pac
View file

@ -6,8 +6,8 @@ refine connection SMB_Conn += {
%} %}
%init{ %init{
gssapi = 0; gssapi = nullptr;
ntlm = 0; ntlm = nullptr;
%} %}
%cleanup{ %cleanup{

2
src/analyzer/protocol/smb/smb-strings.pac
View file

@ -59,7 +59,7 @@ refine connection SMB_Conn += {
%} %}
%init{ %init{
me = 0; me = nullptr;
%} %}
function store_this_unicode_string(s: SMB_unicode_string): bool function store_this_unicode_string(s: SMB_unicode_string): bool

2
src/analyzer/protocol/smb/smb1-com-negotiate.pac
View file

@ -147,7 +147,7 @@ refine connection SMB_Conn += {
type SMB_dialect = record { type SMB_dialect = record {
buffer_format : uint8; # must be 0x2 for dialect buffer_format : uint8; # must be 0x2 for dialect
name : SMB_string(0,0); name : SMB_string(false, 0);
}; };
type SMB1_negotiate_request(header: SMB_Header) = record { type SMB1_negotiate_request(header: SMB_Header) = record {

10
src/analyzer/protocol/ssl/SSL.cc
View file

@ -139,13 +139,13 @@ std::optional<std::vector<u_char>> SSL_Analyzer::TLS12_PRF(const std::string& se
#ifdef OPENSSL_HAVE_KDF_H #ifdef OPENSSL_HAVE_KDF_H
#if defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3) #if defined(OPENSSL_VERSION_MAJOR) && (OPENSSL_VERSION_MAJOR >= 3)
// alloc context + params // alloc context + params
EVP_KDF* kdf = EVP_KDF_fetch(NULL, "TLS1-PRF", NULL); EVP_KDF* kdf = EVP_KDF_fetch(nullptr, "TLS1-PRF", nullptr);
EVP_KDF_CTX* kctx = EVP_KDF_CTX_new(kdf); EVP_KDF_CTX* kctx = EVP_KDF_CTX_new(kdf);
OSSL_PARAM params[4], *p = params; OSSL_PARAM params[4], *p = params;
EVP_KDF_free(kdf); EVP_KDF_free(kdf);
#else /* OSSL 3 */ #else /* OSSL 3 */
// alloc buffers // alloc buffers
EVP_PKEY_CTX* pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_TLS1_PRF, NULL); EVP_PKEY_CTX* pctx = EVP_PKEY_CTX_new_id(EVP_PKEY_TLS1_PRF, nullptr);
#endif /* OSSL 3 */ #endif /* OSSL 3 */
// prepare seed: seed = label + rnd1 + rnd2 // prepare seed: seed = label + rnd1 + rnd2
@ -297,7 +297,7 @@ bool SSL_Analyzer::TryDecryptApplicationData(int len, const u_char* data, bool i
EVP_CIPHER_CTX* ctx = EVP_CIPHER_CTX_new(); EVP_CIPHER_CTX* ctx = EVP_CIPHER_CTX_new();
EVP_CIPHER_CTX_init(ctx); EVP_CIPHER_CTX_init(ctx);
EVP_CipherInit(ctx, EVP_aes_256_gcm(), NULL, NULL, 0); EVP_CipherInit(ctx, EVP_aes_256_gcm(), nullptr, nullptr, 0);
encrypted += 8; encrypted += 8;
// FIXME: is this because of nonce and aead tag? // FIXME: is this because of nonce and aead tag?
@ -335,13 +335,13 @@ bool SSL_Analyzer::TryDecryptApplicationData(int len, const u_char* data, bool i
16); // see OpenSSL manpage - 16 is the block size for the supported cipher 16); // see OpenSSL manpage - 16 is the block size for the supported cipher
int decrypted_len = 0; int decrypted_len = 0;
EVP_DecryptUpdate(ctx, NULL, &decrypted_len, s_aead_tag.data(), s_aead_tag.size()); EVP_DecryptUpdate(ctx, nullptr, &decrypted_len, s_aead_tag.data(), s_aead_tag.size());
EVP_DecryptUpdate(ctx, decrypted.data(), &decrypted_len, encrypted, encrypted_len); EVP_DecryptUpdate(ctx, decrypted.data(), &decrypted_len, encrypted, encrypted_len);
assert(static_cast<decltype(decrypted.size())>(decrypted_len) <= decrypted.size()); assert(static_cast<decltype(decrypted.size())>(decrypted_len) <= decrypted.size());
decrypted.resize(decrypted_len); decrypted.resize(decrypted_len);
int res = 0; int res = 0;
if ( res = EVP_DecryptFinal(ctx, NULL, &res); res == 0 ) { if ( res = EVP_DecryptFinal(ctx, nullptr, &res); res == 0 ) {
DBG_LOG(DBG_ANALYZER, "Decryption failed with return code: %d. Invalid key?\n", res); DBG_LOG(DBG_ANALYZER, "Decryption failed with return code: %d. Invalid key?\n", res);
EVP_CIPHER_CTX_free(ctx); EVP_CIPHER_CTX_free(ctx);
return false; return false;

2
src/analyzer/protocol/ssl/dtls-analyzer.pac
View file

@ -59,7 +59,7 @@ refine connection SSL_Conn += {
return true; return true;
} }
if ( i->message_handshake_sequence != ${rec.message_seq} || i->message_length != length || i->buffer == 0 ) if ( i->message_handshake_sequence != ${rec.message_seq} || i->message_length != length || i->buffer == nullptr )
{ {
// cannot resume reassembling. Let's abandon the current data and try anew... // cannot resume reassembling. Let's abandon the current data and try anew...
delete [] i->buffer; delete [] i->buffer;

4
src/analyzer/protocol/ssl/ssl-analyzer.pac
View file

@ -132,14 +132,14 @@ refine typeattr V2Error += &let {
refine typeattr V2ClientHello += &let { refine typeattr V2ClientHello += &let {
proc : bool = $context.connection.proc_client_hello(client_version, 0, proc : bool = $context.connection.proc_client_hello(client_version, 0,
challenge, session_id, 0, ciphers, 0); challenge, session_id, nullptr, ciphers, nullptr);
}; };
refine typeattr V2ServerHello += &let { refine typeattr V2ServerHello += &let {
check_v2 : bool = $context.connection.proc_check_v2_server_hello_version(server_version); check_v2 : bool = $context.connection.proc_check_v2_server_hello_version(server_version);
proc : bool = $context.connection.proc_server_hello(server_version, true, proc : bool = $context.connection.proc_server_hello(server_version, true,
conn_id_data, 0, 0, ciphers, 0) &requires(check_v2) &if(check_v2 == true); conn_id_data, nullptr, nullptr, ciphers, 0) &requires(check_v2) &if(check_v2 == true);
cert : bool = $context.connection.proc_v2_certificate(rec.is_orig, cert_data) cert : bool = $context.connection.proc_v2_certificate(rec.is_orig, cert_data)
&requires(proc) &requires(check_v2) &if(check_v2 == true); &requires(proc) &requires(check_v2) &if(check_v2 == true);

7
src/analyzer/protocol/ssl/tls-handshake-analyzer.pac
View file

@ -686,19 +686,18 @@ refine connection Handshake_Conn += {
refine typeattr ClientHello += &let { refine typeattr ClientHello += &let {
proc : bool = $context.connection.proc_client_hello(client_version, proc : bool = $context.connection.proc_client_hello(client_version,
gmt_unix_time, random_bytes, gmt_unix_time, random_bytes,
session_id, csuits, 0, cmeths); session_id, csuits, nullptr, cmeths);
}; };
refine typeattr ServerHello += &let { refine typeattr ServerHello += &let {
proc : bool = $context.connection.proc_server_hello(server_version, proc : bool = $context.connection.proc_server_hello(server_version,
false, random_bytes, session_id, cipher_suite, 0, false, random_bytes, session_id, cipher_suite, nullptr,
compression_method); compression_method);
}; };
refine typeattr ServerHello13 += &let { refine typeattr ServerHello13 += &let {
proc : bool = $context.connection.proc_server_hello(server_version, proc : bool = $context.connection.proc_server_hello(server_version,
false, random, 0, cipher_suite, 0, false, random, nullptr, cipher_suite, nullptr, 0);
0);
}; };

27
src/analyzer/protocol/ssl/tls-handshake-protocol.pac
View file

@ -807,19 +807,19 @@ type SSLExtension(rec: HandshakeRecord) = record {
# Pretty code ahead. Deal with the fact that perhaps extensions are # Pretty code ahead. Deal with the fact that perhaps extensions are
# not really present and we do not want to fail because of that. # not really present and we do not want to fail because of that.
ext: case type of { ext: case type of {
EXT_APPLICATION_LAYER_PROTOCOL_NEGOTIATION -> apnl: ApplicationLayerProtocolNegotiationExtension(rec)[] &until($element == 0 || $element != 0); EXT_APPLICATION_LAYER_PROTOCOL_NEGOTIATION -> apnl: ApplicationLayerProtocolNegotiationExtension(rec)[] &until($element == nullptr || $element != nullptr);
EXT_ELLIPTIC_CURVES -> elliptic_curves: EllipticCurves(rec)[] &until($element == 0 || $element != 0); EXT_ELLIPTIC_CURVES -> elliptic_curves: EllipticCurves(rec)[] &until($element == nullptr || $element != nullptr);
EXT_EC_POINT_FORMATS -> ec_point_formats: EcPointFormats(rec)[] &until($element == 0 || $element != 0); EXT_EC_POINT_FORMATS -> ec_point_formats: EcPointFormats(rec)[] &until($element == nullptr || $element != nullptr);
# EXT_STATUS_REQUEST -> status_request: StatusRequest(rec)[] &until($element == 0 || $element != 0); # EXT_STATUS_REQUEST -> status_request: StatusRequest(rec)[] &until($element == nullptr || $element != nullptr);
EXT_SERVER_NAME -> server_name: ServerNameExt(rec)[] &until($element == 0 || $element != 0); EXT_SERVER_NAME -> server_name: ServerNameExt(rec)[] &until($element == nullptr || $element != nullptr);
EXT_SIGNATURE_ALGORITHMS -> signature_algorithm: SignatureAlgorithm(rec)[] &until($element == 0 || $element != 0); EXT_SIGNATURE_ALGORITHMS -> signature_algorithm: SignatureAlgorithm(rec)[] &until($element == nullptr || $element != nullptr);
EXT_SIGNED_CERTIFICATE_TIMESTAMP -> certificate_timestamp: SignedCertificateTimestampList(rec)[] &until($element == 0 || $element != 0); EXT_SIGNED_CERTIFICATE_TIMESTAMP -> certificate_timestamp: SignedCertificateTimestampList(rec)[] &until($element == nullptr || $element != nullptr);
EXT_KEY_SHARE -> key_share: KeyShare(rec, this)[] &until($element == 0 || $element != 0); EXT_KEY_SHARE -> key_share: KeyShare(rec, this)[] &until($element == nullptr || $element != nullptr);
EXT_KEY_SHARE_OLD -> key_share_old: KeyShare(rec, this)[] &until($element == 0 || $element != 0); EXT_KEY_SHARE_OLD -> key_share_old: KeyShare(rec, this)[] &until($element == nullptr || $element != nullptr);
EXT_SUPPORTED_VERSIONS -> supported_versions_selector: SupportedVersionsSelector(rec, data_len)[] &until($element == 0 || $element != 0); EXT_SUPPORTED_VERSIONS -> supported_versions_selector: SupportedVersionsSelector(rec, data_len)[] &until($element == nullptr || $element != nullptr);
EXT_PSK_KEY_EXCHANGE_MODES -> psk_key_exchange_modes: PSKKeyExchangeModes(rec)[] &until($element == 0 || $element != 0); EXT_PSK_KEY_EXCHANGE_MODES -> psk_key_exchange_modes: PSKKeyExchangeModes(rec)[] &until($element == nullptr || $element != nullptr);
EXT_PRE_SHARED_KEY -> pre_shared_key: PreSharedKey(rec)[] &until($element == 0 || $element != 0); EXT_PRE_SHARED_KEY -> pre_shared_key: PreSharedKey(rec)[] &until($element == nullptr || $element != nullptr);
EXT_CONNECTION_ID -> connection_id: ConnectionId(rec)[] &until($element == 0 || $element != 0); EXT_CONNECTION_ID -> connection_id: ConnectionId(rec)[] &until($element == nullptr || $element != nullptr);
default -> data: bytestring &restofdata; default -> data: bytestring &restofdata;
}; };
} &length=data_len+4 &exportsourcedata; } &length=data_len+4 &exportsourcedata;
@ -1102,4 +1102,3 @@ refine connection Handshake_Conn += {
return true; return true;
%} %}
}; };

10
src/analyzer/protocol/zip/ZIP.cc
View file

@ -11,12 +11,12 @@ ZIP_Analyzer::ZIP_Analyzer(Connection* conn, bool orig, Method arg_method)
method = arg_method; method = arg_method;
zip = new z_stream; zip = new z_stream;
zip->zalloc = 0; zip->zalloc = nullptr;
zip->zfree = 0; zip->zfree = nullptr;
zip->opaque = 0; zip->opaque = nullptr;
zip->next_out = 0; zip->next_out = nullptr;
zip->avail_out = 0; zip->avail_out = 0;
zip->next_in = 0; zip->next_in = nullptr;
zip->avail_in = 0; zip->avail_in = 0;
// "32" is a gross overload hack that means "check it // "32" is a gross overload hack that means "check it

2
src/binpac-lib.pac
View file

@ -20,7 +20,7 @@ function bytestring_caseprefix(s1: const_bytestring, s2: const_charptr): bool
function bytestring_to_int(s: const_bytestring, base: int): int function bytestring_to_int(s: const_bytestring, base: int): int
%{ %{
return strtol((const char*) std_str(s).c_str(), 0, base); return strtol((const char*) std_str(s).c_str(), nullptr, base);
%} %}
function bytestring_to_double(s: const_bytestring): double function bytestring_to_double(s: const_bytestring): double

16
src/broker/Data.cc
View file

@ -530,15 +530,15 @@ struct type_checker {
else { else {
indices_to_check.reserve(indices->size()); indices_to_check.reserve(indices->size());
for ( size_t i = 0; i < indices->size(); ++i ) for ( const auto& idx : *indices )
indices_to_check.emplace_back(&(*indices)[i]); indices_to_check.emplace_back(&idx);
} }
} }
else { else {
indices_to_check.reserve(indices->size()); indices_to_check.reserve(indices->size());
for ( size_t i = 0; i < indices->size(); ++i ) for ( const auto& idx : *indices )
indices_to_check.emplace_back(&(*indices)[i]); indices_to_check.emplace_back(&idx);
} }
} }
else else
@ -580,15 +580,15 @@ struct type_checker {
else { else {
indices_to_check.reserve(indices->size()); indices_to_check.reserve(indices->size());
for ( size_t i = 0; i < indices->size(); ++i ) for ( const auto& idx : *indices )
indices_to_check.emplace_back(&(*indices)[i]); indices_to_check.emplace_back(&idx);
} }
} }
else { else {
indices_to_check.reserve(indices->size()); indices_to_check.reserve(indices->size());
for ( size_t i = 0; i < indices->size(); ++i ) for ( const auto& idx : *indices )
indices_to_check.emplace_back(&(*indices)[i]); indices_to_check.emplace_back(&idx);
} }
} }
else else

4
src/broker/Manager.cc
View file

@ -775,7 +775,7 @@ void Manager::Peer(const string& addr, uint16_t port, double retry) {
auto secs = broker::timeout::seconds(static_cast<uint64_t>(retry)); auto secs = broker::timeout::seconds(static_cast<uint64_t>(retry));
bstate->endpoint.peer_nosync(addr, port, secs); bstate->endpoint.peer_nosync(addr, port, secs);
bstate->outbound_peerings.emplace(broker::network_info(addr, port)); bstate->outbound_peerings.emplace(addr, port);
auto counts_as_iosource = get_option("Broker::peer_counts_as_iosource")->AsBool(); auto counts_as_iosource = get_option("Broker::peer_counts_as_iosource")->AsBool();
@ -1160,7 +1160,7 @@ RecordVal* Manager::MakeEvent(ValPList* args, zeek::detail::Frame* frame) {
zeek::Args cargs; zeek::Args cargs;
cargs.reserve(args->size()); cargs.reserve(args->size());
for ( auto* a : *args ) for ( auto* a : *args )
cargs.push_back({zeek::NewRef{}, a}); cargs.emplace_back(zeek::NewRef{}, a);
return MakeEvent(ArgsSpan{cargs}, frame)->Ref()->AsRecordVal(); return MakeEvent(ArgsSpan{cargs}, frame)->Ref()->AsRecordVal();
} }

6
src/cluster/serializer/broker/Serializer.cc
View file

@ -82,10 +82,8 @@ std::optional<broker::zeek::Event> detail::to_broker_event(const detail::Event&
for ( const auto& m : *meta ) { for ( const auto& m : *meta ) {
if ( auto res = zeek::Broker::detail::val_to_data(m.Val().get()); res.has_value() ) { if ( auto res = zeek::Broker::detail::val_to_data(m.Val().get()); res.has_value() ) {
broker::vector entry(2); broker::vector entry{static_cast<broker::count>(m.Id()), res.value()};
entry[0] = static_cast<broker::count>(m.Id()); broker_meta.emplace_back(std::move(entry));
entry[1] = res.value();
broker_meta.push_back(std::move(entry));
} }
else { else {
// Just for sanity - we should never get here. // Just for sanity - we should never get here.

4
src/digest.cc
View file

@ -57,7 +57,7 @@ HashDigestState* hash_init(HashAlgorithm alg) {
default: reporter->InternalError("Unknown hash algorithm passed to hash_init"); default: reporter->InternalError("Unknown hash algorithm passed to hash_init");
} }
if ( ! EVP_DigestInit_ex(c, md, NULL) ) if ( ! EVP_DigestInit_ex(c, md, nullptr) )
reporter->InternalError("EVP_DigestInit failed"); reporter->InternalError("EVP_DigestInit failed");
return to_opaque_ptr(c); return to_opaque_ptr(c);
@ -74,7 +74,7 @@ void hash_final(HashDigestState* c, u_char* md) {
} }
void hash_final_no_free(HashDigestState* c, u_char* md) { void hash_final_no_free(HashDigestState* c, u_char* md) {
if ( ! EVP_DigestFinal(to_native_ptr(c), md, NULL) ) if ( ! EVP_DigestFinal(to_native_ptr(c), md, nullptr) )
reporter->InternalError("EVP_DigestFinal failed"); reporter->InternalError("EVP_DigestFinal failed");
} }

2
src/file_analysis/Analyzer.cc
View file

@ -24,7 +24,7 @@ void Analyzer::SetAnalyzerTag(const zeek::Tag& arg_tag) {
} }
Analyzer::Analyzer(zeek::Tag arg_tag, RecordValPtr arg_args, File* arg_file) Analyzer::Analyzer(zeek::Tag arg_tag, RecordValPtr arg_args, File* arg_file)
: tag(arg_tag), : tag(std::move(arg_tag)),
args(std::move(arg_args)), args(std::move(arg_args)),
file(arg_file), file(arg_file),
got_stream_delivery(false), got_stream_delivery(false),

2
src/file_analysis/FileReassembler.cc
View file

@ -11,7 +11,7 @@ namespace zeek::file_analysis {
class File; class File;
FileReassembler::FileReassembler(File* f, uint64_t starting_offset) FileReassembler::FileReassembler(File* f, uint64_t starting_offset)
: Reassembler(starting_offset, REASSEM_FILE), the_file(f), flushing(false) {} : Reassembler(starting_offset, REASSEM_FILE), the_file(f) {}
uint64_t FileReassembler::Flush() { uint64_t FileReassembler::Flush() {
if ( flushing ) if ( flushing )

4
src/file_analysis/FileTimer.cc
View file

@ -7,8 +7,8 @@
namespace zeek::file_analysis::detail { namespace zeek::file_analysis::detail {
FileTimer::FileTimer(double t, const std::string& id, double interval) FileTimer::FileTimer(double t, std::string id, double interval)
: zeek::detail::Timer(t + interval, zeek::detail::TIMER_FILE_ANALYSIS_INACTIVITY), file_id(id) { : zeek::detail::Timer(t + interval, zeek::detail::TIMER_FILE_ANALYSIS_INACTIVITY), file_id(std::move(id)) {
DBG_LOG(DBG_FILE_ANALYSIS, "New %f second timeout timer for %s", interval, file_id.c_str()); DBG_LOG(DBG_FILE_ANALYSIS, "New %f second timeout timer for %s", interval, file_id.c_str());
} }

2
src/file_analysis/FileTimer.h
View file

@ -19,7 +19,7 @@ public:
* @param id the file identifier which will be checked for inactivity. * @param id the file identifier which will be checked for inactivity.
* @param interval amount of time after \a t to check for inactivity. * @param interval amount of time after \a t to check for inactivity.
*/ */
FileTimer(double t, const std::string& id, double interval); FileTimer(double t, std::string id, double interval);
/** /**
* Check inactivity of file_analysis::File corresponding to #file_id, * Check inactivity of file_analysis::File corresponding to #file_id,

12
src/file_analysis/Manager.cc
View file

@ -24,8 +24,8 @@ Manager::Manager()
max_files(0) {} max_files(0) {}
Manager::~Manager() { Manager::~Manager() {
for ( MIMEMap::iterator i = mime_types.begin(); i != mime_types.end(); i++ ) for ( const auto& [_, tag] : mime_types )
delete i->second; delete tag;
// Have to assume that too much of Zeek has been shutdown by this point // Have to assume that too much of Zeek has been shutdown by this point
// to do anything more than reclaim memory. // to do anything more than reclaim memory.
@ -473,12 +473,12 @@ VectorValPtr GenMIMEMatchesVal(const zeek::detail::RuleMatcher::MIME_Matches& m)
static auto mime_match = id::find_type<RecordType>("mime_match"); static auto mime_match = id::find_type<RecordType>("mime_match");
auto rval = make_intrusive<VectorVal>(mime_matches); auto rval = make_intrusive<VectorVal>(mime_matches);
for ( zeek::detail::RuleMatcher::MIME_Matches::const_iterator it = m.begin(); it != m.end(); ++it ) { for ( const auto& [index, match] : m ) {
auto element = make_intrusive<RecordVal>(mime_match); auto element = make_intrusive<RecordVal>(mime_match);
for ( set<string>::const_iterator it2 = it->second.begin(); it2 != it->second.end(); ++it2 ) { for ( const string& match_str : match ) {
element->Assign(0, it->first); element->Assign(0, index);
element->Assign(1, *it2); element->Assign(1, match_str);
} }
rval->Assign(rval->Size(), std::move(element)); rval->Assign(rval->Size(), std::move(element));

4
src/file_analysis/analyzer/extract/Extract.cc
View file

@ -11,10 +11,10 @@
namespace zeek::file_analysis::detail { namespace zeek::file_analysis::detail {
Extract::Extract(RecordValPtr args, file_analysis::File* file, const std::string& arg_filename, uint64_t arg_limit, Extract::Extract(RecordValPtr args, file_analysis::File* file, std::string arg_filename, uint64_t arg_limit,
bool arg_limit_includes_missing) bool arg_limit_includes_missing)
: file_analysis::Analyzer(file_mgr->GetComponentTag("EXTRACT"), std::move(args), file), : file_analysis::Analyzer(file_mgr->GetComponentTag("EXTRACT"), std::move(args), file),
filename(arg_filename), filename(std::move(arg_filename)),
limit(arg_limit), limit(arg_limit),
written(0), written(0),
limit_includes_missing(arg_limit_includes_missing) { limit_includes_missing(arg_limit_includes_missing) {

2
src/file_analysis/analyzer/extract/Extract.h
View file

@ -64,7 +64,7 @@ protected:
* @param arg_limit the maximum allowed file size. * @param arg_limit the maximum allowed file size.
* @param arg_limit_includes_missing missing bytes count towards limit if true. * @param arg_limit_includes_missing missing bytes count towards limit if true.
*/ */
Extract(RecordValPtr args, file_analysis::File* file, const std::string& arg_filename, uint64_t arg_limit, Extract(RecordValPtr args, file_analysis::File* file, std::string arg_filename, uint64_t arg_limit,
bool arg_limit_includes_missing); bool arg_limit_includes_missing);
private: private:

4
src/file_analysis/analyzer/pe/pe-analyzer.pac
View file

@ -31,7 +31,7 @@ zeek::TableValPtr characteristics_to_zeek(uint32_t c, uint8_t len)
if ( ((c >> i) & 0x1) == 1 ) if ( ((c >> i) & 0x1) == 1 )
{ {
auto ch = zeek::val_mgr->Count((1<<i)&mask); auto ch = zeek::val_mgr->Count((1<<i)&mask);
char_set->Assign(std::move(ch), 0); char_set->Assign(std::move(ch), nullptr);
} }
} }
@ -172,7 +172,7 @@ refine flow File += {
// Strip null characters from the end of the section name. // Strip null characters from the end of the section name.
u_char* first_null = (u_char*) memchr(${h.name}.data(), 0, ${h.name}.length()); u_char* first_null = (u_char*) memchr(${h.name}.data(), 0, ${h.name}.length());
uint16 name_len; uint16 name_len;
if ( first_null == NULL ) if ( first_null == nullptr )
name_len = ${h.name}.length(); name_len = ${h.name}.length();
else else
name_len = first_null - ${h.name}.data(); name_len = first_null - ${h.name}.data();

4
src/file_analysis/analyzer/x509/OCSP.cc
View file

@ -125,7 +125,7 @@ bool OCSP::EndOfFile() {
const unsigned char* ocsp_char = reinterpret_cast<const unsigned char*>(ocsp_data.data()); const unsigned char* ocsp_char = reinterpret_cast<const unsigned char*>(ocsp_data.data());
if ( request ) { if ( request ) {
OCSP_REQUEST* req = d2i_OCSP_REQUEST(NULL, &ocsp_char, ocsp_data.size()); OCSP_REQUEST* req = d2i_OCSP_REQUEST(nullptr, &ocsp_char, ocsp_data.size());
if ( ! req ) { if ( ! req ) {
reporter->Weird(GetFile(), "openssl_ocsp_request_parse_error"); reporter->Weird(GetFile(), "openssl_ocsp_request_parse_error");
@ -136,7 +136,7 @@ bool OCSP::EndOfFile() {
OCSP_REQUEST_free(req); OCSP_REQUEST_free(req);
} }
else { else {
OCSP_RESPONSE* resp = d2i_OCSP_RESPONSE(NULL, &ocsp_char, ocsp_data.size()); OCSP_RESPONSE* resp = d2i_OCSP_RESPONSE(nullptr, &ocsp_char, ocsp_data.size());
if ( ! resp ) { if ( ! resp ) {
reporter->Weird(GetFile(), "openssl_ocsp_response_parse_error"); reporter->Weird(GetFile(), "openssl_ocsp_response_parse_error");

38
src/file_analysis/analyzer/x509/X509.cc
View file

@ -65,7 +65,7 @@ bool X509::EndOfFile() {
// ok, now we can try to parse the certificate with openssl. Should // ok, now we can try to parse the certificate with openssl. Should
// be rather straightforward... // be rather straightforward...
::X509* ssl_cert = d2i_X509(NULL, &cert_char, cert_data.size()); ::X509* ssl_cert = d2i_X509(nullptr, &cert_char, cert_data.size());
if ( ! ssl_cert ) { if ( ! ssl_cert ) {
reporter->Weird(GetFile(), "x509_cert_parse_error"); reporter->Weird(GetFile(), "x509_cert_parse_error");
return false; return false;
@ -155,7 +155,7 @@ RecordValPtr X509::ParseCertificate(X509Val* cert_val, file_analysis::File* f) {
// if the string is longer than 255, that will be our null-termination, // if the string is longer than 255, that will be our null-termination,
// otherwise i2t does null-terminate. // otherwise i2t does null-terminate.
ASN1_OBJECT* algorithm; ASN1_OBJECT* algorithm;
X509_PUBKEY_get0_param(&algorithm, NULL, NULL, NULL, X509_get_X509_PUBKEY(ssl_cert)); X509_PUBKEY_get0_param(&algorithm, nullptr, nullptr, nullptr, X509_get_X509_PUBKEY(ssl_cert));
if ( ! i2t_ASN1_OBJECT(buf, 255, algorithm) ) if ( ! i2t_ASN1_OBJECT(buf, 255, algorithm) )
buf[0] = 0; buf[0] = 0;
@ -165,7 +165,7 @@ RecordValPtr X509::ParseCertificate(X509Val* cert_val, file_analysis::File* f) {
i2a_ASN1_OBJECT(bio, ssl_cert->sig_alg->algorithm); i2a_ASN1_OBJECT(bio, ssl_cert->sig_alg->algorithm);
#else #else
const ASN1_OBJECT* alg; const ASN1_OBJECT* alg;
X509_ALGOR_get0(&alg, NULL, NULL, X509_get0_tbs_sigalg(ssl_cert)); X509_ALGOR_get0(&alg, nullptr, nullptr, X509_get0_tbs_sigalg(ssl_cert));
i2a_ASN1_OBJECT(bio, alg); i2a_ASN1_OBJECT(bio, alg);
#endif #endif
len = BIO_gets(bio, buf, sizeof(buf)); len = BIO_gets(bio, buf, sizeof(buf));
@ -180,13 +180,13 @@ RecordValPtr X509::ParseCertificate(X509Val* cert_val, file_analysis::File* f) {
if ( OBJ_obj2nid(algorithm) == NID_md5WithRSAEncryption ) { if ( OBJ_obj2nid(algorithm) == NID_md5WithRSAEncryption ) {
ASN1_OBJECT* copy = OBJ_dup(algorithm); // the next line will destroy the original algorithm. ASN1_OBJECT* copy = OBJ_dup(algorithm); // the next line will destroy the original algorithm.
X509_PUBKEY_set0_param(X509_get_X509_PUBKEY(ssl_cert), OBJ_nid2obj(NID_rsaEncryption), 0, NULL, NULL, 0); X509_PUBKEY_set0_param(X509_get_X509_PUBKEY(ssl_cert), OBJ_nid2obj(NID_rsaEncryption), 0, nullptr, nullptr, 0);
algorithm = copy; algorithm = copy;
// we do not have to worry about freeing algorithm in that case - since it will be // we do not have to worry about freeing algorithm in that case - since it will be
// re-assigned using set0_param and the cert will take ownership. // re-assigned using set0_param and the cert will take ownership.
} }
else else
algorithm = 0; algorithm = nullptr;
if ( ! i2t_ASN1_OBJECT(buf, 255, OBJ_nid2obj(X509_get_signature_nid(ssl_cert))) ) if ( ! i2t_ASN1_OBJECT(buf, 255, OBJ_nid2obj(X509_get_signature_nid(ssl_cert))) )
buf[0] = 0; buf[0] = 0;
@ -195,7 +195,7 @@ RecordValPtr X509::ParseCertificate(X509Val* cert_val, file_analysis::File* f) {
// Things we can do when we have the key... // Things we can do when we have the key...
EVP_PKEY* pkey = X509_extract_key(ssl_cert); EVP_PKEY* pkey = X509_extract_key(ssl_cert);
if ( pkey != NULL ) { if ( pkey != nullptr ) {
if ( EVP_PKEY_base_id(pkey) == EVP_PKEY_DSA ) if ( EVP_PKEY_base_id(pkey) == EVP_PKEY_DSA )
pX509Cert->Assign(9, "dsa"); pX509Cert->Assign(9, "dsa");
@ -204,7 +204,7 @@ RecordValPtr X509::ParseCertificate(X509Val* cert_val, file_analysis::File* f) {
#if OPENSSL_VERSION_NUMBER < 0x30000000L #if OPENSSL_VERSION_NUMBER < 0x30000000L
const BIGNUM* e = nullptr; const BIGNUM* e = nullptr;
RSA_get0_key(EVP_PKEY_get0_RSA(pkey), NULL, &e, NULL); RSA_get0_key(EVP_PKEY_get0_RSA(pkey), nullptr, &e, nullptr);
#else #else
BIGNUM* e = nullptr; BIGNUM* e = nullptr;
EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_E, &e); EVP_PKEY_get_bn_param(pkey, OSSL_PKEY_PARAM_RSA_E, &e);
@ -216,10 +216,10 @@ RecordValPtr X509::ParseCertificate(X509Val* cert_val, file_analysis::File* f) {
BN_free(e); BN_free(e);
e = nullptr; e = nullptr;
#endif #endif
if ( exponent != NULL ) { if ( exponent != nullptr ) {
pX509Cert->Assign(11, exponent); pX509Cert->Assign(11, exponent);
OPENSSL_free(exponent); OPENSSL_free(exponent);
exponent = NULL; exponent = nullptr;
} }
} }
#ifndef OPENSSL_NO_EC #ifndef OPENSSL_NO_EC
@ -232,7 +232,7 @@ RecordValPtr X509::ParseCertificate(X509Val* cert_val, file_analysis::File* f) {
// set key algorithm back. We do not have to free the value that we created because (I // set key algorithm back. We do not have to free the value that we created because (I
// think) it comes out of a static array from OpenSSL memory. // think) it comes out of a static array from OpenSSL memory.
if ( algorithm ) if ( algorithm )
X509_PUBKEY_set0_param(X509_get_X509_PUBKEY(ssl_cert), algorithm, 0, NULL, NULL, 0); X509_PUBKEY_set0_param(X509_get_X509_PUBKEY(ssl_cert), algorithm, 0, nullptr, nullptr, 0);
unsigned int length = KeyLength(pkey); unsigned int length = KeyLength(pkey);
if ( length > 0 ) if ( length > 0 )
@ -259,9 +259,9 @@ X509_STORE* X509::GetRootStore(TableVal* root_certs) {
StringVal* sv = val->AsStringVal(); StringVal* sv = val->AsStringVal();
assert(sv); assert(sv);
const uint8_t* data = sv->Bytes(); const uint8_t* data = sv->Bytes();
::X509* x = d2i_X509(NULL, &data, sv->Len()); ::X509* x = d2i_X509(nullptr, &data, sv->Len());
if ( ! x ) { if ( ! x ) {
emit_builtin_error(util::fmt("Root CA error: %s", ERR_error_string(ERR_get_error(), NULL))); emit_builtin_error(util::fmt("Root CA error: %s", ERR_error_string(ERR_get_error(), nullptr)));
return nullptr; return nullptr;
} }
@ -443,7 +443,7 @@ StringValPtr X509::KeyCurve(EVP_PKEY* key) {
#if OPENSSL_VERSION_NUMBER < 0x30000000L #if OPENSSL_VERSION_NUMBER < 0x30000000L
const EC_GROUP* group; const EC_GROUP* group;
int nid; int nid;
if ( (group = EC_KEY_get0_group(EVP_PKEY_get0_EC_KEY(key))) == NULL ) if ( (group = EC_KEY_get0_group(EVP_PKEY_get0_EC_KEY(key))) == nullptr )
// I guess we could not parse this // I guess we could not parse this
return nullptr; return nullptr;
@ -468,13 +468,13 @@ StringValPtr X509::KeyCurve(EVP_PKEY* key) {
} }
unsigned int X509::KeyLength(EVP_PKEY* key) { unsigned int X509::KeyLength(EVP_PKEY* key) {
assert(key != NULL); assert(key != nullptr);
switch ( EVP_PKEY_base_id(key) ) { switch ( EVP_PKEY_base_id(key) ) {
case EVP_PKEY_RSA: { case EVP_PKEY_RSA: {
#if OPENSSL_VERSION_NUMBER < 0x30000000L #if OPENSSL_VERSION_NUMBER < 0x30000000L
const BIGNUM* n = nullptr; const BIGNUM* n = nullptr;
RSA_get0_key(EVP_PKEY_get0_RSA(key), &n, NULL, NULL); RSA_get0_key(EVP_PKEY_get0_RSA(key), &n, nullptr, nullptr);
return BN_num_bits(n); return BN_num_bits(n);
#else #else
BIGNUM* n = nullptr; BIGNUM* n = nullptr;
@ -488,7 +488,7 @@ unsigned int X509::KeyLength(EVP_PKEY* key) {
case EVP_PKEY_DSA: { case EVP_PKEY_DSA: {
#if OPENSSL_VERSION_NUMBER < 0x30000000L #if OPENSSL_VERSION_NUMBER < 0x30000000L
const BIGNUM* p; const BIGNUM* p;
DSA_get0_pqg(EVP_PKEY_get0_DSA(key), &p, NULL, NULL); DSA_get0_pqg(EVP_PKEY_get0_DSA(key), &p, nullptr, nullptr);
return BN_num_bits(p); return BN_num_bits(p);
#else #else
BIGNUM* p = nullptr; BIGNUM* p = nullptr;
@ -516,7 +516,7 @@ unsigned int X509::KeyLength(EVP_PKEY* key) {
return 0; return 0;
} }
if ( ! EC_GROUP_get_order(group, ec_order, NULL) ) { if ( ! EC_GROUP_get_order(group, ec_order, nullptr) ) {
// could not get ec-group-order // could not get ec-group-order
BN_free(ec_order); BN_free(ec_order);
return 0; return 0;
@ -539,7 +539,7 @@ unsigned int X509::KeyLength(EVP_PKEY* key) {
X509Val::X509Val(::X509* arg_certificate) : OpaqueVal(x509_opaque_type) { certificate = arg_certificate; } X509Val::X509Val(::X509* arg_certificate) : OpaqueVal(x509_opaque_type) { certificate = arg_certificate; }
X509Val::X509Val() : OpaqueVal(x509_opaque_type) { certificate = 0; } X509Val::X509Val() : OpaqueVal(x509_opaque_type) { certificate = nullptr; }
X509Val::~X509Val() { X509Val::~X509Val() {
if ( certificate ) if ( certificate )
@ -578,7 +578,7 @@ bool X509Val::DoUnserializeData(BrokerDataView data) {
auto s = data.ToString(); auto s = data.ToString();
auto opensslbuf = reinterpret_cast<const unsigned char*>(s.data()); auto opensslbuf = reinterpret_cast<const unsigned char*>(s.data());
certificate = d2i_X509(NULL, &opensslbuf, s.size()); certificate = d2i_X509(nullptr, &opensslbuf, s.size());
return certificate != nullptr; return certificate != nullptr;
} }

2
src/file_analysis/analyzer/x509/X509Common.cc
View file

@ -180,7 +180,7 @@ void X509Common::ParseSignedCertificateTimestamps(X509_EXTENSION* ext) {
unsigned char* ext_val_second_pointer = ext_val_copy; unsigned char* ext_val_second_pointer = ext_val_copy;
memcpy(ext_val_copy, ext_val->data, ext_val->length); memcpy(ext_val_copy, ext_val->data, ext_val->length);
ASN1_OCTET_STRING* inner = d2i_ASN1_OCTET_STRING(NULL, (const unsigned char**)&ext_val_copy, ext_val->length); ASN1_OCTET_STRING* inner = d2i_ASN1_OCTET_STRING(nullptr, (const unsigned char**)&ext_val_copy, ext_val->length);
if ( ! inner ) { if ( ! inner ) {
OPENSSL_free(ext_val_second_pointer); OPENSSL_free(ext_val_second_pointer);
reporter->Error("X509::ParseSignedCertificateTimestamps could not parse inner octet string"); reporter->Error("X509::ParseSignedCertificateTimestamps could not parse inner octet string");

44
src/file_analysis/analyzer/x509/functions.bif
View file

@ -31,8 +31,8 @@ STACK_OF(X509)* x509_get_untrusted_stack(zeek::VectorVal* certs_vec)
if ( ! untrusted_certs ) if ( ! untrusted_certs )
{ {
zeek::emit_builtin_error(zeek::util::fmt("Untrusted certificate stack initialization error: %s", zeek::emit_builtin_error(zeek::util::fmt("Untrusted certificate stack initialization error: %s",
ERR_error_string(ERR_get_error(),NULL))); ERR_error_string(ERR_get_error(), nullptr)));
return 0; return nullptr;
} }
for ( int i = 1; i < (int) certs_vec->Size(); ++i ) // start at 1 - 0 is host cert for ( int i = 1; i < (int) certs_vec->Size(); ++i ) // start at 1 - 0 is host cert
@ -48,7 +48,7 @@ STACK_OF(X509)* x509_get_untrusted_stack(zeek::VectorVal* certs_vec)
{ {
sk_X509_free(untrusted_certs); sk_X509_free(untrusted_certs);
zeek::emit_builtin_error("No certificate in opaque in stack"); zeek::emit_builtin_error("No certificate in opaque in stack");
return 0; return nullptr;
} }
sk_X509_push(untrusted_certs, x); sk_X509_push(untrusted_certs, x);
@ -73,10 +73,10 @@ X509* x509_get_ocsp_signer(const STACK_OF(X509)* certs,
else if ( resp_id->type == V_OCSP_RESPID_KEY ) else if ( resp_id->type == V_OCSP_RESPID_KEY )
key = resp_id->value.byKey; key = resp_id->value.byKey;
else else
return 0; return nullptr;
#else #else
if ( ! OCSP_resp_get0_id(basic_resp, &key, &name) ) if ( ! OCSP_resp_get0_id(basic_resp, &key, &name) )
return 0; return nullptr;
#endif #endif
if ( name ) if ( name )
@ -85,7 +85,7 @@ X509* x509_get_ocsp_signer(const STACK_OF(X509)* certs,
// Just like OpenSSL, we just support SHA-1 lookups and bail out otherwise. // Just like OpenSSL, we just support SHA-1 lookups and bail out otherwise.
if ( key->length != SHA_DIGEST_LENGTH ) if ( key->length != SHA_DIGEST_LENGTH )
return 0; return nullptr;
unsigned char* key_hash = key->data; unsigned char* key_hash = key->data;
@ -93,7 +93,7 @@ X509* x509_get_ocsp_signer(const STACK_OF(X509)* certs,
{ {
unsigned char digest[SHA_DIGEST_LENGTH]; unsigned char digest[SHA_DIGEST_LENGTH];
X509* cert = sk_X509_value(certs, i); X509* cert = sk_X509_value(certs, i);
if ( ! X509_pubkey_digest(cert, EVP_sha1(), digest, NULL) ) if ( ! X509_pubkey_digest(cert, EVP_sha1(), digest, nullptr) )
// digest failed for this certificate, try with next // digest failed for this certificate, try with next
continue; continue;
@ -102,7 +102,7 @@ X509* x509_get_ocsp_signer(const STACK_OF(X509)* certs,
return cert; return cert;
} }
return 0; return nullptr;
} }
// Convert hash algorithm registry numbers to the OpenSSL EVP_MD. // Convert hash algorithm registry numbers to the OpenSSL EVP_MD.
@ -304,21 +304,21 @@ function x509_ocsp_verify%(certs: x509_opaque_vector, ocsp_reply: string, root_c
// from here, always goto cleanup. Initialize all other required variables... // from here, always goto cleanup. Initialize all other required variables...
time_t vtime = (time_t) verify_time; time_t vtime = (time_t) verify_time;
OCSP_BASICRESP *basic = 0; OCSP_BASICRESP *basic = nullptr;
OCSP_SINGLERESP *single = 0; OCSP_SINGLERESP *single = nullptr;
X509_STORE_CTX *csc = 0; X509_STORE_CTX *csc = nullptr;
OCSP_CERTID *certid = 0; OCSP_CERTID *certid = nullptr;
stack_st_X509* ocsp_certs = nullptr; stack_st_X509* ocsp_certs = nullptr;
int status = -1; int status = -1;
int out = -1; int out = -1;
int result = -1; int result = -1;
X509* issuer_certificate = 0; X509* issuer_certificate = nullptr;
X509* signer = 0; X509* signer = nullptr;
ASN1_GENERALIZEDTIME* thisUpdate = nullptr; ASN1_GENERALIZEDTIME* thisUpdate = nullptr;
ASN1_GENERALIZEDTIME* nextUpdate = nullptr; ASN1_GENERALIZEDTIME* nextUpdate = nullptr;
int type = -1; int type = -1;
OCSP_RESPONSE *resp = d2i_OCSP_RESPONSE(NULL, &start, ocsp_reply->Len()); OCSP_RESPONSE *resp = d2i_OCSP_RESPONSE(nullptr, &start, ocsp_reply->Len());
if ( ! resp ) if ( ! resp )
{ {
@ -348,7 +348,7 @@ function x509_ocsp_verify%(certs: x509_opaque_vector, ocsp_reply: string, root_c
// the lookup. // the lookup.
// Yay. // Yay.
issuer_certificate = 0; issuer_certificate = nullptr;
for ( int i = 0; i < sk_X509_num(untrusted_certs); i++) for ( int i = 0; i < sk_X509_num(untrusted_certs); i++)
{ {
OCSP_basic_add1_cert(basic, sk_X509_value(untrusted_certs, i)); OCSP_basic_add1_cert(basic, sk_X509_value(untrusted_certs, i));
@ -404,10 +404,10 @@ function x509_ocsp_verify%(certs: x509_opaque_vector, ocsp_reply: string, root_c
// We pass OCSP_NOVERIFY to let OCSP_basic_verify skip the chain verification. // We pass OCSP_NOVERIFY to let OCSP_basic_verify skip the chain verification.
// With that, it only verifies the signature of the basic response and we are responsible // With that, it only verifies the signature of the basic response and we are responsible
// for the chain ourselves. We have to do that since we cannot get OCSP_basic_verify to use our timestamp. // for the chain ourselves. We have to do that since we cannot get OCSP_basic_verify to use our timestamp.
out = OCSP_basic_verify(basic, NULL, ctx, OCSP_NOVERIFY); out = OCSP_basic_verify(basic, nullptr, ctx, OCSP_NOVERIFY);
if ( out < 1 ) if ( out < 1 )
{ {
rval = x509_result_record(out, ERR_error_string(ERR_get_error(),NULL)); rval = x509_result_record(out, ERR_error_string(ERR_get_error(), nullptr));
goto x509_ocsp_cleanup; goto x509_ocsp_cleanup;
} }
@ -421,7 +421,7 @@ function x509_ocsp_verify%(certs: x509_opaque_vector, ocsp_reply: string, root_c
// into accepting. // into accepting.
if ( issuer_certificate ) if ( issuer_certificate )
certid = OCSP_cert_to_id(NULL, cert, issuer_certificate); certid = OCSP_cert_to_id(nullptr, cert, issuer_certificate);
else else
{ {
// issuer not in list sent by server, check store // issuer not in list sent by server, check store
@ -434,7 +434,7 @@ function x509_ocsp_verify%(certs: x509_opaque_vector, ocsp_reply: string, root_c
goto x509_ocsp_cleanup; goto x509_ocsp_cleanup;
} }
certid = OCSP_cert_to_id(NULL, cert,X509_OBJECT_get0_X509( obj)); certid = OCSP_cert_to_id(nullptr, cert,X509_OBJECT_get0_X509( obj));
X509_OBJECT_free(obj); X509_OBJECT_free(obj);
} }
@ -457,7 +457,7 @@ function x509_ocsp_verify%(certs: x509_opaque_vector, ocsp_reply: string, root_c
return x509_result_record(-1, "OCSP reply is not for host certificate"); return x509_result_record(-1, "OCSP reply is not for host certificate");
// next - check freshness of proof... // next - check freshness of proof...
type = OCSP_single_get0_status(single, NULL, NULL, &thisUpdate, &nextUpdate); type = OCSP_single_get0_status(single, nullptr, nullptr, &thisUpdate, &nextUpdate);
if ( type == -1 ) if ( type == -1 )
{ {
@ -774,7 +774,7 @@ function sct_verify%(cert: opaque of x509, logid: string, log_key: string, signa
goto sct_verify_err; goto sct_verify_err;
} }
if ( ! EVP_DigestVerifyInit(mdctx, NULL, hash, NULL, key) ) if ( ! EVP_DigestVerifyInit(mdctx, nullptr, hash, nullptr, key) )
{ {
errstr = "Could not init signature verification"; errstr = "Could not init signature verification";
goto sct_verify_err; goto sct_verify_err;

77
src/input/Manager.cc
View file

@ -51,16 +51,16 @@ static void input_hash_delete_func(void* val) {
class Manager::Stream { class Manager::Stream {
public: public:
string name; string name;
bool removed; bool removed = false;
StreamType stream_type; // to distinguish between event and table streams StreamType stream_type; // to distinguish between event and table streams
EnumVal* type; EnumVal* type = nullptr;
ReaderFrontend* reader; ReaderFrontend* reader = nullptr;
TableVal* config; TableVal* config = nullptr;
EventHandlerPtr error_event; EventHandlerPtr error_event;
RecordVal* description; RecordVal* description = nullptr;
virtual ~Stream(); virtual ~Stream();
@ -68,8 +68,7 @@ protected:
Stream(StreamType t); Stream(StreamType t);
}; };
Manager::Stream::Stream(StreamType t) Manager::Stream::Stream(StreamType t) : stream_type(t) {}
: name(), removed(), stream_type(t), type(), reader(), config(), error_event(), description() {}
Manager::Stream::~Stream() { Manager::Stream::~Stream() {
Unref(type); Unref(type);
@ -80,18 +79,18 @@ Manager::Stream::~Stream() {
class Manager::TableStream final : public Manager::Stream { class Manager::TableStream final : public Manager::Stream {
public: public:
unsigned int num_idx_fields; unsigned int num_idx_fields = 0;
unsigned int num_val_fields; unsigned int num_val_fields = 0;
bool want_record; bool want_record = false;
TableVal* tab; TableVal* tab = nullptr;
RecordType* rtype; RecordType* rtype = nullptr;
RecordType* itype; RecordType* itype = nullptr;
PDict<InputHash>* currDict; PDict<InputHash>* currDict = nullptr;
PDict<InputHash>* lastDict; PDict<InputHash>* lastDict = nullptr;
Func* pred; Func* pred = nullptr;
EventHandlerPtr event; EventHandlerPtr event;
@ -103,7 +102,7 @@ class Manager::EventStream final : public Manager::Stream {
public: public:
EventHandlerPtr event; EventHandlerPtr event;
RecordType* fields; RecordType* fields = nullptr;
unsigned int num_fields; unsigned int num_fields;
bool want_record; bool want_record;
@ -119,21 +118,9 @@ public:
~AnalysisStream() override = default; ~AnalysisStream() override = default;
}; };
Manager::TableStream::TableStream() Manager::TableStream::TableStream() : Manager::Stream::Stream(TABLE_STREAM) {}
: Manager::Stream::Stream(TABLE_STREAM),
num_idx_fields(),
num_val_fields(),
want_record(),
tab(),
rtype(),
itype(),
currDict(),
lastDict(),
pred(),
event() {}
Manager::EventStream::EventStream() Manager::EventStream::EventStream() : Manager::Stream::Stream(EVENT_STREAM) {}
: Manager::Stream::Stream(EVENT_STREAM), event(), fields(), num_fields(), want_record() {}
Manager::EventStream::~EventStream() { Manager::EventStream::~EventStream() {
if ( fields ) if ( fields )
@ -169,9 +156,9 @@ Manager::Manager() : plugin::ComponentManager<input::Component>("Input", "Reader
} }
Manager::~Manager() { Manager::~Manager() {
for ( map<ReaderFrontend*, Stream*>::iterator s = readers.begin(); s != readers.end(); ++s ) { for ( auto& [frontend, stream] : readers ) {
delete s->second; delete stream;
delete s->first; delete frontend;
} }
} }
@ -1439,8 +1426,8 @@ int Manager::SendEventStreamEvent(Stream* i, EnumVal* type, const Value* const*
if ( convert_error ) { if ( convert_error ) {
// we have an error somewhere in our out_vals. Just delete all of them. // we have an error somewhere in our out_vals. Just delete all of them.
for ( list<Val*>::const_iterator it = out_vals.begin(), end = out_vals.end(); it != end; ++it ) for ( auto* val : out_vals )
Unref(*it); Unref(val);
} }
else else
SendEvent(stream->event, out_vals); SendEvent(stream->event, out_vals);
@ -1712,8 +1699,8 @@ void Manager::SendEvent(EventHandlerPtr ev, list<Val*> events) const {
DBG_LOG(DBG_INPUT, "SendEvent with %" PRIuPTR " vals (list)", events.size()); DBG_LOG(DBG_INPUT, "SendEvent with %" PRIuPTR " vals (list)", events.size());
#endif #endif
for ( list<Val*>::iterator i = events.begin(); i != events.end(); i++ ) for ( auto* val : events )
vl.emplace_back(AdoptRef{}, *i); vl.emplace_back(AdoptRef{}, val);
if ( ev ) if ( ev )
event_mgr.Enqueue(ev, std::move(vl), util::detail::SOURCE_LOCAL); event_mgr.Enqueue(ev, std::move(vl), util::detail::SOURCE_LOCAL);
@ -2167,9 +2154,9 @@ Val* Manager::ValueToVal(const Stream* i, const Value* val, Type* request_type,
} }
Manager::Stream* Manager::FindStream(const string& name) const { Manager::Stream* Manager::FindStream(const string& name) const {
for ( auto s = readers.begin(); s != readers.end(); ++s ) { for ( const auto& [_, stream] : readers ) {
if ( (*s).second->name == name ) if ( stream->name == name )
return (*s).second; return stream;
} }
return nullptr; return nullptr;
@ -2186,12 +2173,12 @@ Manager::Stream* Manager::FindStream(ReaderFrontend* reader) const {
// Function is called on Zeek shutdown. // Function is called on Zeek shutdown.
// Signal all frontends that they will cease operation. // Signal all frontends that they will cease operation.
void Manager::Terminate() { void Manager::Terminate() {
for ( map<ReaderFrontend*, Stream*>::iterator i = readers.begin(); i != readers.end(); ++i ) { for ( const auto& [_, stream] : readers ) {
if ( i->second->removed ) if ( stream->removed )
continue; continue;
i->second->removed = true; stream->removed = true;
i->second->reader->Stop(); stream->reader->Stop();
} }
} }

11
src/input/readers/ascii/Ascii.cc
View file

@ -17,17 +17,14 @@ using zeek::threading::Value;
namespace zeek::input::reader::detail { namespace zeek::input::reader::detail {
FieldMapping::FieldMapping(const string& arg_name, const TypeTag& arg_type, int arg_position) FieldMapping::FieldMapping(string arg_name, const TypeTag& arg_type, int arg_position)
: name(arg_name), type(arg_type), subtype(TYPE_ERROR) { : name(std::move(arg_name)), type(arg_type), subtype(TYPE_ERROR), position(arg_position) {
position = arg_position;
secondary_position = -1; secondary_position = -1;
present = true; present = true;
} }
FieldMapping::FieldMapping(const string& arg_name, const TypeTag& arg_type, const TypeTag& arg_subtype, FieldMapping::FieldMapping(string arg_name, const TypeTag& arg_type, const TypeTag& arg_subtype, int arg_position)
int arg_position) : name(std::move(arg_name)), type(arg_type), subtype(arg_subtype), position(arg_position) {
: name(arg_name), type(arg_type), subtype(arg_subtype) {
position = arg_position;
secondary_position = -1; secondary_position = -1;
present = true; present = true;
} }

4
src/input/readers/ascii/Ascii.h
View file

@ -23,8 +23,8 @@ struct FieldMapping {
int secondary_position = -1; // for ports: pos of the second field int secondary_position = -1; // for ports: pos of the second field
bool present = false; bool present = false;
FieldMapping(const std::string& arg_name, const TypeTag& arg_type, int arg_position); FieldMapping(std::string arg_name, const TypeTag& arg_type, int arg_position);
FieldMapping(const std::string& arg_name, const TypeTag& arg_type, const TypeTag& arg_subtype, int arg_position); FieldMapping(std::string arg_name, const TypeTag& arg_type, const TypeTag& arg_subtype, int arg_position);
FieldMapping(const FieldMapping& arg); FieldMapping(const FieldMapping& arg);
FieldMapping() = default; FieldMapping() = default;

2
src/input/readers/benchmark/Benchmark.cc
View file

@ -66,7 +66,7 @@ std::string Benchmark::RandomString(const int len) {
double Benchmark::CurrTime() { double Benchmark::CurrTime() {
struct timeval tv; struct timeval tv;
if ( gettimeofday(&tv, 0) != 0 ) { if ( gettimeofday(&tv, nullptr) != 0 ) {
FatalError(Fmt("Could not get time: %d", errno)); FatalError(Fmt("Could not get time: %d", errno));
} }

2
src/input/readers/raw/Plugin.cc
View file

@ -22,6 +22,6 @@ void Plugin::InitPreScript() {}
void Plugin::Done() {} void Plugin::Done() {}
std::unique_lock<std::mutex> Plugin::ForkMutex() { return std::unique_lock<std::mutex>(fork_mutex, std::defer_lock); } std::unique_lock<std::mutex> Plugin::ForkMutex() { return {fork_mutex, std::defer_lock}; }
} // namespace zeek::plugin::detail::Zeek_RawReader } // namespace zeek::plugin::detail::Zeek_RawReader

2
src/input/readers/raw/Raw.cc
View file

@ -368,7 +368,7 @@ bool Raw::DoInit(const ReaderInfo& info, int num_fields, const Field* const* fie
it = info.config.find("offset"); // we want to seek to a given offset inside the file it = info.config.find("offset"); // we want to seek to a given offset inside the file
if ( it != info.config.end() && ! execute && (Info().mode == MODE_STREAM || Info().mode == MODE_MANUAL) ) { if ( it != info.config.end() && ! execute && (Info().mode == MODE_STREAM || Info().mode == MODE_MANUAL) ) {
std::string offset_s = it->second; std::string offset_s = it->second;
offset = strtoll(offset_s.c_str(), 0, 10); offset = strtoll(offset_s.c_str(), nullptr, 10);
} }
else if ( it != info.config.end() ) { else if ( it != info.config.end() ) {
Error( Error(

10
src/input/readers/sqlite/SQLite.cc
View file

@ -40,9 +40,9 @@ void SQLite::DoClose() {
sqlite3_finalize(st); sqlite3_finalize(st);
st = nullptr; st = nullptr;
if ( db != 0 ) { if ( db != nullptr ) {
sqlite3_close(db); sqlite3_close(db);
db = 0; db = nullptr;
} }
} }
@ -88,14 +88,14 @@ bool SQLite::DoInit(const ReaderInfo& info, int arg_num_fields, const threading:
else else
query = it->second; query = it->second;
if ( checkError(sqlite3_open_v2(fullpath.c_str(), &db, SQLITE_OPEN_READWRITE | SQLITE_OPEN_NOMUTEX, NULL)) ) if ( checkError(sqlite3_open_v2(fullpath.c_str(), &db, SQLITE_OPEN_READWRITE | SQLITE_OPEN_NOMUTEX, nullptr)) )
return false; return false;
num_fields = arg_num_fields; num_fields = arg_num_fields;
fields = arg_fields; fields = arg_fields;
// create the prepared select statement that we will re-use forever... // create the prepared select statement that we will re-use forever...
if ( checkError(sqlite3_prepare_v2(db, query.c_str(), query.size() + 1, &st, NULL)) ) { if ( checkError(sqlite3_prepare_v2(db, query.c_str(), query.size() + 1, &st, nullptr)) ) {
return false; return false;
} }
@ -159,7 +159,7 @@ Value* SQLite::EntryToVal(sqlite3_stmt* st, const threading::Field* field, int p
if ( subpos != -1 ) { if ( subpos != -1 ) {
const char* text = (const char*)sqlite3_column_text(st, subpos); const char* text = (const char*)sqlite3_column_text(st, subpos);
if ( text == 0 ) if ( text == nullptr )
Error("Port protocol definition did not contain text"); Error("Port protocol definition did not contain text");
else { else {
std::string s(text, sqlite3_column_bytes(st, subpos)); std::string s(text, sqlite3_column_bytes(st, subpos));

16
src/iosource/Component.cc
View file

@ -23,8 +23,8 @@ PktSrcComponent::PktSrcComponent(const std::string& arg_name, const std::string&
const std::vector<std::string>& PktSrcComponent::Prefixes() const { return prefixes; } const std::vector<std::string>& PktSrcComponent::Prefixes() const { return prefixes; }
bool PktSrcComponent::HandlesPrefix(const std::string& prefix) const { bool PktSrcComponent::HandlesPrefix(const std::string& prefix) const {
for ( std::vector<std::string>::const_iterator i = prefixes.begin(); i != prefixes.end(); i++ ) { for ( const auto& pfx : prefixes ) {
if ( *i == prefix ) if ( pfx == prefix )
return true; return true;
} }
@ -42,11 +42,11 @@ void PktSrcComponent::DoDescribe(ODesc* d) const {
std::string prefs; std::string prefs;
for ( std::vector<std::string>::const_iterator i = prefixes.begin(); i != prefixes.end(); i++ ) { for ( const auto& pfx : prefixes ) {
if ( prefs.size() ) if ( prefs.size() )
prefs += ", "; prefs += ", ";
prefs += '"' + *i + '"'; prefs += '"' + pfx + '"';
} }
d->Add("interface prefix"); d->Add("interface prefix");
@ -80,8 +80,8 @@ PktDumperComponent::factory_callback PktDumperComponent::Factory() const { retur
const std::vector<std::string>& PktDumperComponent::Prefixes() const { return prefixes; } const std::vector<std::string>& PktDumperComponent::Prefixes() const { return prefixes; }
bool PktDumperComponent::HandlesPrefix(const std::string& prefix) const { bool PktDumperComponent::HandlesPrefix(const std::string& prefix) const {
for ( std::vector<std::string>::const_iterator i = prefixes.begin(); i != prefixes.end(); i++ ) { for ( const auto& pfx : prefixes ) {
if ( *i == prefix ) if ( pfx == prefix )
return true; return true;
} }
@ -93,11 +93,11 @@ void PktDumperComponent::DoDescribe(ODesc* d) const {
std::string prefs; std::string prefs;
for ( std::vector<std::string>::const_iterator i = prefixes.begin(); i != prefixes.end(); i++ ) { for ( const auto& pfx : prefixes ) {
if ( prefs.size() ) if ( prefs.size() )
prefs += ", "; prefs += ", ";
prefs += '"' + *i + '"'; prefs += '"' + pfx + '"';
} }
d->Add("dumper prefix"); d->Add("dumper prefix");

20
src/iosource/Manager.cc
View file

@ -64,9 +64,9 @@ Manager::~Manager() {
sources.clear(); sources.clear();
for ( PktDumperList::iterator i = pkt_dumpers.begin(); i != pkt_dumpers.end(); ++i ) { for ( PktDumper* dumper : pkt_dumpers ) {
(*i)->Done(); dumper->Done();
delete *i; delete dumper;
} }
pkt_dumpers.clear(); pkt_dumpers.clear();
@ -189,7 +189,7 @@ void Manager::Poll(ReadySources* ready, double timeout, IOSource* timeout_src) {
struct timespec kqueue_timeout; struct timespec kqueue_timeout;
ConvertTimeout(timeout, kqueue_timeout); ConvertTimeout(timeout, kqueue_timeout);
int ret = kevent(event_queue, NULL, 0, events.data(), events.size(), &kqueue_timeout); int ret = kevent(event_queue, nullptr, 0, events.data(), events.size(), &kqueue_timeout);
if ( ret == -1 ) { if ( ret == -1 ) {
// Ignore interrupts since we may catch one during shutdown and we don't want the // Ignore interrupts since we may catch one during shutdown and we don't want the
// error to get printed. // error to get printed.
@ -249,18 +249,18 @@ bool Manager::RegisterFd(int fd, IOSource* src, int flags) {
if ( (flags & IOSource::READ) != 0 ) { if ( (flags & IOSource::READ) != 0 ) {
if ( fd_map.count(fd) == 0 ) { if ( fd_map.count(fd) == 0 ) {
new_events.push_back({}); new_events.push_back({});
EV_SET(&(new_events.back()), fd, EVFILT_READ, EV_ADD, 0, 0, NULL); EV_SET(&(new_events.back()), fd, EVFILT_READ, EV_ADD, 0, 0, nullptr);
} }
} }
if ( (flags & IOSource::WRITE) != 0 ) { if ( (flags & IOSource::WRITE) != 0 ) {
if ( write_fd_map.count(fd) == 0 ) { if ( write_fd_map.count(fd) == 0 ) {
new_events.push_back({}); new_events.push_back({});
EV_SET(&(new_events.back()), fd, EVFILT_WRITE, EV_ADD, 0, 0, NULL); EV_SET(&(new_events.back()), fd, EVFILT_WRITE, EV_ADD, 0, 0, nullptr);
} }
} }
if ( ! new_events.empty() ) { if ( ! new_events.empty() ) {
int ret = kevent(event_queue, new_events.data(), new_events.size(), NULL, 0, NULL); int ret = kevent(event_queue, new_events.data(), new_events.size(), nullptr, 0, nullptr);
if ( ret != -1 ) { if ( ret != -1 ) {
DBG_LOG(DBG_MAINLOOP, "Registered fd %d from %s", fd, src->Tag()); DBG_LOG(DBG_MAINLOOP, "Registered fd %d from %s", fd, src->Tag());
for ( const auto& a : new_events ) for ( const auto& a : new_events )
@ -289,18 +289,18 @@ bool Manager::UnregisterFd(int fd, IOSource* src, int flags) {
if ( (flags & IOSource::READ) != 0 ) { if ( (flags & IOSource::READ) != 0 ) {
if ( fd_map.count(fd) != 0 ) { if ( fd_map.count(fd) != 0 ) {
new_events.push_back({}); new_events.push_back({});
EV_SET(&(new_events.back()), fd, EVFILT_READ, EV_DELETE, 0, 0, NULL); EV_SET(&(new_events.back()), fd, EVFILT_READ, EV_DELETE, 0, 0, nullptr);
} }
} }
if ( (flags & IOSource::WRITE) != 0 ) { if ( (flags & IOSource::WRITE) != 0 ) {
if ( write_fd_map.count(fd) != 0 ) { if ( write_fd_map.count(fd) != 0 ) {
new_events.push_back({}); new_events.push_back({});
EV_SET(&(new_events.back()), fd, EVFILT_WRITE, EV_DELETE, 0, 0, NULL); EV_SET(&(new_events.back()), fd, EVFILT_WRITE, EV_DELETE, 0, 0, nullptr);
} }
} }
if ( ! new_events.empty() ) { if ( ! new_events.empty() ) {
int ret = kevent(event_queue, new_events.data(), new_events.size(), NULL, 0, NULL); int ret = kevent(event_queue, new_events.data(), new_events.size(), nullptr, 0, nullptr);
if ( ret != -1 ) { if ( ret != -1 ) {
DBG_LOG(DBG_MAINLOOP, "Unregistered fd %d from %s", fd, src->Tag()); DBG_LOG(DBG_MAINLOOP, "Unregistered fd %d from %s", fd, src->Tag());
for ( const auto& a : new_events ) for ( const auto& a : new_events )

78
src/logging/Manager.cc
View file

@ -64,7 +64,7 @@ using DelayInfoPtr = std::shared_ptr<DelayInfo>;
class LogDelayTokenVal : public OpaqueVal { class LogDelayTokenVal : public OpaqueVal {
public: public:
explicit LogDelayTokenVal(DelayTokenType token) : OpaqueVal(zeek::detail::log_delay_token_type), token(token) {} explicit LogDelayTokenVal(DelayTokenType token) : OpaqueVal(zeek::detail::log_delay_token_type), token(token) {}
virtual ~LogDelayTokenVal() = default; ~LogDelayTokenVal() override {};
ValPtr DoClone(CloneState* state) override; ValPtr DoClone(CloneState* state) override;
@ -108,8 +108,8 @@ class DelayInfo {
public: public:
static const DelayInfoPtr nil; static const DelayInfoPtr nil;
explicit DelayInfo(const WriteContext& ctx, const zeek::ValPtr token_val, double expire_time) explicit DelayInfo(WriteContext ctx, const zeek::ValPtr token_val, double expire_time)
: ctx(ctx), token_val(token_val), expire_time(expire_time) {} : ctx(std::move(ctx)), token_val(token_val), expire_time(expire_time) {}
// No copy or assignment of DelayInfo itself, should // No copy or assignment of DelayInfo itself, should
// always be managed through a shared pointer. // always be managed through a shared pointer.
@ -351,9 +351,7 @@ Manager::Filter::~Filter() {
Manager::Stream::~Stream() { Manager::Stream::~Stream() {
Unref(columns); Unref(columns);
for ( WriterMap::iterator i = writers.begin(); i != writers.end(); i++ ) { for ( auto& [_, winfo] : writers ) {
WriterInfo* winfo = i->second;
if ( winfo->rotation_timer ) if ( winfo->rotation_timer )
zeek::detail::timer_mgr->Cancel(winfo->rotation_timer); zeek::detail::timer_mgr->Cancel(winfo->rotation_timer);
@ -363,8 +361,8 @@ Manager::Stream::~Stream() {
delete winfo; delete winfo;
} }
for ( list<Filter*>::iterator f = filters.begin(); f != filters.end(); ++f ) for ( Filter* f : filters )
delete *f; delete f;
if ( delay_timer ) if ( delay_timer )
zeek::detail::timer_mgr->Cancel(delay_timer); zeek::detail::timer_mgr->Cancel(delay_timer);
@ -491,8 +489,8 @@ Manager::Manager()
} }
Manager::~Manager() { Manager::~Manager() {
for ( vector<Stream*>::iterator s = streams.begin(); s != streams.end(); ++s ) for ( Stream* s : streams )
delete *s; delete s;
} }
void Manager::InitPostScript() { void Manager::InitPostScript() {
@ -524,13 +522,11 @@ Manager::Stream* Manager::FindStream(EnumVal* id) {
} }
Manager::WriterInfo* Manager::FindWriter(WriterFrontend* writer) { Manager::WriterInfo* Manager::FindWriter(WriterFrontend* writer) {
for ( vector<Stream*>::iterator s = streams.begin(); s != streams.end(); ++s ) { for ( Stream* s : streams ) {
if ( ! *s ) if ( ! s )
continue; continue;
for ( Stream::WriterMap::iterator i = (*s)->writers.begin(); i != (*s)->writers.end(); i++ ) { for ( const auto& [_, winfo] : s->writers ) {
WriterInfo* winfo = i->second;
if ( winfo->writer == writer ) if ( winfo->writer == writer )
return winfo; return winfo;
} }
@ -563,16 +559,16 @@ bool Manager::CheckFilterWriterConflict(const WriterInfo* winfo, const Filter* f
void Manager::RemoveDisabledWriters(Stream* stream) { void Manager::RemoveDisabledWriters(Stream* stream) {
list<Stream::WriterPathPair> disabled; list<Stream::WriterPathPair> disabled;
for ( Stream::WriterMap::iterator j = stream->writers.begin(); j != stream->writers.end(); j++ ) { for ( const auto& [index, winfo] : stream->writers ) {
if ( j->second->writer->Disabled() ) { if ( winfo->writer->Disabled() ) {
j->second->writer->Stop(); winfo->writer->Stop();
delete j->second; delete winfo;
disabled.push_back(j->first); disabled.push_back(index);
} }
} }
for ( list<Stream::WriterPathPair>::iterator j = disabled.begin(); j != disabled.end(); j++ ) for ( const auto& index : disabled )
stream->writers.erase(*j); stream->writers.erase(index);
} }
bool Manager::CreateStream(EnumVal* id, RecordVal* sval) { bool Manager::CreateStream(EnumVal* id, RecordVal* sval) {
@ -681,9 +677,7 @@ bool Manager::RemoveStream(unsigned int idx) {
if ( ! stream ) if ( ! stream )
return false; return false;
for ( Stream::WriterMap::iterator i = stream->writers.begin(); i != stream->writers.end(); i++ ) { for ( const auto& [_, winfo] : stream->writers ) {
WriterInfo* winfo = i->second;
DBG_LOG(DBG_LOGGING, "Removed writer '%s' from stream '%s'", winfo->writer->Name(), stream->name.c_str()); DBG_LOG(DBG_LOGGING, "Removed writer '%s' from stream '%s'", winfo->writer->Name(), stream->name.c_str());
winfo->writer->Stop(); winfo->writer->Stop();
@ -1550,9 +1544,9 @@ detail::LogRecord Manager::RecordToLogRecord(const Stream* stream, Filter* filte
// potentially be nested inside other records. // potentially be nested inside other records.
list<int>& indices = filter->indices[i]; list<int>& indices = filter->indices[i];
for ( list<int>::iterator j = indices.begin(); j != indices.end(); ++j ) { for ( int index : indices ) {
auto vr = val->AsRecord(); auto vr = val->AsRecord();
val = vr->RawOptField(*j); val = vr->RawOptField(index);
if ( ! val ) { if ( ! val ) {
// Value, or any of its parents, is not set. // Value, or any of its parents, is not set.
@ -1560,7 +1554,7 @@ detail::LogRecord Manager::RecordToLogRecord(const Stream* stream, Filter* filte
break; break;
} }
vt = cast_intrusive<RecordType>(vr->GetType())->GetFieldType(*j).get(); vt = cast_intrusive<RecordType>(vr->GetType())->GetFieldType(index).get();
} }
if ( val ) if ( val )
@ -1856,21 +1850,19 @@ bool Manager::WriteFromRemote(EnumVal* id, EnumVal* writer, const string& path,
void Manager::SendAllWritersTo(const broker::endpoint_info& ei) { void Manager::SendAllWritersTo(const broker::endpoint_info& ei) {
auto et = id::find_type("Log::Writer")->AsEnumType(); auto et = id::find_type("Log::Writer")->AsEnumType();
for ( vector<Stream*>::iterator s = streams.begin(); s != streams.end(); ++s ) { for ( Stream* stream : streams ) {
Stream* stream = (*s);
if ( ! (stream && stream->enable_remote) ) if ( ! (stream && stream->enable_remote) )
continue; continue;
for ( Stream::WriterMap::iterator i = stream->writers.begin(); i != stream->writers.end(); i++ ) { for ( const auto& [index, winfo] : stream->writers ) {
WriterFrontend* writer = i->second->writer; WriterFrontend* writer = winfo->writer;
const auto& writer_val = et->GetEnumVal(i->first.first); const auto& writer_val = et->GetEnumVal(index.first);
std::vector<const threading::Field*> fields(writer->GetFields().size()); std::vector<const threading::Field*> fields(writer->GetFields().size());
for ( size_t i = 0; i < writer->GetFields().size(); i++ ) for ( size_t i = 0; i < writer->GetFields().size(); i++ )
fields[i] = &writer->GetFields()[i]; fields[i] = &writer->GetFields()[i];
broker_mgr->PublishLogCreate((*s)->id, writer_val.get(), *i->second->info, fields.size(), fields.data(), broker_mgr->PublishLogCreate(stream->id, writer_val.get(), *(winfo->info), fields.size(), fields.data(),
ei); ei);
} }
} }
@ -1881,8 +1873,8 @@ bool Manager::SetBuf(EnumVal* id, bool enabled) {
if ( ! stream ) if ( ! stream )
return false; return false;
for ( Stream::WriterMap::iterator i = stream->writers.begin(); i != stream->writers.end(); i++ ) for ( const auto& [_, winfo] : stream->writers )
i->second->writer->SetBuf(enabled); winfo->writer->SetBuf(enabled);
RemoveDisabledWriters(stream); RemoveDisabledWriters(stream);
@ -1897,8 +1889,8 @@ bool Manager::Flush(EnumVal* id) {
if ( ! stream->enabled ) if ( ! stream->enabled )
return true; return true;
for ( Stream::WriterMap::iterator i = stream->writers.begin(); i != stream->writers.end(); i++ ) for ( const auto& [_, winfo] : stream->writers )
i->second->writer->Flush(run_state::network_time); winfo->writer->Flush(run_state::network_time);
RemoveDisabledWriters(stream); RemoveDisabledWriters(stream);
@ -1906,12 +1898,12 @@ bool Manager::Flush(EnumVal* id) {
} }
void Manager::Terminate() { void Manager::Terminate() {
for ( vector<Stream*>::iterator s = streams.begin(); s != streams.end(); ++s ) { for ( Stream* s : streams ) {
if ( ! *s ) if ( ! s )
continue; continue;
for ( Stream::WriterMap::iterator i = (*s)->writers.begin(); i != (*s)->writers.end(); i++ ) for ( const auto& [_, winfo] : s->writers )
i->second->writer->Stop(); winfo->writer->Stop();
} }
} }

15
src/logging/WriterBackend.cc
View file

@ -61,8 +61,8 @@ public:
broker::data WriterBackend::WriterInfo::ToBroker() const { broker::data WriterBackend::WriterInfo::ToBroker() const {
auto t = broker::table(); auto t = broker::table();
for ( config_map::const_iterator i = config.begin(); i != config.end(); ++i ) { for ( const auto& [key, value] : config ) {
t.emplace(std::string{i->first}, std::string{i->second}); t.emplace(std::string{key}, std::string{value});
} }
auto bppf = post_proc_func ? post_proc_func : ""; auto bppf = post_proc_func ? post_proc_func : "";
@ -185,12 +185,12 @@ bool WriterBackend::Write(int arg_num_fields, zeek::Span<detail::LogRecord> reco
} }
// Double-check all the types match. // Double-check all the types match.
for ( size_t j = 0; j < records.size(); j++ ) { for ( const auto& record : records ) {
for ( int i = 0; i < num_fields; ++i ) { for ( int i = 0; i < num_fields; ++i ) {
if ( records[j][i].type != fields[i]->type ) { if ( record[i].type != fields[i]->type ) {
#ifdef DEBUG #ifdef DEBUG
const char* msg = Fmt("Field #%d type doesn't match in WriterBackend::Write() (%d vs. %d)", i, const char* msg = Fmt("Field #%d type doesn't match in WriterBackend::Write() (%d vs. %d)", i,
records[j][i].type, fields[i]->type); record[i].type, fields[i]->type);
Debug(DBG_LOGGING, msg); Debug(DBG_LOGGING, msg);
#endif #endif
DisableFrontend(); DisableFrontend();
@ -212,10 +212,9 @@ bool WriterBackend::Write(int arg_num_fields, zeek::Span<detail::LogRecord> reco
std::vector<Value*> valps; std::vector<Value*> valps;
valps.reserve(num_fields); valps.reserve(num_fields);
for ( size_t j = 0; j < records.size(); j++ ) { for ( auto& record : records ) {
auto& write_vals = records[j];
for ( int f = 0; f < num_fields; f++ ) for ( int f = 0; f < num_fields; f++ )
valps.emplace_back(&write_vals[f]); valps.emplace_back(&record[f]);
success = DoWrite(num_fields, fields, &valps[0]); success = DoWrite(num_fields, fields, &valps[0]);

64
src/logging/writers/ascii/Ascii.cc
View file

@ -255,11 +255,11 @@ bool Ascii::InitFilterOptions() {
const WriterInfo& info = Info(); const WriterInfo& info = Info();
// Set per-filter configuration options. // Set per-filter configuration options.
for ( WriterInfo::config_map::const_iterator i = info.config.begin(); i != info.config.end(); ++i ) { for ( const auto& [key, value] : info.config ) {
if ( strcmp(i->first, "tsv") == 0 ) { if ( strcmp(key, "tsv") == 0 ) {
if ( strcmp(i->second, "T") == 0 ) if ( strcmp(value, "T") == 0 )
tsv = true; tsv = true;
else if ( strcmp(i->second, "F") == 0 ) else if ( strcmp(value, "F") == 0 )
tsv = false; tsv = false;
else { else {
Error("invalid value for 'tsv', must be a string and either \"T\" or \"F\""); Error("invalid value for 'tsv', must be a string and either \"T\" or \"F\"");
@ -267,18 +267,18 @@ bool Ascii::InitFilterOptions() {
} }
} }
else if ( strcmp(i->first, "gzip_level") == 0 ) { else if ( strcmp(key, "gzip_level") == 0 ) {
gzip_level = atoi(i->second); gzip_level = atoi(value);
if ( gzip_level < 0 || gzip_level > 9 ) { if ( gzip_level < 0 || gzip_level > 9 ) {
Error("invalid value for 'gzip_level', must be a number between 0 and 9."); Error("invalid value for 'gzip_level', must be a number between 0 and 9.");
return false; return false;
} }
} }
else if ( strcmp(i->first, "use_json") == 0 ) { else if ( strcmp(key, "use_json") == 0 ) {
if ( strcmp(i->second, "T") == 0 ) if ( strcmp(value, "T") == 0 )
use_json = true; use_json = true;
else if ( strcmp(i->second, "F") == 0 ) else if ( strcmp(value, "F") == 0 )
use_json = false; use_json = false;
else { else {
Error("invalid value for 'use_json', must be a string and either \"T\" or \"F\""); Error("invalid value for 'use_json', must be a string and either \"T\" or \"F\"");
@ -286,10 +286,10 @@ bool Ascii::InitFilterOptions() {
} }
} }
else if ( strcmp(i->first, "enable_utf_8") == 0 ) { else if ( strcmp(key, "enable_utf_8") == 0 ) {
if ( strcmp(i->second, "T") == 0 ) if ( strcmp(value, "T") == 0 )
enable_utf_8 = true; enable_utf_8 = true;
else if ( strcmp(i->second, "F") == 0 ) else if ( strcmp(value, "F") == 0 )
enable_utf_8 = false; enable_utf_8 = false;
else { else {
Error("invalid value for 'enable_utf_8', must be a string and either \"T\" or \"F\""); Error("invalid value for 'enable_utf_8', must be a string and either \"T\" or \"F\"");
@ -297,10 +297,10 @@ bool Ascii::InitFilterOptions() {
} }
} }
else if ( strcmp(i->first, "output_to_stdout") == 0 ) { else if ( strcmp(key, "output_to_stdout") == 0 ) {
if ( strcmp(i->second, "T") == 0 ) if ( strcmp(value, "T") == 0 )
output_to_stdout = true; output_to_stdout = true;
else if ( strcmp(i->second, "F") == 0 ) else if ( strcmp(value, "F") == 0 )
output_to_stdout = false; output_to_stdout = false;
else { else {
Error( Error(
@ -310,28 +310,28 @@ bool Ascii::InitFilterOptions() {
} }
} }
else if ( strcmp(i->first, "separator") == 0 ) else if ( strcmp(key, "separator") == 0 )
separator.assign(i->second); separator.assign(value);
else if ( strcmp(i->first, "set_separator") == 0 ) else if ( strcmp(key, "set_separator") == 0 )
set_separator.assign(i->second); set_separator.assign(value);
else if ( strcmp(i->first, "empty_field") == 0 ) else if ( strcmp(key, "empty_field") == 0 )
empty_field.assign(i->second); empty_field.assign(value);
else if ( strcmp(i->first, "unset_field") == 0 ) else if ( strcmp(key, "unset_field") == 0 )
unset_field.assign(i->second); unset_field.assign(value);
else if ( strcmp(i->first, "meta_prefix") == 0 ) else if ( strcmp(key, "meta_prefix") == 0 )
meta_prefix.assign(i->second); meta_prefix.assign(value);
else if ( strcmp(i->first, "json_timestamps") == 0 ) else if ( strcmp(key, "json_timestamps") == 0 )
json_timestamps.assign(i->second); json_timestamps.assign(value);
else if ( strcmp(i->first, "json_include_unset_fields") == 0 ) { else if ( strcmp(key, "json_include_unset_fields") == 0 ) {
if ( strcmp(i->second, "T") == 0 ) if ( strcmp(value, "T") == 0 )
json_include_unset_fields = true; json_include_unset_fields = true;
else if ( strcmp(i->second, "F") == 0 ) else if ( strcmp(value, "F") == 0 )
json_include_unset_fields = false; json_include_unset_fields = false;
else { else {
Error( Error(
@ -341,8 +341,8 @@ bool Ascii::InitFilterOptions() {
} }
} }
else if ( strcmp(i->first, "gzip_file_extension") == 0 ) else if ( strcmp(key, "gzip_file_extension") == 0 )
gzip_file_extension.assign(i->second); gzip_file_extension.assign(value);
} }
if ( ! InitFormatter() ) if ( ! InitFormatter() )

8
src/logging/writers/none/None.cc
View file

@ -20,13 +20,13 @@ bool None::DoInit(const WriterInfo& info, int num_fields, const threading::Field
std::vector<std::pair<std::string, std::string>> keys; std::vector<std::pair<std::string, std::string>> keys;
for ( WriterInfo::config_map::const_iterator i = info.config.begin(); i != info.config.end(); i++ ) for ( const auto& [key, value] : info.config )
keys.emplace_back(i->first, i->second); keys.emplace_back(key, value);
std::sort(keys.begin(), keys.end()); std::sort(keys.begin(), keys.end());
for ( std::vector<std::pair<std::string, std::string>>::const_iterator i = keys.begin(); i != keys.end(); i++ ) for ( const auto& [key, value] : keys )
std::cout << " config[" << (*i).first << "] = " << (*i).second << "\n"; std::cout << " config[" << key << "] = " << value << "\n";
for ( int i = 0; i < num_fields; i++ ) { for ( int i = 0; i < num_fields; i++ ) {
const threading::Field* field = fields[i]; const threading::Field* field = fields[i];

34
src/logging/writers/sqlite/SQLite.cc
View file

@ -32,12 +32,12 @@ SQLite::SQLite(WriterFrontend* frontend) : WriterBackend(frontend), fields(), nu
} }
SQLite::~SQLite() { SQLite::~SQLite() {
if ( db != 0 ) { if ( db != nullptr ) {
sqlite3_finalize(st); sqlite3_finalize(st);
if ( ! sqlite3_close(db) ) if ( ! sqlite3_close(db) )
Error("Sqlite could not close connection"); Error("Sqlite could not close connection");
db = 0; db = nullptr;
} }
delete io; delete io;
@ -126,7 +126,7 @@ bool SQLite::DoInit(const WriterInfo& info, int arg_num_fields, const Field* con
tablename = it->second; tablename = it->second;
if ( checkError(sqlite3_open_v2(fullpath.string().c_str(), &db, if ( checkError(sqlite3_open_v2(fullpath.string().c_str(), &db,
SQLITE_OPEN_READWRITE | SQLITE_OPEN_CREATE | SQLITE_OPEN_NOMUTEX, NULL)) ) SQLITE_OPEN_READWRITE | SQLITE_OPEN_CREATE | SQLITE_OPEN_NOMUTEX, nullptr)) )
return false; return false;
char* errorMsg = nullptr; char* errorMsg = nullptr;
@ -134,16 +134,16 @@ bool SQLite::DoInit(const WriterInfo& info, int arg_num_fields, const Field* con
switch ( synchronous ) { switch ( synchronous ) {
case BifEnum::LogSQLite::SQLiteSynchronous::SQLITE_SYNCHRONOUS_DEFAULT: res = SQLITE_OK; break; case BifEnum::LogSQLite::SQLiteSynchronous::SQLITE_SYNCHRONOUS_DEFAULT: res = SQLITE_OK; break;
case BifEnum::LogSQLite::SQLiteSynchronous::SQLITE_SYNCHRONOUS_OFF: case BifEnum::LogSQLite::SQLiteSynchronous::SQLITE_SYNCHRONOUS_OFF:
res = sqlite3_exec(db, "PRAGMA synchronous=OFF;", NULL, NULL, &errorMsg); res = sqlite3_exec(db, "PRAGMA synchronous=OFF;", nullptr, nullptr, &errorMsg);
break; break;
case BifEnum::LogSQLite::SQLiteSynchronous::SQLITE_SYNCHRONOUS_NORMAL: case BifEnum::LogSQLite::SQLiteSynchronous::SQLITE_SYNCHRONOUS_NORMAL:
res = sqlite3_exec(db, "PRAGMA synchronous=NORMAL;", NULL, NULL, &errorMsg); res = sqlite3_exec(db, "PRAGMA synchronous=NORMAL;", nullptr, nullptr, &errorMsg);
break; break;
case BifEnum::LogSQLite::SQLiteSynchronous::SQLITE_SYNCHRONOUS_FULL: case BifEnum::LogSQLite::SQLiteSynchronous::SQLITE_SYNCHRONOUS_FULL:
res = sqlite3_exec(db, "PRAGMA synchronous=FULL;", NULL, NULL, &errorMsg); res = sqlite3_exec(db, "PRAGMA synchronous=FULL;", nullptr, nullptr, &errorMsg);
break; break;
case BifEnum::LogSQLite::SQLiteSynchronous::SQLITE_SYNCHRONOUS_EXTRA: case BifEnum::LogSQLite::SQLiteSynchronous::SQLITE_SYNCHRONOUS_EXTRA:
res = sqlite3_exec(db, "PRAGMA synchronous=EXTRA;", NULL, NULL, &errorMsg); res = sqlite3_exec(db, "PRAGMA synchronous=EXTRA;", nullptr, nullptr, &errorMsg);
break; break;
default: Error("Invalid LogSQLite::synchronous enum"); return false; default: Error("Invalid LogSQLite::synchronous enum"); return false;
} }
@ -157,22 +157,22 @@ bool SQLite::DoInit(const WriterInfo& info, int arg_num_fields, const Field* con
switch ( journal_mode ) { switch ( journal_mode ) {
case BifEnum::LogSQLite::SQLiteJournalMode::SQLITE_JOURNAL_MODE_DEFAULT: res = SQLITE_OK; break; case BifEnum::LogSQLite::SQLiteJournalMode::SQLITE_JOURNAL_MODE_DEFAULT: res = SQLITE_OK; break;
case BifEnum::LogSQLite::SQLiteJournalMode::SQLITE_JOURNAL_MODE_DELETE: case BifEnum::LogSQLite::SQLiteJournalMode::SQLITE_JOURNAL_MODE_DELETE:
res = sqlite3_exec(db, "PRAGMA journal_mode=DELETE;", NULL, NULL, &errorMsg); res = sqlite3_exec(db, "PRAGMA journal_mode=DELETE;", nullptr, nullptr, &errorMsg);
break; break;
case BifEnum::LogSQLite::SQLiteJournalMode::SQLITE_JOURNAL_MODE_TRUNCATE: case BifEnum::LogSQLite::SQLiteJournalMode::SQLITE_JOURNAL_MODE_TRUNCATE:
res = sqlite3_exec(db, "PRAGMA journal_mode=TRUNCATE;", NULL, NULL, &errorMsg); res = sqlite3_exec(db, "PRAGMA journal_mode=TRUNCATE;", nullptr, nullptr, &errorMsg);
break; break;
case BifEnum::LogSQLite::SQLiteJournalMode::SQLITE_JOURNAL_MODE_PERSIST: case BifEnum::LogSQLite::SQLiteJournalMode::SQLITE_JOURNAL_MODE_PERSIST:
res = sqlite3_exec(db, "PRAGMA journal_mode=PERSIST;", NULL, NULL, &errorMsg); res = sqlite3_exec(db, "PRAGMA journal_mode=PERSIST;", nullptr, nullptr, &errorMsg);
break; break;
case BifEnum::LogSQLite::SQLiteJournalMode::SQLITE_JOURNAL_MODE_MEMORY: case BifEnum::LogSQLite::SQLiteJournalMode::SQLITE_JOURNAL_MODE_MEMORY:
res = sqlite3_exec(db, "PRAGMA journal_mode=MEMORY;", NULL, NULL, &errorMsg); res = sqlite3_exec(db, "PRAGMA journal_mode=MEMORY;", nullptr, nullptr, &errorMsg);
break; break;
case BifEnum::LogSQLite::SQLiteJournalMode::SQLITE_JOURNAL_MODE_WAL: case BifEnum::LogSQLite::SQLiteJournalMode::SQLITE_JOURNAL_MODE_WAL:
res = sqlite3_exec(db, "PRAGMA journal_mode=WAL;", NULL, NULL, &errorMsg); res = sqlite3_exec(db, "PRAGMA journal_mode=WAL;", nullptr, nullptr, &errorMsg);
break; break;
case BifEnum::LogSQLite::SQLiteJournalMode::SQLITE_JOURNAL_MODE_OFF: case BifEnum::LogSQLite::SQLiteJournalMode::SQLITE_JOURNAL_MODE_OFF:
res = sqlite3_exec(db, "PRAGMA journal_mode=OFF;", NULL, NULL, &errorMsg); res = sqlite3_exec(db, "PRAGMA journal_mode=OFF;", nullptr, nullptr, &errorMsg);
break; break;
default: Error("Invalid LogSQLite::journal_mode enum"); return false; default: Error("Invalid LogSQLite::journal_mode enum"); return false;
} }
@ -194,7 +194,7 @@ bool SQLite::DoInit(const WriterInfo& info, int arg_num_fields, const Field* con
// sadly sqlite3 has no other method for escaping stuff. That I know of. // sadly sqlite3 has no other method for escaping stuff. That I know of.
char* fieldname = sqlite3_mprintf("%Q", fields[i]->name); char* fieldname = sqlite3_mprintf("%Q", fields[i]->name);
if ( fieldname == 0 ) { if ( fieldname == nullptr ) {
InternalError("Could not malloc memory"); InternalError("Could not malloc memory");
return false; return false;
} }
@ -219,7 +219,7 @@ bool SQLite::DoInit(const WriterInfo& info, int arg_num_fields, const Field* con
create += "\n);"; create += "\n);";
errorMsg = nullptr; errorMsg = nullptr;
res = sqlite3_exec(db, create.c_str(), NULL, NULL, &errorMsg); res = sqlite3_exec(db, create.c_str(), nullptr, nullptr, &errorMsg);
if ( res != SQLITE_OK ) { if ( res != SQLITE_OK ) {
Error(Fmt("Error executing table creation statement: %s", errorMsg)); Error(Fmt("Error executing table creation statement: %s", errorMsg));
sqlite3_free(errorMsg); sqlite3_free(errorMsg);
@ -243,7 +243,7 @@ bool SQLite::DoInit(const WriterInfo& info, int arg_num_fields, const Field* con
insert += "?"; insert += "?";
char* fieldname = sqlite3_mprintf("%Q", fields[i]->name); char* fieldname = sqlite3_mprintf("%Q", fields[i]->name);
if ( fieldname == 0 ) { if ( fieldname == nullptr ) {
InternalError("Could not malloc memory"); InternalError("Could not malloc memory");
return false; return false;
} }
@ -257,7 +257,7 @@ bool SQLite::DoInit(const WriterInfo& info, int arg_num_fields, const Field* con
insert = names + insert; insert = names + insert;
if ( checkError(sqlite3_prepare_v2(db, insert.c_str(), insert.size() + 1, &st, NULL)) ) if ( checkError(sqlite3_prepare_v2(db, insert.c_str(), insert.size() + 1, &st, nullptr)) )
return false; return false;
return true; return true;

36
src/packet_analysis/protocol/gtpv1/gtpv1-analyzer.pac
View file

@ -244,10 +244,8 @@ void CreatePDP_Request(const ZeekPacketAnalyzer& a, zeek::Connection* c, const G
bool second_nsapi = false; bool second_nsapi = false;
bool second_gsn_addr = false; bool second_gsn_addr = false;
for ( size_t i = 0; i < v->size(); ++i ) for ( InformationElement* ie : *v )
{ {
const InformationElement* ie = (*v)[i];
switch ( ie->type() ) { switch ( ie->type() ) {
case GTPv1::TYPE_IMSI: case GTPv1::TYPE_IMSI:
rv->Assign(0, BuildIMSI(ie)); rv->Assign(0, BuildIMSI(ie));
@ -322,7 +320,7 @@ void CreatePDP_Request(const ZeekPacketAnalyzer& a, zeek::Connection* c, const G
rv->Assign(21, BuildPrivateExt(ie)); rv->Assign(21, BuildPrivateExt(ie));
break; break;
default: default:
a->Weird("gtp_invalid_info_element", nullptr, zeek::util::fmt("%d", (*v)[i]->type())); a->Weird("gtp_invalid_info_element", nullptr, zeek::util::fmt("%d", ie->type()));
break; break;
} }
} }
@ -342,10 +340,8 @@ void CreatePDP_Response(const ZeekPacketAnalyzer& a, zeek::Connection* c, const
bool second_gsn_addr = false; bool second_gsn_addr = false;
for ( size_t i = 0; i < v->size(); ++i ) for ( InformationElement* ie : *v )
{ {
const InformationElement* ie = (*v)[i];
switch ( ie->type() ) { switch ( ie->type() ) {
case GTPv1::TYPE_CAUSE: case GTPv1::TYPE_CAUSE:
rv->Assign(0, BuildCause(ie)); rv->Assign(0, BuildCause(ie));
@ -390,7 +386,7 @@ void CreatePDP_Response(const ZeekPacketAnalyzer& a, zeek::Connection* c, const
rv->Assign(12, BuildPrivateExt(ie)); rv->Assign(12, BuildPrivateExt(ie));
break; break;
default: default:
a->Weird("gtp_invalid_info_element", nullptr, zeek::util::fmt("%d", (*v)[i]->type())); a->Weird("gtp_invalid_info_element", nullptr, zeek::util::fmt("%d", ie->type()));
break; break;
} }
} }
@ -410,10 +406,8 @@ void UpdatePDP_Request(const ZeekPacketAnalyzer& a, zeek::Connection* c, const G
bool second_gsn_addr = false; bool second_gsn_addr = false;
for ( size_t i = 0; i < v->size(); ++i ) for ( InformationElement* ie : *v )
{ {
const InformationElement* ie = (*v)[i];
switch ( ie->type() ) { switch ( ie->type() ) {
case GTPv1::TYPE_IMSI: case GTPv1::TYPE_IMSI:
rv->Assign(0, BuildIMSI(ie)); rv->Assign(0, BuildIMSI(ie));
@ -467,7 +461,7 @@ void UpdatePDP_Request(const ZeekPacketAnalyzer& a, zeek::Connection* c, const G
rv->Assign(15, BuildEndUserAddr(ie)); rv->Assign(15, BuildEndUserAddr(ie));
break; break;
default: default:
a->Weird("gtp_invalid_info_element", nullptr, zeek::util::fmt("%d", (*v)[i]->type())); a->Weird("gtp_invalid_info_element", nullptr, zeek::util::fmt("%d", ie->type()));
break; break;
} }
} }
@ -487,10 +481,8 @@ void UpdatePDP_Response(const ZeekPacketAnalyzer& a, zeek::Connection* c, const
bool second_gsn_addr = false; bool second_gsn_addr = false;
for ( size_t i = 0; i < v->size(); ++i ) for ( InformationElement* ie : *v )
{ {
const InformationElement* ie = (*v)[i];
switch ( ie->type() ) { switch ( ie->type() ) {
case GTPv1::TYPE_CAUSE: case GTPv1::TYPE_CAUSE:
rv->Assign(0, BuildCause(ie)); rv->Assign(0, BuildCause(ie));
@ -526,7 +518,7 @@ void UpdatePDP_Response(const ZeekPacketAnalyzer& a, zeek::Connection* c, const
rv->Assign(9, BuildPrivateExt(ie)); rv->Assign(9, BuildPrivateExt(ie));
break; break;
default: default:
a->Weird("gtp_invalid_info_element", nullptr, zeek::util::fmt("%d", (*v)[i]->type())); a->Weird("gtp_invalid_info_element", nullptr, zeek::util::fmt("%d", ie->type()));
break; break;
} }
} }
@ -544,10 +536,8 @@ void DeletePDP_Request(const ZeekPacketAnalyzer& a, zeek::Connection* c, const G
const vector<InformationElement *> * v = pdu->delete_pdp_ctx_request(); const vector<InformationElement *> * v = pdu->delete_pdp_ctx_request();
for ( size_t i = 0; i < v->size(); ++i ) for ( InformationElement* ie : *v )
{ {
const InformationElement* ie = (*v)[i];
switch ( ie->type() ) { switch ( ie->type() ) {
case GTPv1::TYPE_TEARDOWN_IND: case GTPv1::TYPE_TEARDOWN_IND:
rv->Assign(0, BuildTeardownInd(ie)); rv->Assign(0, BuildTeardownInd(ie));
@ -559,7 +549,7 @@ void DeletePDP_Request(const ZeekPacketAnalyzer& a, zeek::Connection* c, const G
rv->Assign(2, BuildPrivateExt(ie)); rv->Assign(2, BuildPrivateExt(ie));
break; break;
default: default:
a->Weird("gtp_invalid_info_element", nullptr, zeek::util::fmt("%d", (*v)[i]->type())); a->Weird("gtp_invalid_info_element", nullptr, zeek::util::fmt("%d", ie->type()));
break; break;
} }
} }
@ -577,10 +567,8 @@ void DeletePDP_Response(const ZeekPacketAnalyzer& a, zeek::Connection* c, const
const vector<InformationElement *> * v = pdu->delete_pdp_ctx_response(); const vector<InformationElement *> * v = pdu->delete_pdp_ctx_response();
for ( size_t i = 0; i < v->size(); ++i ) for ( InformationElement* ie : *v )
{ {
const InformationElement* ie = (*v)[i];
switch ( ie->type() ) { switch ( ie->type() ) {
case GTPv1::TYPE_CAUSE: case GTPv1::TYPE_CAUSE:
rv->Assign(0, BuildCause(ie)); rv->Assign(0, BuildCause(ie));
@ -589,7 +577,7 @@ void DeletePDP_Response(const ZeekPacketAnalyzer& a, zeek::Connection* c, const
rv->Assign(1, BuildPrivateExt(ie)); rv->Assign(1, BuildPrivateExt(ie));
break; break;
default: default:
a->Weird("gtp_invalid_info_element", nullptr, zeek::util::fmt("%d", (*v)[i]->type())); a->Weird("gtp_invalid_info_element", nullptr, zeek::util::fmt("%d", ie->type()));
break; break;
} }
} }

2
src/packet_analysis/protocol/tcp/Stats.cc
View file

@ -7,7 +7,7 @@
namespace zeek::packet_analysis::TCP { namespace zeek::packet_analysis::TCP {
TCPStateStats::TCPStateStats() { TCPStateStats::TCPStateStats() {
for ( int i = 0; i < analyzer::tcp::TCP_ENDPOINT_RESET + 1; ++i ) for ( int i = 0; i < analyzer::tcp::TCP_ENDPOINT_RESET + 1; ++i ) // NOLINT
for ( int j = 0; j < analyzer::tcp::TCP_ENDPOINT_RESET + 1; ++j ) for ( int j = 0; j < analyzer::tcp::TCP_ENDPOINT_RESET + 1; ++j )
state_cnt[i][j] = 0; state_cnt[i][j] = 0;
} }

48
src/packet_analysis/protocol/tcp/TCPSessionAdapter.cc
View file

@ -43,8 +43,8 @@ TCPSessionAdapter::TCPSessionAdapter(Connection* conn) : packet_analysis::IP::Se
} }
TCPSessionAdapter::~TCPSessionAdapter() { TCPSessionAdapter::~TCPSessionAdapter() {
LOOP_OVER_GIVEN_CHILDREN(i, packet_children) for ( Analyzer* a : packet_children )
delete *i; delete a;
delete orig; delete orig;
delete resp; delete resp;
@ -52,8 +52,8 @@ TCPSessionAdapter::~TCPSessionAdapter() {
void TCPSessionAdapter::Init() { void TCPSessionAdapter::Init() {
Analyzer::Init(); Analyzer::Init();
LOOP_OVER_GIVEN_CHILDREN(i, packet_children) for ( Analyzer* a : packet_children )
(*i)->Init(); a->Init();
} }
void TCPSessionAdapter::Done() { void TCPSessionAdapter::Done() {
@ -62,8 +62,8 @@ void TCPSessionAdapter::Done() {
if ( run_state::terminating && connection_pending && is_active && ! BothClosed() ) if ( run_state::terminating && connection_pending && is_active && ! BothClosed() )
Event(connection_pending); Event(connection_pending);
LOOP_OVER_GIVEN_CHILDREN(i, packet_children) for ( Analyzer* a : packet_children )
(*i)->Done(); a->Done();
orig->Done(); orig->Done();
resp->Done(); resp->Done();
@ -644,9 +644,8 @@ analyzer::Analyzer* TCPSessionAdapter::FindChild(analyzer::ID arg_id) {
if ( child ) if ( child )
return child; return child;
LOOP_OVER_GIVEN_CHILDREN(i, packet_children) { for ( Analyzer* a : packet_children ) {
analyzer::Analyzer* child = (*i)->FindChild(arg_id); if ( analyzer::Analyzer* child = a->FindChild(arg_id) )
if ( child )
return child; return child;
} }
@ -659,9 +658,8 @@ analyzer::Analyzer* TCPSessionAdapter::FindChild(zeek::Tag arg_tag) {
if ( child ) if ( child )
return child; return child;
LOOP_OVER_GIVEN_CHILDREN(i, packet_children) { for ( Analyzer* a : packet_children ) {
analyzer::Analyzer* child = (*i)->FindChild(arg_tag); if ( analyzer::Analyzer* child = a->FindChild(arg_tag) )
if ( child )
return child; return child;
} }
@ -1046,8 +1044,8 @@ void TCPSessionAdapter::UpdateConnVal(RecordVal* conn_val) {
Analyzer::UpdateConnVal(conn_val); Analyzer::UpdateConnVal(conn_val);
// Have to do packet_children ourselves. // Have to do packet_children ourselves.
LOOP_OVER_GIVEN_CHILDREN(i, packet_children) for ( Analyzer* a : packet_children )
(*i)->UpdateConnVal(conn_val); a->UpdateConnVal(conn_val);
} }
void TCPSessionAdapter::AttemptTimer(double /* t */) { void TCPSessionAdapter::AttemptTimer(double /* t */) {
@ -1182,11 +1180,12 @@ FilePtr TCPSessionAdapter::GetContentsFile(unsigned int direction) const {
void TCPSessionAdapter::ConnectionClosed(analyzer::tcp::TCP_Endpoint* endpoint, analyzer::tcp::TCP_Endpoint* peer, void TCPSessionAdapter::ConnectionClosed(analyzer::tcp::TCP_Endpoint* endpoint, analyzer::tcp::TCP_Endpoint* peer,
bool gen_event) { bool gen_event) {
const analyzer::analyzer_list& children(GetChildren()); const analyzer::analyzer_list& children(GetChildren());
LOOP_OVER_CONST_CHILDREN(i)
for ( Analyzer* a : children )
// Using this type of cast here is nasty (will crash if // Using this type of cast here is nasty (will crash if
// we inadvertently have a child analyzer that's not a // we inadvertently have a child analyzer that's not a
// TCP_ApplicationAnalyzer), but we have to ... // TCP_ApplicationAnalyzer), but we have to ...
static_cast<analyzer::tcp::TCP_ApplicationAnalyzer*>(*i)->ConnectionClosed(endpoint, peer, gen_event); static_cast<analyzer::tcp::TCP_ApplicationAnalyzer*>(a)->ConnectionClosed(endpoint, peer, gen_event);
if ( DataPending(endpoint) ) { if ( DataPending(endpoint) ) {
// Don't close out the connection yet, there's still data to // Don't close out the connection yet, there's still data to
@ -1266,9 +1265,10 @@ void TCPSessionAdapter::ConnectionClosed(analyzer::tcp::TCP_Endpoint* endpoint,
void TCPSessionAdapter::ConnectionFinished(bool half_finished) { void TCPSessionAdapter::ConnectionFinished(bool half_finished) {
const analyzer::analyzer_list& children(GetChildren()); const analyzer::analyzer_list& children(GetChildren());
LOOP_OVER_CONST_CHILDREN(i)
for ( Analyzer* a : children )
// Again, nasty - see TCPSessionAdapter::ConnectionClosed. // Again, nasty - see TCPSessionAdapter::ConnectionClosed.
static_cast<analyzer::tcp::TCP_ApplicationAnalyzer*>(*i)->ConnectionFinished(half_finished); static_cast<analyzer::tcp::TCP_ApplicationAnalyzer*>(a)->ConnectionFinished(half_finished);
if ( half_finished ) if ( half_finished )
Event(connection_half_finished); Event(connection_half_finished);
@ -1282,8 +1282,8 @@ void TCPSessionAdapter::ConnectionReset() {
Event(connection_reset); Event(connection_reset);
const analyzer::analyzer_list& children(GetChildren()); const analyzer::analyzer_list& children(GetChildren());
LOOP_OVER_CONST_CHILDREN(i) for ( Analyzer* a : children )
static_cast<analyzer::tcp::TCP_ApplicationAnalyzer*>(*i)->ConnectionReset(); static_cast<analyzer::tcp::TCP_ApplicationAnalyzer*>(a)->ConnectionReset();
is_active = 0; is_active = 0;
} }
@ -1312,8 +1312,8 @@ void TCPSessionAdapter::EndpointEOF(analyzer::tcp::TCP_Reassembler* endp) {
EnqueueConnEvent(connection_EOF, ConnVal(), val_mgr->Bool(endp->IsOrig())); EnqueueConnEvent(connection_EOF, ConnVal(), val_mgr->Bool(endp->IsOrig()));
const analyzer::analyzer_list& children(GetChildren()); const analyzer::analyzer_list& children(GetChildren());
LOOP_OVER_CONST_CHILDREN(i) for ( Analyzer* a : children )
static_cast<analyzer::tcp::TCP_ApplicationAnalyzer*>(*i)->EndpointEOF(endp->IsOrig()); static_cast<analyzer::tcp::TCP_ApplicationAnalyzer*>(a)->EndpointEOF(endp->IsOrig());
if ( close_deferred ) { if ( close_deferred ) {
if ( DataPending(endp->Endpoint()) ) { if ( DataPending(endp->Endpoint()) ) {
@ -1331,8 +1331,8 @@ void TCPSessionAdapter::EndpointEOF(analyzer::tcp::TCP_Reassembler* endp) {
void TCPSessionAdapter::PacketWithRST() { void TCPSessionAdapter::PacketWithRST() {
const analyzer::analyzer_list& children(GetChildren()); const analyzer::analyzer_list& children(GetChildren());
LOOP_OVER_CONST_CHILDREN(i) for ( Analyzer* a : children )
static_cast<analyzer::tcp::TCP_ApplicationAnalyzer*>(*i)->PacketWithRST(); static_cast<analyzer::tcp::TCP_ApplicationAnalyzer*>(a)->PacketWithRST();
} }
void TCPSessionAdapter::CheckPIA_FirstPacket(bool is_orig, const IP_Hdr* ip) { void TCPSessionAdapter::CheckPIA_FirstPacket(bool is_orig, const IP_Hdr* ip) {

Some files were not shown because too many files have changed in this diff Show more