From: Michael Altizer (mialtize) Date: Sat, 7 Sep 2019 14:31:05 +0000 (-0400) Subject: Merge pull request #1736 in SNORT/snort3 from ~MIALTIZE/snort3:cppcheck to master X-Git-Tag: 3.0.0-261~8 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ab79fd4269fe2ff126bdff70ee8a7393f6de5210;p=thirdparty%2Fsnort3.git Merge pull request #1736 in SNORT/snort3 from ~MIALTIZE/snort3:cppcheck to master Squashed commit of the following: commit dada26623785e41c11f66ce9fb24e0bffebba151 Author: Michael Altizer Date: Fri Sep 6 10:55:52 2019 -0400 build: Address miscellaneous cppcheck warnings commit 48e3dffc6605b916b555134c60fb12e5f131ee1f Author: Michael Altizer Date: Fri Sep 6 10:34:46 2019 -0400 build: Const-ify reference arguments as suggested by cppcheck --- diff --git a/src/connectors/file_connector/test/file_connector_module_test.cc b/src/connectors/file_connector/test/file_connector_module_test.cc index 39ee48396..bf5611690 100644 --- a/src/connectors/file_connector/test/file_connector_module_test.cc +++ b/src/connectors/file_connector/test/file_connector_module_test.cc @@ -37,8 +37,7 @@ THREAD_LOCAL SimpleStats file_connector_stats; THREAD_LOCAL ProfileStats file_connector_perfstats; void show_stats(PegCount*, const PegInfo*, unsigned, const char*) { } -void show_stats(PegCount*, const PegInfo*, IndexVec&, const char*) { } -void show_stats(PegCount*, const PegInfo*, IndexVec&, const char*, FILE*) { } +void show_stats(PegCount*, const PegInfo*, const IndexVec&, const char*, FILE*) { } namespace snort { diff --git a/src/connectors/file_connector/test/file_connector_test.cc b/src/connectors/file_connector/test/file_connector_test.cc index ecd6bd026..17e5f97bb 100644 --- a/src/connectors/file_connector/test/file_connector_test.cc +++ b/src/connectors/file_connector/test/file_connector_test.cc @@ -51,8 +51,7 @@ Connector* connector_tb; Connector* connector_rb; void show_stats(PegCount*, const PegInfo*, unsigned, const char*) { } -void show_stats(PegCount*, const PegInfo*, IndexVec&, const char*) { } -void show_stats(PegCount*, const PegInfo*, IndexVec&, const char*, FILE*) { } +void show_stats(PegCount*, const PegInfo*, const IndexVec&, const char*, FILE*) { } namespace snort { diff --git a/src/connectors/tcp_connector/test/tcp_connector_module_test.cc b/src/connectors/tcp_connector/test/tcp_connector_module_test.cc index 2c4836a71..510074e44 100644 --- a/src/connectors/tcp_connector/test/tcp_connector_module_test.cc +++ b/src/connectors/tcp_connector/test/tcp_connector_module_test.cc @@ -37,8 +37,7 @@ THREAD_LOCAL SimpleStats tcp_connector_stats; THREAD_LOCAL ProfileStats tcp_connector_perfstats; void show_stats(PegCount*, const PegInfo*, unsigned, const char*) { } -void show_stats(PegCount*, const PegInfo*, IndexVec&, const char*) { } -void show_stats(PegCount*, const PegInfo*, IndexVec&, const char*, FILE*) { } +void show_stats(PegCount*, const PegInfo*, const IndexVec&, const char*, FILE*) { } namespace snort { diff --git a/src/connectors/tcp_connector/test/tcp_connector_test.cc b/src/connectors/tcp_connector/test/tcp_connector_test.cc index 2b727a078..1fa6d9cc3 100644 --- a/src/connectors/tcp_connector/test/tcp_connector_test.cc +++ b/src/connectors/tcp_connector/test/tcp_connector_test.cc @@ -68,8 +68,7 @@ ConnectorCommon* connector_common; Connector* connector; void show_stats(PegCount*, const PegInfo*, unsigned, const char*) { } -void show_stats(PegCount*, const PegInfo*, IndexVec&, const char*) { } -void show_stats(PegCount*, const PegInfo*, IndexVec&, const char*, FILE*) { } +void show_stats(PegCount*, const PegInfo*, const IndexVec&, const char*, FILE*) { } namespace snort { diff --git a/src/detection/detection_engine.cc b/src/detection/detection_engine.cc index d3afe492e..2b6ccfb14 100644 --- a/src/detection/detection_engine.cc +++ b/src/detection/detection_engine.cc @@ -469,7 +469,7 @@ void DetectionEngine::onload() } } -void DetectionEngine::resume_ready_suspends(IpsContextChain& chain) +void DetectionEngine::resume_ready_suspends(const IpsContextChain& chain) { while ( chain.front() and !chain.front()->packet->is_offloaded() ) { diff --git a/src/detection/detection_engine.h b/src/detection/detection_engine.h index b22683d0c..4dd5db3e5 100644 --- a/src/detection/detection_engine.h +++ b/src/detection/detection_engine.h @@ -110,7 +110,7 @@ private: static void offload_thread(IpsContext*); static void complete(snort::Packet*); static void resume(snort::Packet*); - static void resume_ready_suspends(IpsContextChain&); + static void resume_ready_suspends(const IpsContextChain&); static int log_events(Packet*); static void clear_events(Packet*); diff --git a/src/detection/detection_options.cc b/src/detection/detection_options.cc index 8bad4a082..2f8222483 100644 --- a/src/detection/detection_options.cc +++ b/src/detection/detection_options.cc @@ -343,7 +343,7 @@ void* add_detection_option_tree(SnortConfig* sc, detection_option_tree_node_t* o int detection_option_node_evaluate( detection_option_tree_node_t* node, detection_option_eval_data_t* eval_data, - Cursor& orig_cursor) + const Cursor& orig_cursor) { // need node->state to do perf profiling if ( !node ) diff --git a/src/detection/detection_options.h b/src/detection/detection_options.h index 9788c6d47..dc742751d 100644 --- a/src/detection/detection_options.h +++ b/src/detection/detection_options.h @@ -122,7 +122,7 @@ void* add_detection_option(struct snort::SnortConfig*, option_type_t, void*); void* add_detection_option_tree(struct snort::SnortConfig*, detection_option_tree_node_t*); int detection_option_node_evaluate( - detection_option_tree_node_t*, detection_option_eval_data_t*, class Cursor&); + detection_option_tree_node_t*, detection_option_eval_data_t*, const class Cursor&); void DetectionHashTableFree(snort::XHash*); void DetectionTreeHashTableFree(snort::XHash*); diff --git a/src/file_api/file_log.cc b/src/file_api/file_log.cc index 5eb08341a..665f1ebb1 100644 --- a/src/file_api/file_log.cc +++ b/src/file_api/file_log.cc @@ -83,7 +83,7 @@ static void dl_tterm() class LogHandler : public DataHandler { public: - LogHandler(FileLogConfig& conf) : DataHandler(s_name) + LogHandler(const FileLogConfig& conf) : DataHandler(s_name) { config = conf; } void handle(DataEvent&, Flow*) override; @@ -204,7 +204,7 @@ void LogHandler::handle(DataEvent&, Flow* f) class FileLog : public Inspector { public: - FileLog(FileLogConfig& conf) { config = conf; } + FileLog(const FileLogConfig& conf) { config = conf; } void show(SnortConfig*) override; void eval(Packet*) override { } diff --git a/src/flow/ha.cc b/src/flow/ha.cc index 1bb8ed7b2..7466b96fa 100644 --- a/src/flow/ha.cc +++ b/src/flow/ha.cc @@ -230,7 +230,7 @@ FlowHAClient::FlowHAClient(uint8_t length, bool session_client) // Write the key type, key length, and key into the message. // Return the type of key written so it can be stored in the message header. -static uint8_t write_flow_key(Flow& flow, HAMessage& msg) +static uint8_t write_flow_key(const Flow& flow, HAMessage& msg) { const FlowKey* key = flow.key; assert(key); @@ -332,7 +332,7 @@ static uint16_t calculate_update_msg_content_length(Flow& flow, bool full) // Write the HA header and key sections. Position the cursor // at the beginning of the content section. -static void write_msg_header(Flow& flow, HAEvent event, uint16_t content_length, HAMessage& msg) +static void write_msg_header(const Flow& flow, HAEvent event, uint16_t content_length, HAMessage& msg) { HAMessageHeader* hdr = (HAMessageHeader*) msg.cursor; hdr->event = (uint8_t) event; @@ -342,7 +342,7 @@ static void write_msg_header(Flow& flow, HAEvent event, uint16_t content_length, hdr->key_type = write_flow_key(flow, msg); } -static uint16_t update_msg_header_length(HAMessage& msg) +static uint16_t update_msg_header_length(const HAMessage& msg) { HAMessageHeader* hdr = (HAMessageHeader*) msg.buffer; hdr->total_length = msg.cursor_position(); diff --git a/src/flow/stash_item.h b/src/flow/stash_item.h index 52e7618de..edb6cfb94 100644 --- a/src/flow/stash_item.h +++ b/src/flow/stash_item.h @@ -38,7 +38,7 @@ public: { } - int get_object_type() + int get_object_type() const { return object_type; } diff --git a/src/framework/lua_api.h b/src/framework/lua_api.h index 8cad6ad1a..83cb9d24d 100644 --- a/src/framework/lua_api.h +++ b/src/framework/lua_api.h @@ -39,7 +39,7 @@ public: std::string chunk; protected: - LuaApi(std::string& s, std::string& c) + LuaApi(const std::string& s, const std::string& c) { name = s; chunk = c; diff --git a/src/host_tracker/test/host_cache_module_test.cc b/src/host_tracker/test/host_cache_module_test.cc index 501b94d0c..88956b587 100644 --- a/src/host_tracker/test/host_cache_module_test.cc +++ b/src/host_tracker/test/host_cache_module_test.cc @@ -65,11 +65,8 @@ extern "C" const char* luaL_optlstring(lua_State*, int, const char*, size_t*) { return nullptr; } } -void show_stats(PegCount*, const PegInfo*, unsigned, const char*) -{ } - -void show_stats(PegCount*, const PegInfo*, IndexVec&, const char*, FILE*) -{ } +void show_stats(PegCount*, const PegInfo*, unsigned, const char*) { } +void show_stats(PegCount*, const PegInfo*, const IndexVec&, const char*, FILE*) { } TEST_GROUP(host_cache_module) { diff --git a/src/host_tracker/test/host_tracker_module_test.cc b/src/host_tracker/test/host_tracker_module_test.cc index 8ba0b2c74..9b60b8589 100644 --- a/src/host_tracker/test/host_tracker_module_test.cc +++ b/src/host_tracker/test/host_tracker_module_test.cc @@ -44,7 +44,7 @@ time_t packet_time() { return 0; } // Fake show_stats to avoid bringing in a ton of dependencies. void show_stats(PegCount*, const PegInfo*, unsigned, const char*) { } -void show_stats(PegCount*, const PegInfo*, IndexVec&, const char*, FILE*) { } +void show_stats(PegCount*, const PegInfo*, const IndexVec&, const char*, FILE*) { } SfIp expected_addr; diff --git a/src/host_tracker/test/host_tracker_test.cc b/src/host_tracker/test/host_tracker_test.cc index 5e4b4c25b..9ac2b1fe3 100644 --- a/src/host_tracker/test/host_tracker_test.cc +++ b/src/host_tracker/test/host_tracker_test.cc @@ -93,7 +93,7 @@ TEST(host_tracker, copy_data_test) CHECK(p_last_seen == 1562198400); CHECK(p_macs != nullptr); CHECK(p_macs->size() == 1); - auto& copied_data = p_macs->front(); + const auto& copied_data = p_macs->front(); CHECK(copied_data.ttl == 50); CHECK(copied_data.primary == 1); CHECK(copied_data.last_seen == 1562198400); diff --git a/src/ips_options/ips_asn1.cc b/src/ips_options/ips_asn1.cc index 00b3cee2e..cd15c5704 100644 --- a/src/ips_options/ips_asn1.cc +++ b/src/ips_options/ips_asn1.cc @@ -85,7 +85,7 @@ static THREAD_LOCAL ProfileStats asn1PerfStats; class Asn1Option : public IpsOption { public: - Asn1Option(ASN1_CTXT& c) : IpsOption(s_name, RULE_OPTION_TYPE_BUFFER_USE) + Asn1Option(const ASN1_CTXT& c) : IpsOption(s_name, RULE_OPTION_TYPE_BUFFER_USE) { config = c; } uint32_t hash() const override; diff --git a/src/ips_options/ips_file_type.cc b/src/ips_options/ips_file_type.cc index 67ed7fa56..3ca9aad20 100644 --- a/src/ips_options/ips_file_type.cc +++ b/src/ips_options/ips_file_type.cc @@ -40,7 +40,7 @@ static THREAD_LOCAL ProfileStats fileTypePerfStats; class FileTypeOption : public IpsOption { public: - FileTypeOption(FileTypeBitSet&); + FileTypeOption(const FileTypeBitSet&); uint32_t hash() const override; bool operator==(const IpsOption& ips) const override; @@ -57,7 +57,7 @@ public: // class methods //------------------------------------------------------------------------- -FileTypeOption::FileTypeOption(FileTypeBitSet& t) : IpsOption(s_name) +FileTypeOption::FileTypeOption(const FileTypeBitSet& t) : IpsOption(s_name) { types = t; } diff --git a/src/ips_options/ips_replace.cc b/src/ips_options/ips_replace.cc index 712f6841b..3103bf913 100644 --- a/src/ips_options/ips_replace.cc +++ b/src/ips_options/ips_replace.cc @@ -77,7 +77,7 @@ static THREAD_LOCAL ProfileStats replacePerfStats; class ReplaceOption : public IpsOption { public: - ReplaceOption(string&); + ReplaceOption(const string&); ~ReplaceOption() override; EvalStatus eval(Cursor&, Packet*) override; @@ -106,7 +106,7 @@ private: int* offset; /* >=0 is offset to start of replace */ }; -ReplaceOption::ReplaceOption(string& s) : IpsOption(s_name) +ReplaceOption::ReplaceOption(const string& s) : IpsOption(s_name) { unsigned n = ThreadConfig::get_instance_max(); offset = new int[n]; diff --git a/src/ips_options/ips_rpc.cc b/src/ips_options/ips_rpc.cc index 4cf3f062b..7f8785498 100644 --- a/src/ips_options/ips_rpc.cc +++ b/src/ips_options/ips_rpc.cc @@ -251,7 +251,7 @@ public: ProfileStats* get_profile() const override { return &rpcCheckPerfStats; } - bool set(Value&, uint32_t& field, int flag); + bool set(const Value&, uint32_t& field, int flag); Usage get_usage() const override { return DETECT; } @@ -283,7 +283,7 @@ bool RpcModule::set(const char*, Value& v, SnortConfig*) return true; } -bool RpcModule::set(Value& v, uint32_t& field, int flag) +bool RpcModule::set(const Value& v, uint32_t& field, int flag) { if ( flag and !strcmp(v.get_string(), "*") ) return true; diff --git a/src/ips_options/ips_sd_pattern.cc b/src/ips_options/ips_sd_pattern.cc index fd93c868c..41cb69156 100644 --- a/src/ips_options/ips_sd_pattern.cc +++ b/src/ips_options/ips_sd_pattern.cc @@ -126,7 +126,7 @@ public: EvalStatus eval(Cursor&, Packet* p) override; private: - unsigned SdSearch(Cursor&, Packet*); + unsigned SdSearch(const Cursor&, Packet*); SdPatternConfig config; }; @@ -243,7 +243,7 @@ static int hs_match(unsigned int /*id*/, unsigned long long from, return 0; } -unsigned SdPatternOption::SdSearch(Cursor& c, Packet* p) +unsigned SdPatternOption::SdSearch(const Cursor& c, Packet* p) { const uint8_t* const start = c.buffer(); const uint8_t* buf = c.start(); diff --git a/src/ips_options/test/ips_regex_test.cc b/src/ips_options/test/ips_regex_test.cc index 8ea290f75..ed5e9ed6c 100644 --- a/src/ips_options/test/ips_regex_test.cc +++ b/src/ips_options/test/ips_regex_test.cc @@ -101,7 +101,7 @@ Cursor::Cursor(Packet* p) { set("pkt_data", p->data, p->dsize); } void show_stats(PegCount*, const PegInfo*, unsigned, const char*) { } -void show_stats(PegCount*, const PegInfo*, IndexVec&, const char*, FILE*) { } +void show_stats(PegCount*, const PegInfo*, const IndexVec&, const char*, FILE*) { } //------------------------------------------------------------------------- // helpers diff --git a/src/loggers/alert_csv.cc b/src/loggers/alert_csv.cc index 92c4a2085..0bd557886 100644 --- a/src/loggers/alert_csv.cc +++ b/src/loggers/alert_csv.cc @@ -69,12 +69,12 @@ struct Args const Event& event; }; -static void ff_action(Args& a) +static void ff_action(const Args& a) { TextLog_Puts(csv_log, a.pkt->active->get_action_string()); } -static void ff_class(Args& a) +static void ff_class(const Args& a) { const char* cls = "none"; if ( a.event.sig_info->class_type and a.event.sig_info->class_type->name ) @@ -82,7 +82,7 @@ static void ff_class(Args& a) TextLog_Puts(csv_log, cls); } -static void ff_b64_data(Args& a) +static void ff_b64_data(const Args& a) { const unsigned block_size = 2048; char out[2*block_size]; @@ -107,7 +107,7 @@ static void ff_b64_data(Args& a) TextLog_Putc(csv_log, '"'); } -static void ff_dir(Args& a) +static void ff_dir(const Args& a) { const char* dir; @@ -121,7 +121,7 @@ static void ff_dir(Args& a) TextLog_Puts(csv_log, dir); } -static void ff_dst_addr(Args& a) +static void ff_dst_addr(const Args& a) { if ( a.pkt->has_ip() or a.pkt->is_data() ) { @@ -130,7 +130,7 @@ static void ff_dst_addr(Args& a) } } -static void ff_dst_ap(Args& a) +static void ff_dst_ap(const Args& a) { SfIpString addr = ""; unsigned port = 0; @@ -144,13 +144,13 @@ static void ff_dst_ap(Args& a) TextLog_Print(csv_log, "%s:%u", addr, port); } -static void ff_dst_port(Args& a) +static void ff_dst_port(const Args& a) { if ( a.pkt->proto_bits & (PROTO_BIT__TCP|PROTO_BIT__UDP) ) TextLog_Print(csv_log, "%u", a.pkt->ptrs.dp); } -static void ff_eth_dst(Args& a) +static void ff_eth_dst(const Args& a) { if ( !(a.pkt->proto_bits & PROTO_BIT__ETH) ) return; @@ -162,7 +162,7 @@ static void ff_eth_dst(Args& a) eh->ether_dst[4], eh->ether_dst[5]); } -static void ff_eth_len(Args& a) +static void ff_eth_len(const Args& a) { if ( !(a.pkt->proto_bits & PROTO_BIT__ETH) ) return; @@ -170,7 +170,7 @@ static void ff_eth_len(Args& a) TextLog_Print(csv_log, "%u", a.pkt->pkth->pktlen); } -static void ff_eth_src(Args& a) +static void ff_eth_src(const Args& a) { if ( !(a.pkt->proto_bits & PROTO_BIT__ETH) ) return; @@ -182,7 +182,7 @@ static void ff_eth_src(Args& a) eh->ether_src[4], eh->ether_src[5]); } -static void ff_eth_type(Args& a) +static void ff_eth_type(const Args& a) { if ( !(a.pkt->proto_bits & PROTO_BIT__ETH) ) return; @@ -191,58 +191,58 @@ static void ff_eth_type(Args& a) TextLog_Print(csv_log, "0x%X", ntohs(eh->ether_type)); } -static void ff_gid(Args& a) +static void ff_gid(const Args& a) { TextLog_Print(csv_log, "%u", a.event.sig_info->gid); } -static void ff_icmp_code(Args& a) +static void ff_icmp_code(const Args& a) { if (a.pkt->ptrs.icmph ) TextLog_Print(csv_log, "%u", a.pkt->ptrs.icmph->code); } -static void ff_icmp_id(Args& a) +static void ff_icmp_id(const Args& a) { if (a.pkt->ptrs.icmph ) TextLog_Print(csv_log, "%u", ntohs(a.pkt->ptrs.icmph->s_icmp_id)); } -static void ff_icmp_seq(Args& a) +static void ff_icmp_seq(const Args& a) { if (a.pkt->ptrs.icmph ) TextLog_Print(csv_log, "%u", ntohs(a.pkt->ptrs.icmph->s_icmp_seq)); } -static void ff_icmp_type(Args& a) +static void ff_icmp_type(const Args& a) { if (a.pkt->ptrs.icmph ) TextLog_Print(csv_log, "%u", a.pkt->ptrs.icmph->type); } -static void ff_iface(Args&) +static void ff_iface(const Args&) { TextLog_Print(csv_log, "%s", SFDAQ::get_input_spec()); } -static void ff_ip_id(Args& a) +static void ff_ip_id(const Args& a) { if (a.pkt->has_ip()) TextLog_Print(csv_log, "%u", a.pkt->ptrs.ip_api.id()); } -static void ff_ip_len(Args& a) +static void ff_ip_len(const Args& a) { if (a.pkt->has_ip()) TextLog_Print(csv_log, "%u", a.pkt->ptrs.ip_api.pay_len()); } -static void ff_msg(Args& a) +static void ff_msg(const Args& a) { TextLog_Puts(csv_log, a.msg); } -static void ff_mpls(Args& a) +static void ff_mpls(const Args& a) { uint32_t mpls; @@ -258,12 +258,12 @@ static void ff_mpls(Args& a) TextLog_Print(csv_log, "%u", ntohl(mpls)); } -static void ff_pkt_gen(Args& a) +static void ff_pkt_gen(const Args& a) { TextLog_Puts(csv_log, a.pkt->get_pseudo_type()); } -static void ff_pkt_len(Args& a) +static void ff_pkt_len(const Args& a) { if (a.pkt->has_ip()) TextLog_Print(csv_log, "%u", a.pkt->ptrs.ip_api.dgram_len()); @@ -271,38 +271,38 @@ static void ff_pkt_len(Args& a) TextLog_Print(csv_log, "%u", a.pkt->dsize); } -static void ff_pkt_num(Args& a) +static void ff_pkt_num(const Args& a) { TextLog_Print(csv_log, STDu64, a.pkt->context->packet_number); } -static void ff_priority(Args& a) +static void ff_priority(const Args& a) { TextLog_Print(csv_log, "%u", a.event.sig_info->priority); } -static void ff_proto(Args& a) +static void ff_proto(const Args& a) { TextLog_Puts(csv_log, a.pkt->get_type()); } -static void ff_rev(Args& a) +static void ff_rev(const Args& a) { TextLog_Print(csv_log, "%u", a.event.sig_info->rev); } -static void ff_rule(Args& a) +static void ff_rule(const Args& a) { TextLog_Print(csv_log, "%u:%u:%u", a.event.sig_info->gid, a.event.sig_info->sid, a.event.sig_info->rev); } -static void ff_seconds(Args& a) +static void ff_seconds(const Args& a) { TextLog_Print(csv_log, "%u", a.pkt->pkth->ts.tv_sec); } -static void ff_service(Args& a) +static void ff_service(const Args& a) { const char* svc = "unknown"; if ( a.pkt->flow and a.pkt->flow->service ) @@ -310,12 +310,12 @@ static void ff_service(Args& a) TextLog_Puts(csv_log, svc); } -static void ff_sid(Args& a) +static void ff_sid(const Args& a) { TextLog_Print(csv_log, "%u", a.event.sig_info->sid); } -static void ff_src_addr(Args& a) +static void ff_src_addr(const Args& a) { if ( a.pkt->has_ip() or a.pkt->is_data() ) { @@ -324,7 +324,7 @@ static void ff_src_addr(Args& a) } } -static void ff_src_ap(Args& a) +static void ff_src_ap(const Args& a) { SfIpString addr = ""; unsigned port = 0; @@ -338,13 +338,13 @@ static void ff_src_ap(Args& a) TextLog_Print(csv_log, "%s:%u", addr, port); } -static void ff_src_port(Args& a) +static void ff_src_port(const Args& a) { if ( a.pkt->proto_bits & (PROTO_BIT__TCP|PROTO_BIT__UDP) ) TextLog_Print(csv_log, "%u", a.pkt->ptrs.sp); } -static void ff_target(Args& a) +static void ff_target(const Args& a) { SfIpString addr = ""; @@ -360,13 +360,13 @@ static void ff_target(Args& a) TextLog_Print(csv_log, "%s", addr); } -static void ff_tcp_ack(Args& a) +static void ff_tcp_ack(const Args& a) { if (a.pkt->ptrs.tcph ) TextLog_Print(csv_log, "0x%lX", (u_long)ntohl(a.pkt->ptrs.tcph->th_ack)); } -static void ff_tcp_flags(Args& a) +static void ff_tcp_flags(const Args& a) { if (a.pkt->ptrs.tcph ) { @@ -376,48 +376,48 @@ static void ff_tcp_flags(Args& a) } } -static void ff_tcp_len(Args& a) +static void ff_tcp_len(const Args& a) { if (a.pkt->ptrs.tcph ) TextLog_Print(csv_log, "%u", (a.pkt->ptrs.tcph->off())); } -static void ff_tcp_seq(Args& a) +static void ff_tcp_seq(const Args& a) { if (a.pkt->ptrs.tcph ) TextLog_Print(csv_log, "0x%lX", (u_long)ntohl(a.pkt->ptrs.tcph->th_seq)); } -static void ff_tcp_win(Args& a) +static void ff_tcp_win(const Args& a) { if (a.pkt->ptrs.tcph ) TextLog_Print(csv_log, "0x%X", ntohs(a.pkt->ptrs.tcph->th_win)); } -static void ff_timestamp(Args& a) +static void ff_timestamp(const Args& a) { LogTimeStamp(csv_log, a.pkt); } -static void ff_tos(Args& a) +static void ff_tos(const Args& a) { if (a.pkt->has_ip()) TextLog_Print(csv_log, "%u", a.pkt->ptrs.ip_api.tos()); } -static void ff_ttl(Args& a) +static void ff_ttl(const Args& a) { if (a.pkt->has_ip()) TextLog_Print(csv_log, "%u",a.pkt->ptrs.ip_api.ttl()); } -static void ff_udp_len(Args& a) +static void ff_udp_len(const Args& a) { if (a.pkt->ptrs.udph ) TextLog_Print(csv_log, "%u", ntohs(a.pkt->ptrs.udph->uh_len)); } -static void ff_vlan(Args& a) +static void ff_vlan(const Args& a) { uint16_t vid; @@ -437,7 +437,7 @@ static void ff_vlan(Args& a) // module stuff //------------------------------------------------------------------------- -typedef void (*CsvFunc)(Args&); +typedef void (*CsvFunc)(const Args&); static const CsvFunc csv_func[] = { diff --git a/src/loggers/alert_fast.cc b/src/loggers/alert_fast.cc index 39da8279e..af2085241 100644 --- a/src/loggers/alert_fast.cc +++ b/src/loggers/alert_fast.cc @@ -135,7 +135,7 @@ bool FastModule::begin(const char*, int, SnortConfig*) // helper static void load_buf_ids( - Inspector* ins, std::vector& keys, std::vector& ids) + Inspector* ins, const std::vector& keys, std::vector& ids) { for ( auto key : keys ) { diff --git a/src/loggers/alert_json.cc b/src/loggers/alert_json.cc index b5cb46123..aeb24409b 100644 --- a/src/loggers/alert_json.cc +++ b/src/loggers/alert_json.cc @@ -71,7 +71,7 @@ struct Args bool comma; }; -static void print_label(Args& a, const char* label) +static void print_label(const Args& a, const char* label) { if ( a.comma ) TextLog_Print(json_log, ","); @@ -79,14 +79,14 @@ static void print_label(Args& a, const char* label) TextLog_Print(json_log, " \"%s\" : ", label); } -static bool ff_action(Args& a) +static bool ff_action(const Args& a) { print_label(a, "action"); TextLog_Quote(json_log, a.pkt->active->get_action_string()); return true; } -static bool ff_class(Args& a) +static bool ff_class(const Args& a) { const char* cls = "none"; @@ -98,7 +98,7 @@ static bool ff_class(Args& a) return true; } -static bool ff_b64_data(Args& a) +static bool ff_b64_data(const Args& a) { if ( !a.pkt->dsize ) return false; @@ -128,7 +128,7 @@ static bool ff_b64_data(Args& a) return true; } -static bool ff_dir(Args& a) +static bool ff_dir(const Args& a) { const char* dir; @@ -144,7 +144,7 @@ static bool ff_dir(Args& a) return true; } -static bool ff_dst_addr(Args& a) +static bool ff_dst_addr(const Args& a) { if ( a.pkt->has_ip() or a.pkt->is_data() ) { @@ -156,7 +156,7 @@ static bool ff_dst_addr(Args& a) return false; } -static bool ff_dst_ap(Args& a) +static bool ff_dst_ap(const Args& a) { SfIpString addr = ""; unsigned port = 0; @@ -172,7 +172,7 @@ static bool ff_dst_ap(Args& a) return true; } -static bool ff_dst_port(Args& a) +static bool ff_dst_port(const Args& a) { if ( a.pkt->proto_bits & (PROTO_BIT__TCP|PROTO_BIT__UDP) ) { @@ -183,7 +183,7 @@ static bool ff_dst_port(Args& a) return false; } -static bool ff_eth_dst(Args& a) +static bool ff_eth_dst(const Args& a) { if ( !(a.pkt->proto_bits & PROTO_BIT__ETH) ) return false; @@ -198,7 +198,7 @@ static bool ff_eth_dst(Args& a) return true; } -static bool ff_eth_len(Args& a) +static bool ff_eth_len(const Args& a) { if ( !(a.pkt->proto_bits & PROTO_BIT__ETH) ) return false; @@ -208,7 +208,7 @@ static bool ff_eth_len(Args& a) return true; } -static bool ff_eth_src(Args& a) +static bool ff_eth_src(const Args& a) { if ( !(a.pkt->proto_bits & PROTO_BIT__ETH) ) return false; @@ -222,7 +222,7 @@ static bool ff_eth_src(Args& a) return true; } -static bool ff_eth_type(Args& a) +static bool ff_eth_type(const Args& a) { if ( !(a.pkt->proto_bits & PROTO_BIT__ETH) ) return false; @@ -234,14 +234,14 @@ static bool ff_eth_type(Args& a) return true; } -static bool ff_gid(Args& a) +static bool ff_gid(const Args& a) { print_label(a, "gid"); TextLog_Print(json_log, "%u", a.event.sig_info->gid); return true; } -static bool ff_icmp_code(Args& a) +static bool ff_icmp_code(const Args& a) { if (a.pkt->ptrs.icmph ) { @@ -252,7 +252,7 @@ static bool ff_icmp_code(Args& a) return false; } -static bool ff_icmp_id(Args& a) +static bool ff_icmp_id(const Args& a) { if (a.pkt->ptrs.icmph ) { @@ -263,7 +263,7 @@ static bool ff_icmp_id(Args& a) return false; } -static bool ff_icmp_seq(Args& a) +static bool ff_icmp_seq(const Args& a) { if (a.pkt->ptrs.icmph ) { @@ -274,7 +274,7 @@ static bool ff_icmp_seq(Args& a) return false; } -static bool ff_icmp_type(Args& a) +static bool ff_icmp_type(const Args& a) { if (a.pkt->ptrs.icmph ) { @@ -285,14 +285,14 @@ static bool ff_icmp_type(Args& a) return false; } -static bool ff_iface(Args& a) +static bool ff_iface(const Args& a) { print_label(a, "iface"); TextLog_Quote(json_log, SFDAQ::get_input_spec()); return true; } -static bool ff_ip_id(Args& a) +static bool ff_ip_id(const Args& a) { if (a.pkt->has_ip()) { @@ -303,7 +303,7 @@ static bool ff_ip_id(Args& a) return false; } -static bool ff_ip_len(Args& a) +static bool ff_ip_len(const Args& a) { if (a.pkt->has_ip()) { @@ -314,14 +314,14 @@ static bool ff_ip_len(Args& a) return false; } -static bool ff_msg(Args& a) +static bool ff_msg(const Args& a) { print_label(a, "msg"); TextLog_Puts(json_log, a.msg); return true; } -static bool ff_mpls(Args& a) +static bool ff_mpls(const Args& a) { uint32_t mpls; @@ -339,14 +339,14 @@ static bool ff_mpls(Args& a) return true; } -static bool ff_pkt_gen(Args& a) +static bool ff_pkt_gen(const Args& a) { print_label(a, "pkt_gen"); TextLog_Quote(json_log, a.pkt->get_pseudo_type()); return true; } -static bool ff_pkt_len(Args& a) +static bool ff_pkt_len(const Args& a) { print_label(a, "pkt_len"); @@ -358,35 +358,35 @@ static bool ff_pkt_len(Args& a) return true; } -static bool ff_pkt_num(Args& a) +static bool ff_pkt_num(const Args& a) { print_label(a, "pkt_num"); TextLog_Print(json_log, STDu64, a.pkt->context->packet_number); return true; } -static bool ff_priority(Args& a) +static bool ff_priority(const Args& a) { print_label(a, "priority"); TextLog_Print(json_log, "%u", a.event.sig_info->priority); return true; } -static bool ff_proto(Args& a) +static bool ff_proto(const Args& a) { print_label(a, "proto"); TextLog_Quote(json_log, a.pkt->get_type()); return true; } -static bool ff_rev(Args& a) +static bool ff_rev(const Args& a) { print_label(a, "rev"); TextLog_Print(json_log, "%u", a.event.sig_info->rev); return true; } -static bool ff_rule(Args& a) +static bool ff_rule(const Args& a) { print_label(a, "rule"); @@ -396,14 +396,14 @@ static bool ff_rule(Args& a) return true; } -static bool ff_seconds(Args& a) +static bool ff_seconds(const Args& a) { print_label(a, "seconds"); TextLog_Print(json_log, "%u", a.pkt->pkth->ts.tv_sec); return true; } -static bool ff_service(Args& a) +static bool ff_service(const Args& a) { const char* svc = "unknown"; @@ -415,14 +415,14 @@ static bool ff_service(Args& a) return true; } -static bool ff_sid(Args& a) +static bool ff_sid(const Args& a) { print_label(a, "sid"); TextLog_Print(json_log, "%u", a.event.sig_info->sid); return true; } -static bool ff_src_addr(Args& a) +static bool ff_src_addr(const Args& a) { if ( a.pkt->has_ip() or a.pkt->is_data() ) { @@ -434,7 +434,7 @@ static bool ff_src_addr(Args& a) return false; } -static bool ff_src_ap(Args& a) +static bool ff_src_ap(const Args& a) { SfIpString addr = ""; unsigned port = 0; @@ -450,7 +450,7 @@ static bool ff_src_ap(Args& a) return true; } -static bool ff_src_port(Args& a) +static bool ff_src_port(const Args& a) { if ( a.pkt->proto_bits & (PROTO_BIT__TCP|PROTO_BIT__UDP) ) { @@ -461,7 +461,7 @@ static bool ff_src_port(Args& a) return false; } -static bool ff_target(Args& a) +static bool ff_target(const Args& a) { SfIpString addr = ""; @@ -479,7 +479,7 @@ static bool ff_target(Args& a) return true; } -static bool ff_tcp_ack(Args& a) +static bool ff_tcp_ack(const Args& a) { if (a.pkt->ptrs.tcph ) { @@ -490,7 +490,7 @@ static bool ff_tcp_ack(Args& a) return false; } -static bool ff_tcp_flags(Args& a) +static bool ff_tcp_flags(const Args& a) { if (a.pkt->ptrs.tcph ) { @@ -504,7 +504,7 @@ static bool ff_tcp_flags(Args& a) return false; } -static bool ff_tcp_len(Args& a) +static bool ff_tcp_len(const Args& a) { if (a.pkt->ptrs.tcph ) { @@ -515,7 +515,7 @@ static bool ff_tcp_len(Args& a) return false; } -static bool ff_tcp_seq(Args& a) +static bool ff_tcp_seq(const Args& a) { if (a.pkt->ptrs.tcph ) { @@ -526,7 +526,7 @@ static bool ff_tcp_seq(Args& a) return false; } -static bool ff_tcp_win(Args& a) +static bool ff_tcp_win(const Args& a) { if (a.pkt->ptrs.tcph ) { @@ -537,7 +537,7 @@ static bool ff_tcp_win(Args& a) return false; } -static bool ff_timestamp(Args& a) +static bool ff_timestamp(const Args& a) { print_label(a, "timestamp"); TextLog_Putc(json_log, '"'); @@ -546,7 +546,7 @@ static bool ff_timestamp(Args& a) return true; } -static bool ff_tos(Args& a) +static bool ff_tos(const Args& a) { if (a.pkt->has_ip()) { @@ -557,7 +557,7 @@ static bool ff_tos(Args& a) return false; } -static bool ff_ttl(Args& a) +static bool ff_ttl(const Args& a) { if (a.pkt->has_ip()) { @@ -568,7 +568,7 @@ static bool ff_ttl(Args& a) return false; } -static bool ff_udp_len(Args& a) +static bool ff_udp_len(const Args& a) { if (a.pkt->ptrs.udph ) { @@ -579,7 +579,7 @@ static bool ff_udp_len(Args& a) return false; } -static bool ff_vlan(Args& a) +static bool ff_vlan(const Args& a) { uint16_t vid; @@ -601,7 +601,7 @@ static bool ff_vlan(Args& a) // module stuff //------------------------------------------------------------------------- -typedef bool (*JsonFunc)(Args&); +typedef bool (*JsonFunc)(const Args&); static const JsonFunc json_func[] = { diff --git a/src/main/control_mgmt.cc b/src/main/control_mgmt.cc index fd28396aa..47c21843b 100644 --- a/src/main/control_mgmt.cc +++ b/src/main/control_mgmt.cc @@ -181,26 +181,25 @@ int ControlMgmt::socket_term() bool ControlMgmt::process_control_commands(int& current_fd, Request*& current_request, int evnt_fd) { - bool ret = false; auto control_conn = controls.find(evnt_fd); if (control_conn == controls.end()) - return ret; + return false; Request* old_request = current_request; int fd = control_conn->second->shell_execute(current_fd, current_request); current_fd = -1; current_request = old_request; - if (fd >= 0) - { - if (control_conn->second->is_local_control()) - proc_stats.local_commands++; - else - proc_stats.remote_commands++; - ret = true; - } - return ret; + if (fd < 0) + return false; + + if (control_conn->second->is_local_control()) + proc_stats.local_commands++; + else + proc_stats.remote_commands++; + + return true; } bool ControlMgmt::service_users(int& current_fd, Request*& current_request) diff --git a/src/main/request.cc b/src/main/request.cc index b6f7fa389..fb3fecee8 100644 --- a/src/main/request.cc +++ b/src/main/request.cc @@ -36,7 +36,7 @@ Request::Request(int f) bytes_read = 0; } -bool Request::read(int& f) +bool Request::read(const int& f) { bool newline_found = false; char buf; diff --git a/src/main/request.h b/src/main/request.h index 1d83f1e09..7a191ce33 100644 --- a/src/main/request.h +++ b/src/main/request.h @@ -29,7 +29,7 @@ class Request public: Request(int f = -1); - bool read(int&); + bool read(const int&); const char* get() { return read_buf; } bool write_response(const char* s) const; void respond(const char* s, bool queue_response = false, bool remote_only = false); diff --git a/src/network_inspectors/appid/appid_api.cc b/src/network_inspectors/appid/appid_api.cc index b4d3629b8..ea43658f4 100644 --- a/src/network_inspectors/appid/appid_api.cc +++ b/src/network_inspectors/appid/appid_api.cc @@ -44,7 +44,7 @@ namespace snort AppIdApi appid_api; } -AppIdSession* AppIdApi::get_appid_session(Flow& flow) +AppIdSession* AppIdApi::get_appid_session(const Flow& flow) { AppIdSession* asd = (AppIdSession*)flow.get_flow_data(AppIdSession::inspector_id); @@ -56,7 +56,7 @@ const char* AppIdApi::get_application_name(AppId app_id) return AppInfoManager::get_instance().get_app_name(app_id); } -const char* AppIdApi::get_application_name(Flow& flow, bool from_client) +const char* AppIdApi::get_application_name(const Flow& flow, bool from_client) { const char* app_name = nullptr; AppId appid = APP_ID_NONE; @@ -95,7 +95,7 @@ AppId AppIdApi::get_application_id(const char* appName) #define APPID_HA_FLAGS_SVC_DONE ( 1 << 2 ) #define APPID_HA_FLAGS_HTTP ( 1 << 3 ) -uint32_t AppIdApi::produce_ha_state(Flow& flow, uint8_t* buf) +uint32_t AppIdApi::produce_ha_state(const Flow& flow, uint8_t* buf) { assert(buf); AppIdSessionHA* appHA = (AppIdSessionHA*)buf; @@ -223,7 +223,7 @@ bool AppIdApi::ssl_app_group_id_lookup(Flow* flow, const char* server_name, cons return false; } -AppIdSessionApi* AppIdApi::create_appid_session_api(Flow& flow) +AppIdSessionApi* AppIdApi::create_appid_session_api(const Flow& flow) { AppIdSession* asd = (AppIdSession*)flow.get_flow_data(AppIdSession::inspector_id); diff --git a/src/network_inspectors/appid/appid_api.h b/src/network_inspectors/appid/appid_api.h index e5b6aa1f7..d883645ee 100644 --- a/src/network_inspectors/appid/appid_api.h +++ b/src/network_inspectors/appid/appid_api.h @@ -51,15 +51,15 @@ class SO_PUBLIC AppIdApi public: SO_PRIVATE AppIdApi() = default; - AppIdSession* get_appid_session(Flow& flow); + AppIdSession* get_appid_session(const Flow& flow); const char* get_application_name(AppId app_id); - const char* get_application_name(Flow& flow, bool from_client); + const char* get_application_name(const Flow& flow, bool from_client); AppId get_application_id(const char* appName); - uint32_t produce_ha_state(Flow& flow, uint8_t* buf); + uint32_t produce_ha_state(const Flow& flow, uint8_t* buf); uint32_t consume_ha_state(Flow& flow, const uint8_t* buf, uint8_t length, IpProtocol, SfIp*, uint16_t initiatorPort); bool ssl_app_group_id_lookup(Flow* flow, const char*, const char*, AppId& service_id, AppId& client_id, AppId& payload_id); - AppIdSessionApi* create_appid_session_api(Flow& flow); + AppIdSessionApi* create_appid_session_api(const Flow& flow); void free_appid_session_api(AppIdSessionApi* api); }; diff --git a/src/network_inspectors/appid/appid_debug.h b/src/network_inspectors/appid/appid_debug.h index 4163e163f..c33c9a86b 100644 --- a/src/network_inspectors/appid/appid_debug.h +++ b/src/network_inspectors/appid/appid_debug.h @@ -48,15 +48,15 @@ struct AppIdDebugSessionConstraints uint16_t sport; uint16_t dport; IpProtocol protocol = IpProtocol::PROTO_NOT_SET; - bool proto_match(IpProtocol& proto) + bool proto_match(IpProtocol proto) const { return (protocol == IpProtocol::PROTO_NOT_SET or protocol == proto); } - bool port_match(uint16_t p1, uint16_t p2) + bool port_match(uint16_t p1, uint16_t p2) const { return (!sport or sport == p1) and (!dport or dport == p2); } - bool ip_match(const uint32_t* ip1, const uint32_t* ip2) + bool ip_match(const uint32_t* ip1, const uint32_t* ip2) const { return ((!sip_flag or !memcmp(sip.get_ip6_ptr(), ip1, sizeof(snort::ip::snort_in6_addr))) and diff --git a/src/network_inspectors/appid/appid_discovery.cc b/src/network_inspectors/appid/appid_discovery.cc index 79dbfff12..fb0d0d378 100644 --- a/src/network_inspectors/appid/appid_discovery.cc +++ b/src/network_inspectors/appid/appid_discovery.cc @@ -408,7 +408,7 @@ static bool is_packet_ignored(AppIdSession* asd, Packet* p, AppidSessionDirectio return false; } -static uint64_t is_session_monitored(AppIdSession& asd, const Packet* p, AppidSessionDirection dir, +static uint64_t is_session_monitored(const AppIdSession& asd, const Packet* p, AppidSessionDirection dir, AppIdInspector& inspector) { uint64_t flags; diff --git a/src/network_inspectors/appid/appid_session_api.cc b/src/network_inspectors/appid/appid_session_api.cc index ed29050ea..5215d2185 100644 --- a/src/network_inspectors/appid/appid_session_api.cc +++ b/src/network_inspectors/appid/appid_session_api.cc @@ -33,7 +33,7 @@ using namespace snort; -bool AppIdSessionApi::refresh(Flow& flow) +bool AppIdSessionApi::refresh(const Flow& flow) { AppIdSession* new_asd = (AppIdSession*)flow.get_flow_data(AppIdSession::inspector_id); diff --git a/src/network_inspectors/appid/appid_session_api.h b/src/network_inspectors/appid/appid_session_api.h index 4b374502b..fa28960e4 100644 --- a/src/network_inspectors/appid/appid_session_api.h +++ b/src/network_inspectors/appid/appid_session_api.h @@ -155,7 +155,7 @@ class SO_PUBLIC AppIdSessionApi { public: AppIdSessionApi(AppIdSession* asd) : asd(asd) {} - bool refresh(Flow& flow); + bool refresh(const Flow& flow); AppId get_service_app_id(); AppId get_port_service_app_id(); AppId get_only_service_app_id(); diff --git a/src/network_inspectors/appid/appid_stats.cc b/src/network_inspectors/appid/appid_stats.cc index e96704d90..91c9664cd 100644 --- a/src/network_inspectors/appid/appid_stats.cc +++ b/src/network_inspectors/appid/appid_stats.cc @@ -229,7 +229,7 @@ AppIdStatistics* AppIdStatistics::get_stats_manager() void AppIdStatistics::cleanup() { delete appid_stats_manager; } -static void update_stats(AppIdSession& asd, AppId app_id, StatsBucket* bucket) +static void update_stats(const AppIdSession& asd, AppId app_id, StatsBucket* bucket) { AppIdStatRecord* record = (AppIdStatRecord*)(fwAvlLookup(app_id, bucket->appsTree)); if ( !record ) diff --git a/src/network_inspectors/appid/appid_utils/sf_mlmp.cc b/src/network_inspectors/appid/appid_utils/sf_mlmp.cc index 9551932e4..a6f0e6dd2 100644 --- a/src/network_inspectors/appid/appid_utils/sf_mlmp.cc +++ b/src/network_inspectors/appid/appid_utils/sf_mlmp.cc @@ -440,7 +440,7 @@ static int addPatternRecursively(tMlmpTree* rootNode, const tMlmpPattern* inputP tPatternNode* newNode; tPatternPrimaryNode* prevPrimaryPatternNode = nullptr; tPatternPrimaryNode* primaryNode = nullptr; - const tMlmpPattern* patterns = inputPatternList; + const tMlmpPattern* patterns; uint32_t partTotal = 0; uint32_t i; diff --git a/src/network_inspectors/appid/detector_plugins/test/detector_plugins_mock.h b/src/network_inspectors/appid/detector_plugins/test/detector_plugins_mock.h index 3ee0f460a..0c3bb6f17 100644 --- a/src/network_inspectors/appid/detector_plugins/test/detector_plugins_mock.h +++ b/src/network_inspectors/appid/detector_plugins/test/detector_plugins_mock.h @@ -84,8 +84,7 @@ char* snort_strdup(const char* str) } void show_stats(PegCount*, const PegInfo*, unsigned, const char*) { } -void show_stats(PegCount*, const PegInfo*, IndexVec&, const char*) { } -void show_stats(PegCount*, const PegInfo*, IndexVec&, const char*, FILE*) { } +void show_stats(PegCount*, const PegInfo*, const IndexVec&, const char*, FILE*) { } class AppIdInspector : public snort::Inspector { diff --git a/src/network_inspectors/appid/service_plugins/service_detector.cc b/src/network_inspectors/appid/service_plugins/service_detector.cc index d7c7266d3..4e25521ef 100644 --- a/src/network_inspectors/appid/service_plugins/service_detector.cc +++ b/src/network_inspectors/appid/service_plugins/service_detector.cc @@ -176,7 +176,7 @@ int ServiceDetector::fail_service(AppIdSession& asd, const Packet* pkt, AppidSes return static_cast(handler)->fail_service(asd, pkt, dir, this); } -void ServiceDetector::initialize_expected_session(AppIdSession& parent, AppIdSession& expected, +void ServiceDetector::initialize_expected_session(const AppIdSession& parent, AppIdSession& expected, uint64_t flags, AppidSessionDirection dir) { if (dir == APP_ID_FROM_INITIATOR) diff --git a/src/network_inspectors/appid/service_plugins/service_detector.h b/src/network_inspectors/appid/service_plugins/service_detector.h index 24490622e..47eef7fad 100644 --- a/src/network_inspectors/appid/service_plugins/service_detector.h +++ b/src/network_inspectors/appid/service_plugins/service_detector.h @@ -59,7 +59,7 @@ public: asd.misc_app_id = miscId; } - void initialize_expected_session(AppIdSession&, AppIdSession&, uint64_t flags, AppidSessionDirection dir); + void initialize_expected_session(const AppIdSession&, AppIdSession&, uint64_t flags, AppidSessionDirection dir); private: int update_service_data(AppIdSession&, const snort::Packet*, AppidSessionDirection dir, AppId, diff --git a/src/network_inspectors/appid/test/appid_http_event_test.cc b/src/network_inspectors/appid/test/appid_http_event_test.cc index 171d44a04..e6d1fa539 100644 --- a/src/network_inspectors/appid/test/appid_http_event_test.cc +++ b/src/network_inspectors/appid/test/appid_http_event_test.cc @@ -175,7 +175,7 @@ bool HttpEvent::contains_webdav_method() Flow* flow = nullptr; AppIdSession* mock_session = nullptr; -AppIdSession* AppIdApi::get_appid_session(Flow&) +AppIdSession* AppIdApi::get_appid_session(const Flow&) { mock().actualCall("get_appid_session"); return mock_session; diff --git a/src/network_inspectors/appid/tp_appid_utils.cc b/src/network_inspectors/appid/tp_appid_utils.cc index 4914a7880..d2e97068b 100644 --- a/src/network_inspectors/appid/tp_appid_utils.cc +++ b/src/network_inspectors/appid/tp_appid_utils.cc @@ -558,7 +558,7 @@ static inline void process_ftp_control(AppIdSession& asd, } static inline void process_third_party_results(AppIdSession& asd, int confidence, - vector& proto_list, ThirdPartyAppIDAttributeData& attribute_data, + const vector& proto_list, ThirdPartyAppIDAttributeData& attribute_data, AppidChangeBits& change_bits) { if ( asd.payload.get_id() == APP_ID_NONE and contains(proto_list, APP_ID_EXCHANGE) ) diff --git a/src/network_inspectors/arp_spoof/arp_spoof.cc b/src/network_inspectors/arp_spoof/arp_spoof.cc index 053e5b752..ecf8b2815 100644 --- a/src/network_inspectors/arp_spoof/arp_spoof.cc +++ b/src/network_inspectors/arp_spoof/arp_spoof.cc @@ -93,8 +93,7 @@ THREAD_LOCAL ProfileStats arpPerfStats; // implementation stuff //------------------------------------------------------------------------- -static IPMacEntry* LookupIPMacEntryByIP( - IPMacEntryList& ipmel, uint32_t ipv4_addr) +static const IPMacEntry* LookupIPMacEntryByIP(const IPMacEntryList& ipmel, uint32_t ipv4_addr) { for ( auto& p : ipmel ) { @@ -222,7 +221,7 @@ void ArpSpoof::eval(Packet* p) if (!config->check_overwrite) return; - IPMacEntry* ipme = LookupIPMacEntryByIP(config->ipmel, ah->arp_spa32); + const IPMacEntry* ipme = LookupIPMacEntryByIP(config->ipmel, ah->arp_spa32); if ( ipme ) { auto cmp_ether_src = memcmp(src_mac_addr, ipme->mac_addr, 6); diff --git a/src/network_inspectors/packet_tracer/packet_tracer.h b/src/network_inspectors/packet_tracer/packet_tracer.h index df8bdbdf9..a5247a40e 100644 --- a/src/network_inspectors/packet_tracer/packet_tracer.h +++ b/src/network_inspectors/packet_tracer/packet_tracer.h @@ -46,15 +46,15 @@ struct PTSessionConstraints uint16_t dport; IpProtocol protocol = IpProtocol::PROTO_NOT_SET; - bool proto_match(IpProtocol& proto) + bool proto_match(const IpProtocol& proto) const { return (protocol == IpProtocol::PROTO_NOT_SET or protocol == proto); } - bool port_match(uint16_t p1, uint16_t p2) + bool port_match(uint16_t p1, uint16_t p2) const { return (!sport or sport == p1) and (!dport or dport == p2); } - bool ip_match(const uint32_t* ip1, const uint32_t* ip2) + bool ip_match(const uint32_t* ip1, const uint32_t* ip2) const { return ((!sip_flag or !memcmp(sip.get_ip6_ptr(), ip1, sizeof(snort::ip::snort_in6_addr))) and diff --git a/src/packet_io/trough.cc b/src/packet_io/trough.cc index 9db030b79..41f065aa1 100644 --- a/src/packet_io/trough.cc +++ b/src/packet_io/trough.cc @@ -165,7 +165,7 @@ bool Trough::add_pcaps_list(const std::string& list) return true; } -bool Trough::get_pcaps(std::vector &pol) +bool Trough::get_pcaps(const std::vector &pol) { for (const PcapReadObject &pro : pol) { diff --git a/src/packet_io/trough.h b/src/packet_io/trough.h index c25abf7b7..2c72f4171 100644 --- a/src/packet_io/trough.h +++ b/src/packet_io/trough.h @@ -68,7 +68,7 @@ private: static bool add_pcaps_dir(const std::string& dirname, const std::string& filter); static bool add_pcaps_list_file(const std::string& list_filename, const std::string& filter); static bool add_pcaps_list(const std::string& list); - static bool get_pcaps(std::vector &pol); + static bool get_pcaps(const std::vector &pol); static std::vector pcap_object_list; static std::vector pcap_queue; diff --git a/src/piglet/piglet_runner.cc b/src/piglet/piglet_runner.cc index 34241dd69..54c3aff97 100644 --- a/src/piglet/piglet_runner.cc +++ b/src/piglet/piglet_runner.cc @@ -46,7 +46,7 @@ static inline bool load_chunk(lua_State* L, const Chunk& chunk) L, chunk.buffer.c_str(), chunk.buffer.size(), chunk.filename.c_str()); } -static bool setup_globals(lua_State* L, Test& t) +static bool setup_globals(lua_State* L, const Test& t) { // Add script_dir env var Lua::set_script_dir(L, SCRIPT_DIR_VARNAME, t.chunk->filename); diff --git a/src/search_engines/bnfa_search.cc b/src/search_engines/bnfa_search.cc index 7528d447b..34791135a 100644 --- a/src/search_engines/bnfa_search.cc +++ b/src/search_engines/bnfa_search.cc @@ -1184,8 +1184,6 @@ bnfa_struct_t* bnfaNew(const MpseAgent* agent) { int bnfa_memory=0; bnfa_struct_t* p = (bnfa_struct_t*)BNFA_MALLOC(sizeof(bnfa_struct_t),bnfa_memory); - if (!p) - return nullptr; if ( p ) { diff --git a/src/service_inspectors/dce_rpc/dce_smb.cc b/src/service_inspectors/dce_rpc/dce_smb.cc index d1202b602..41ed77648 100644 --- a/src/service_inspectors/dce_rpc/dce_smb.cc +++ b/src/service_inspectors/dce_rpc/dce_smb.cc @@ -317,7 +317,7 @@ const char* get_smb_com_string(uint8_t b) class Dce2Smb : public snort::Inspector { public: - Dce2Smb(dce2SmbProtoConf&); + Dce2Smb(const dce2SmbProtoConf&); ~Dce2Smb() override; void show(snort::SnortConfig*) override; @@ -332,7 +332,7 @@ private: dce2SmbProtoConf config; }; -Dce2Smb::Dce2Smb(dce2SmbProtoConf& pc) +Dce2Smb::Dce2Smb(const dce2SmbProtoConf& pc) { config = pc; if ((config.smb_file_inspection == DCE2_SMB_FILE_INSPECTION_ONLY) diff --git a/src/service_inspectors/dce_rpc/dce_tcp.cc b/src/service_inspectors/dce_rpc/dce_tcp.cc index 369f33691..388648f8a 100644 --- a/src/service_inspectors/dce_rpc/dce_tcp.cc +++ b/src/service_inspectors/dce_rpc/dce_tcp.cc @@ -108,7 +108,7 @@ static DCE2_TcpSsnData* dce2_handle_tcp_session(Packet* p, dce2TcpProtoConf* con class Dce2Tcp : public Inspector { public: - Dce2Tcp(dce2TcpProtoConf&); + Dce2Tcp(const dce2TcpProtoConf&); void show(SnortConfig*) override; void eval(Packet*) override; @@ -122,7 +122,7 @@ private: dce2TcpProtoConf config; }; -Dce2Tcp::Dce2Tcp(dce2TcpProtoConf& pc) +Dce2Tcp::Dce2Tcp(const dce2TcpProtoConf& pc) { config = pc; } diff --git a/src/service_inspectors/dce_rpc/dce_udp.cc b/src/service_inspectors/dce_rpc/dce_udp.cc index 4aa322954..2e836f840 100644 --- a/src/service_inspectors/dce_rpc/dce_udp.cc +++ b/src/service_inspectors/dce_rpc/dce_udp.cc @@ -108,7 +108,7 @@ static DCE2_UdpSsnData* dce2_handle_udp_session(Packet* p, dce2UdpProtoConf* con class Dce2Udp : public Inspector { public: - Dce2Udp(dce2UdpProtoConf&); + Dce2Udp(const dce2UdpProtoConf&); void show(SnortConfig*) override; void eval(Packet*) override; void clear(Packet*) override; @@ -117,7 +117,7 @@ private: dce2UdpProtoConf config; }; -Dce2Udp::Dce2Udp(dce2UdpProtoConf& pc) +Dce2Udp::Dce2Udp(const dce2UdpProtoConf& pc) { config = pc; } diff --git a/src/service_inspectors/dce_rpc/ips_dce_opnum.cc b/src/service_inspectors/dce_rpc/ips_dce_opnum.cc index 5faa20c80..6d0f211f7 100644 --- a/src/service_inspectors/dce_rpc/ips_dce_opnum.cc +++ b/src/service_inspectors/dce_rpc/ips_dce_opnum.cc @@ -342,7 +342,7 @@ static DCE2_Ret DCE2_OpnumParse(char* args, DCE2_Opnum* opnum) class Dce2OpnumOption : public IpsOption { public: - Dce2OpnumOption(DCE2_Opnum& src_opnum) : IpsOption(s_name) + Dce2OpnumOption(const DCE2_Opnum& src_opnum) : IpsOption(s_name) { opnum = src_opnum; } uint32_t hash() const override; bool operator==(const IpsOption&) const override; diff --git a/src/service_inspectors/dnp3/dnp3.cc b/src/service_inspectors/dnp3/dnp3.cc index deb8584da..f3e3cd48d 100644 --- a/src/service_inspectors/dnp3/dnp3.cc +++ b/src/service_inspectors/dnp3/dnp3.cc @@ -106,7 +106,7 @@ static void dnp3_reset_alt_buffer(const Packet* p) } } -static bool dnp3_process_udp(dnp3ProtoConf& config, dnp3_session_data_t* dnp3_sess, Packet* p) +static bool dnp3_process_udp(const dnp3ProtoConf& config, dnp3_session_data_t* dnp3_sess, Packet* p) { /* Possibly multiple PDUs in this UDP payload. Split up and process individually. */ @@ -161,7 +161,7 @@ static bool dnp3_process_udp(dnp3ProtoConf& config, dnp3_session_data_t* dnp3_se /* Main runtime entry point */ -static void process_dnp3(dnp3ProtoConf& config, Packet* p) +static void process_dnp3(const dnp3ProtoConf& config, Packet* p) { if ( p->has_tcp_data() && !p->is_full_pdu() ) { @@ -216,7 +216,7 @@ static void process_dnp3(dnp3ProtoConf& config, Packet* p) class Dnp3 : public Inspector { public: - Dnp3(dnp3ProtoConf&); + Dnp3(const dnp3ProtoConf&); void show(SnortConfig*) override; void eval(Packet*) override; @@ -232,7 +232,7 @@ private: dnp3ProtoConf config; }; -Dnp3::Dnp3(dnp3ProtoConf& pc) +Dnp3::Dnp3(const dnp3ProtoConf& pc) { config.check_crc = pc.check_crc; } diff --git a/src/service_inspectors/dnp3/dnp3_map.cc b/src/service_inspectors/dnp3/dnp3_map.cc index 83a93dda2..7c50190a7 100644 --- a/src/service_inspectors/dnp3/dnp3_map.cc +++ b/src/service_inspectors/dnp3/dnp3_map.cc @@ -103,25 +103,22 @@ static dnp3_map_t indication_map[] = bool dnp3_func_is_defined(uint16_t code) { size_t num_funcs = sizeof(func_map) / sizeof(func_map[0]); - size_t i; - int func_is_defined = false; /* Check to see if code is higher than all codes in func map */ - if (code > func_map[num_funcs-1].value) - return func_is_defined; + if (code > func_map[num_funcs - 1].value) + return false; - for (i = 0; i < num_funcs-1; i++) + for (size_t i = 0; i < num_funcs - 1; i++) { /* This short-circuit check assumes that the function map remains in-order. */ - if (code <= func_map[i].value) + if (code < func_map[i].value) break; + if (code == func_map[i].value) + return true; } - if (code == func_map[i].value) - func_is_defined = true; - - return func_is_defined; + return false; } int dnp3_func_str_to_code(const char* name) diff --git a/src/service_inspectors/dnp3/dnp3_module.cc b/src/service_inspectors/dnp3/dnp3_module.cc index 3fb2324cb..754c6eec3 100644 --- a/src/service_inspectors/dnp3/dnp3_module.cc +++ b/src/service_inspectors/dnp3/dnp3_module.cc @@ -102,7 +102,7 @@ void Dnp3Module::get_data(dnp3ProtoConf& dnp3_config) dnp3_config.check_crc = config.check_crc; } -void print_dnp3_conf(dnp3ProtoConf& config) +void print_dnp3_conf(const dnp3ProtoConf& config) { LogMessage("DNP3 config: \n"); LogMessage(" Check CRC: %s\n", diff --git a/src/service_inspectors/dnp3/dnp3_module.h b/src/service_inspectors/dnp3/dnp3_module.h index a4ce910cf..120e49bdd 100644 --- a/src/service_inspectors/dnp3/dnp3_module.h +++ b/src/service_inspectors/dnp3/dnp3_module.h @@ -58,7 +58,7 @@ private: dnp3ProtoConf config; }; -void print_dnp3_conf(dnp3ProtoConf& config); +void print_dnp3_conf(const dnp3ProtoConf& config); #endif diff --git a/src/service_inspectors/dnp3/dnp3_reassembly.cc b/src/service_inspectors/dnp3/dnp3_reassembly.cc index 725e935b8..368b050c1 100644 --- a/src/service_inspectors/dnp3/dnp3_reassembly.cc +++ b/src/service_inspectors/dnp3/dnp3_reassembly.cc @@ -282,7 +282,7 @@ static bool dnp3_check_crc(const unsigned char* buf, uint16_t buflen) } /* Check CRCs in a Link-Layer Frame, then fill a buffer containing just the user data */ -static bool dnp3_check_remove_crc(dnp3ProtoConf& config, const uint8_t* pdu_start, +static bool dnp3_check_remove_crc(const dnp3ProtoConf& config, const uint8_t* pdu_start, uint16_t pdu_length, char* buf, uint16_t* buflen) { const char* cursor; @@ -354,7 +354,7 @@ static bool dnp3_check_reserved_addrs(const dnp3_link_header_t* link) } /* Main DNP3 Reassembly function. */ -bool dnp3_full_reassembly(dnp3ProtoConf& config, dnp3_session_data_t* session, Packet* packet, +bool dnp3_full_reassembly(const dnp3ProtoConf& config, dnp3_session_data_t* session, Packet* packet, const uint8_t* pdu_start, uint16_t pdu_length) { char buf[DNP3_TPDU_MAX]; diff --git a/src/service_inspectors/dnp3/dnp3_reassembly.h b/src/service_inspectors/dnp3/dnp3_reassembly.h index e043745a6..17b799bb7 100644 --- a/src/service_inspectors/dnp3/dnp3_reassembly.h +++ b/src/service_inspectors/dnp3/dnp3_reassembly.h @@ -25,7 +25,7 @@ #include "dnp3_module.h" #include "dnp3.h" -bool dnp3_full_reassembly(dnp3ProtoConf& config, dnp3_session_data_t* session, snort::Packet* p, +bool dnp3_full_reassembly(const dnp3ProtoConf& config, dnp3_session_data_t* session, snort::Packet* p, const uint8_t* pdu_start, uint16_t pdu_length); void dnp3_reassembly_reset(dnp3_reassembly_data_t* rdata); diff --git a/src/service_inspectors/ftp_telnet/ftp_module.cc b/src/service_inspectors/ftp_telnet/ftp_module.cc index f900133b8..b18ff4593 100644 --- a/src/service_inspectors/ftp_telnet/ftp_module.cc +++ b/src/service_inspectors/ftp_telnet/ftp_module.cc @@ -124,7 +124,7 @@ bool FtpClientModule::set(const char*, Value& v, SnortConfig*) return true; } -BounceTo::BounceTo(string& a, Port l, Port h) +BounceTo::BounceTo(const string& a, Port l, Port h) { address = a; low = l; @@ -190,14 +190,14 @@ bool FtpClientModule::end(const char* fqn, int idx, SnortConfig*) // server stuff //------------------------------------------------------------------------- -FtpCmd::FtpCmd(std::string& key, uint32_t flg, int num) +FtpCmd::FtpCmd(const std::string& key, uint32_t flg, int num) { name = key; flags = flg; number = num; } -FtpCmd::FtpCmd(std::string& key, std::string& fmt, int num) +FtpCmd::FtpCmd(const std::string& key, const std::string& fmt, int num) { name = key; format = fmt; diff --git a/src/service_inspectors/ftp_telnet/ftp_module.h b/src/service_inspectors/ftp_telnet/ftp_module.h index 78cab4b09..c1f7099fd 100644 --- a/src/service_inspectors/ftp_telnet/ftp_module.h +++ b/src/service_inspectors/ftp_telnet/ftp_module.h @@ -51,7 +51,7 @@ struct BounceTo Port low; Port high; - BounceTo(std::string& address, Port lo, Port hi); + BounceTo(const std::string& address, Port lo, Port hi); }; class FtpClientModule : public snort::Module @@ -101,8 +101,8 @@ struct FtpCmd uint32_t flags; unsigned number; - FtpCmd(std::string&, uint32_t, int); - FtpCmd(std::string&, std::string&, int); + FtpCmd(const std::string&, uint32_t, int); + FtpCmd(const std::string&, const std::string&, int); }; class FtpServerModule : public snort::Module diff --git a/src/service_inspectors/ftp_telnet/pp_ftp.cc b/src/service_inspectors/ftp_telnet/pp_ftp.cc index 4a21d77ff..762ebcf43 100644 --- a/src/service_inspectors/ftp_telnet/pp_ftp.cc +++ b/src/service_inspectors/ftp_telnet/pp_ftp.cc @@ -1310,7 +1310,7 @@ int check_ftp(FTP_SESSION* ftpssn, Packet* p, int iMode) const unsigned char* end = p->data + p->dsize; - DataBuffer& buf = DetectionEngine::get_alt_buffer(p); + const DataBuffer& buf = DetectionEngine::get_alt_buffer(p); if ( buf.len ) end = buf.data + buf.len; diff --git a/src/service_inspectors/ftp_telnet/pp_telnet.cc b/src/service_inspectors/ftp_telnet/pp_telnet.cc index bea408517..ba5ea68f8 100644 --- a/src/service_inspectors/ftp_telnet/pp_telnet.cc +++ b/src/service_inspectors/ftp_telnet/pp_telnet.cc @@ -74,7 +74,7 @@ void reset_telnet_buffer(Packet* p) const uint8_t* get_telnet_buffer(Packet* p, unsigned& len) { - DataBuffer& buf = DetectionEngine::get_alt_buffer(p); + const DataBuffer& buf = DetectionEngine::get_alt_buffer(p); len = buf.len; return len ? buf.data : nullptr; } diff --git a/src/service_inspectors/gtp/ips_gtp_info.cc b/src/service_inspectors/gtp/ips_gtp_info.cc index 20481122a..60b6cae93 100644 --- a/src/service_inspectors/gtp/ips_gtp_info.cc +++ b/src/service_inspectors/gtp/ips_gtp_info.cc @@ -109,7 +109,7 @@ IpsOption::EvalStatus GtpInfoOption::eval(Cursor& c, Packet* p) if ( !gfd or !gfd->ropts.gtp_infoElements ) return NO_MATCH; - GTP_Roptions& ropts = gfd->ropts; + const GTP_Roptions& ropts = gfd->ropts; // match the status code uint8_t ieType = types[ropts.gtp_version]; diff --git a/src/service_inspectors/http2_inspect/test/http2_flow_data_test.h b/src/service_inspectors/http2_inspect/test/http2_flow_data_test.h index b971fda3a..443e8ff65 100644 --- a/src/service_inspectors/http2_inspect/test/http2_flow_data_test.h +++ b/src/service_inspectors/http2_inspect/test/http2_flow_data_test.h @@ -31,8 +31,7 @@ snort::FlowData::FlowData(unsigned u, Inspector* ph) : next(nullptr), prev(nullp snort::FlowData::~FlowData() = default; unsigned snort::FlowData::flow_data_id = 0; void show_stats(PegCount*, const PegInfo*, unsigned, const char*) { } -void show_stats(PegCount*, const PegInfo*, IndexVec&, const char*, FILE*) { } -void show_stats(SimpleStats*, const char*) { } +void show_stats(PegCount*, const PegInfo*, const IndexVec&, const char*, FILE*) { } class Http2FlowDataTest : public Http2FlowData { diff --git a/src/service_inspectors/http_inspect/http_msg_body.cc b/src/service_inspectors/http_inspect/http_msg_body.cc index 187d58cde..18edcb2e9 100644 --- a/src/service_inspectors/http_inspect/http_msg_body.cc +++ b/src/service_inspectors/http_inspect/http_msg_body.cc @@ -198,7 +198,7 @@ void HttpMsgBody::do_js_normalization(const Field& input, Field& output) transaction->get_infractions(source_id), transaction->get_events(source_id)); } -void HttpMsgBody::do_file_processing(Field& file_data) +void HttpMsgBody::do_file_processing(const Field& file_data) { // Using the trick that cutter is deleted when regular or chunked body is complete Packet* p = DetectionEngine::get_current_packet(); diff --git a/src/service_inspectors/http_inspect/http_msg_body.h b/src/service_inspectors/http_inspect/http_msg_body.h index 3bde7ca33..9074a979c 100644 --- a/src/service_inspectors/http_inspect/http_msg_body.h +++ b/src/service_inspectors/http_inspect/http_msg_body.h @@ -54,7 +54,7 @@ protected: #endif private: - void do_file_processing(Field& file_data); + void do_file_processing(const Field& file_data); void do_utf_decoding(const Field& input, Field& output); void do_file_decompression(const Field& input, Field& output); void do_js_normalization(const Field& input, Field& output); diff --git a/src/service_inspectors/http_inspect/http_msg_section.cc b/src/service_inspectors/http_inspect/http_msg_section.cc index daf50069c..b6fbaba6a 100644 --- a/src/service_inspectors/http_inspect/http_msg_section.cc +++ b/src/service_inspectors/http_inspect/http_msg_section.cc @@ -69,8 +69,8 @@ void HttpMsgSection::create_event(int sid) void HttpMsgSection::update_depth() const { - int64_t& file_depth_remaining = session_data->file_depth_remaining[source_id]; - int64_t& detect_depth_remaining = session_data->detect_depth_remaining[source_id]; + const int64_t& file_depth_remaining = session_data->file_depth_remaining[source_id]; + const int64_t& detect_depth_remaining = session_data->detect_depth_remaining[source_id]; if ((detect_depth_remaining <= 0) && (session_data->detection_status[source_id] == DET_ON)) diff --git a/src/service_inspectors/http_inspect/http_stream_splitter_reassemble.cc b/src/service_inspectors/http_inspect/http_stream_splitter_reassemble.cc index 8cc051862..6a3d13fdd 100644 --- a/src/service_inspectors/http_inspect/http_stream_splitter_reassemble.cc +++ b/src/service_inspectors/http_inspect/http_stream_splitter_reassemble.cc @@ -35,7 +35,7 @@ void HttpStreamSplitter::chunk_spray(HttpFlowData* session_data, uint8_t* buffer { ChunkState& curr_state = session_data->chunk_state[source_id]; uint32_t& expected = session_data->chunk_expected_length[source_id]; - bool& is_broken_chunk = session_data->is_broken_chunk[source_id]; + const bool& is_broken_chunk = session_data->is_broken_chunk[source_id]; uint32_t& num_good_chunks = session_data->num_good_chunks[source_id]; if (is_broken_chunk && (num_good_chunks == 0)) diff --git a/src/service_inspectors/http_inspect/http_uri.cc b/src/service_inspectors/http_inspect/http_uri.cc index 9959c21e7..1355a9023 100644 --- a/src/service_inspectors/http_inspect/http_uri.cc +++ b/src/service_inspectors/http_inspect/http_uri.cc @@ -147,7 +147,7 @@ void HttpUri::parse_abs_path() } } -void HttpUri::check_oversize_dir(Field& uri_field) +void HttpUri::check_oversize_dir(const Field& uri_field) { const uint8_t* last_dir = nullptr; const uint8_t* cur; diff --git a/src/service_inspectors/http_inspect/http_uri.h b/src/service_inspectors/http_inspect/http_uri.h index 2834baa40..f40e8d41c 100644 --- a/src/service_inspectors/http_inspect/http_uri.h +++ b/src/service_inspectors/http_inspect/http_uri.h @@ -86,7 +86,7 @@ private: void parse_authority(); void parse_abs_path(); - void check_oversize_dir(Field&); + void check_oversize_dir(const Field&); }; #endif diff --git a/src/service_inspectors/http_inspect/test/http_module_test.cc b/src/service_inspectors/http_inspect/test/http_module_test.cc index 11fcd9dd6..191602445 100644 --- a/src/service_inspectors/http_inspect/test/http_module_test.cc +++ b/src/service_inspectors/http_inspect/test/http_module_test.cc @@ -48,8 +48,7 @@ int DetectionEngine::queue_event(unsigned int, unsigned int, Actions::Type) { re } void show_stats(PegCount*, const PegInfo*, unsigned, const char*) { } -void show_stats(PegCount*, const PegInfo*, IndexVec&, const char*, FILE*) { } -void show_stats(SimpleStats*, const char*) { } +void show_stats(PegCount*, const PegInfo*, const IndexVec&, const char*, FILE*) { } int32_t str_to_code(const uint8_t*, const int32_t, const StrCode []) { return 0; } int32_t substr_to_code(const uint8_t*, const int32_t, const StrCode []) { return 0; } diff --git a/src/service_inspectors/http_inspect/test/http_uri_norm_test.cc b/src/service_inspectors/http_inspect/test/http_uri_norm_test.cc index acdb5cc88..bce1064cc 100644 --- a/src/service_inspectors/http_inspect/test/http_uri_norm_test.cc +++ b/src/service_inspectors/http_inspect/test/http_uri_norm_test.cc @@ -43,8 +43,7 @@ int DetectionEngine::queue_event(unsigned int, unsigned int, Actions::Type) { re } void show_stats(PegCount*, const PegInfo*, unsigned, const char*) { } -void show_stats( PegCount*, const PegInfo*, IndexVec&, const char*, FILE*) { } -void show_stats(SimpleStats*, const char*) { } +void show_stats(PegCount*, const PegInfo*, const IndexVec&, const char*, FILE*) { } HttpJsNorm::HttpJsNorm(int, const HttpParaList::UriParam& uri_param_) : max_javascript_whitespaces(0), uri_param(uri_param_), javascript_search_mpse(nullptr), diff --git a/src/service_inspectors/rpc_decode/rpc_decode.cc b/src/service_inspectors/rpc_decode/rpc_decode.cc index 37869c073..80bf8ce5a 100644 --- a/src/service_inspectors/rpc_decode/rpc_decode.cc +++ b/src/service_inspectors/rpc_decode/rpc_decode.cc @@ -881,7 +881,7 @@ bool RpcDecode::get_buf(InspectionBuffer::Type ibt, Packet* p, InspectionBuffer& if ( ibt != InspectionBuffer::IBT_ALT ) return false; - DataBuffer& buf = DetectionEngine::get_alt_buffer(p); + const DataBuffer& buf = DetectionEngine::get_alt_buffer(p); b.len = buf.len; b.data = (b.len > 0) ? buf.data : nullptr; diff --git a/src/service_inspectors/smtp/smtp.cc b/src/service_inspectors/smtp/smtp.cc index 8af8455fc..ff189989f 100644 --- a/src/service_inspectors/smtp/smtp.cc +++ b/src/service_inspectors/smtp/smtp.cc @@ -604,8 +604,6 @@ static bool SMTP_IsAuthCtxIgnored(const uint8_t* start, int length) static bool SMTP_IsAuthChanged(SMTPData* smtp_ssn, const uint8_t* start_ptr, const uint8_t* end_ptr) { - int length; - bool auth_changed = false; const uint8_t* start = start_ptr; const uint8_t* end = end_ptr; @@ -615,17 +613,18 @@ static bool SMTP_IsAuthChanged(SMTPData* smtp_ssn, const uint8_t* start_ptr, con end--; if (start >= end) - return auth_changed; + return false; - length = end - start; + int length = end - start; if (length > MAX_AUTH_NAME_LEN) - return auth_changed; + return false; if (SMTP_IsAuthCtxIgnored(start, length)) - return auth_changed; + return false; /* if authentication mechanism is set, compare it with current one*/ + bool auth_changed = false; if (smtp_ssn->auth_name) { if (smtp_ssn->auth_name->length != length) diff --git a/src/service_inspectors/smtp/smtp_module.cc b/src/service_inspectors/smtp/smtp_module.cc index 444de65fb..a7eb4ba60 100644 --- a/src/service_inspectors/smtp/smtp_module.cc +++ b/src/service_inspectors/smtp/smtp_module.cc @@ -30,14 +30,14 @@ using namespace snort; using namespace std; -SmtpCmd::SmtpCmd(std::string& key, uint32_t flg, int num) +SmtpCmd::SmtpCmd(const std::string& key, uint32_t flg, int num) { name = key; flags = flg; number = num; } -SmtpCmd::SmtpCmd(std::string& key, int num) +SmtpCmd::SmtpCmd(const std::string& key, int num) { name = key; diff --git a/src/service_inspectors/smtp/smtp_module.h b/src/service_inspectors/smtp/smtp_module.h index 303e911d9..dda33d2e8 100644 --- a/src/service_inspectors/smtp/smtp_module.h +++ b/src/service_inspectors/smtp/smtp_module.h @@ -71,8 +71,8 @@ struct SmtpCmd uint32_t flags; unsigned number; - SmtpCmd(std::string&, uint32_t, int); - SmtpCmd(std::string&, int); + SmtpCmd(const std::string&, uint32_t, int); + SmtpCmd(const std::string&, int); }; class SmtpModule : public snort::Module diff --git a/src/service_inspectors/smtp/smtp_util.cc b/src/service_inspectors/smtp/smtp_util.cc index 086a5d65a..f35a555be 100644 --- a/src/service_inspectors/smtp/smtp_util.cc +++ b/src/service_inspectors/smtp/smtp_util.cc @@ -77,7 +77,7 @@ void SMTP_ResetAltBuffer(Packet* p) const uint8_t* SMTP_GetAltBuffer(Packet* p, unsigned& len) { - DataBuffer& buf = DetectionEngine::get_alt_buffer(p); + const DataBuffer& buf = DetectionEngine::get_alt_buffer(p); len = buf.len; return len ? buf.data : nullptr; } diff --git a/src/service_inspectors/wizard/wizard.cc b/src/service_inspectors/wizard/wizard.cc index 2465d7c5c..6039be1a1 100644 --- a/src/service_inspectors/wizard/wizard.cc +++ b/src/service_inspectors/wizard/wizard.cc @@ -128,7 +128,7 @@ public: bool finished(Wand&); bool cast_spell(Wand&, Flow*, const uint8_t*, unsigned); bool spellbind(const MagicPage*&, Flow*, const uint8_t*, unsigned); - bool cursebind(vector&, Flow*, const uint8_t*, unsigned); + bool cursebind(const vector&, Flow*, const uint8_t*, unsigned); public: MagicBook* c2s_hexes; @@ -264,7 +264,7 @@ bool Wizard::spellbind( return ( f->service != nullptr ); } -bool Wizard::cursebind(vector& curse_tracker, Flow* f, +bool Wizard::cursebind(const vector& curse_tracker, Flow* f, const uint8_t* data, unsigned len) { for (const CurseServiceTracker& cst : curse_tracker) diff --git a/src/side_channel/test/side_channel_module_test.cc b/src/side_channel/test/side_channel_module_test.cc index 54161e373..da48aa9a2 100644 --- a/src/side_channel/test/side_channel_module_test.cc +++ b/src/side_channel/test/side_channel_module_test.cc @@ -57,8 +57,7 @@ void SideChannelManager::instantiate(const SCConnectors*, const PortBitSet* port } void show_stats(PegCount*, const PegInfo*, unsigned, const char*) { } -void show_stats(PegCount*, const PegInfo*, IndexVec&, const char*) { } -void show_stats(PegCount*, const PegInfo*, IndexVec&, const char*, FILE*) { } +void show_stats(PegCount*, const PegInfo*, const IndexVec&, const char*, FILE*) { } namespace snort { diff --git a/src/stream/libtcp/tcp_stream_tracker.cc b/src/stream/libtcp/tcp_stream_tracker.cc index 548a2d335..8e852b37e 100644 --- a/src/stream/libtcp/tcp_stream_tracker.cc +++ b/src/stream/libtcp/tcp_stream_tracker.cc @@ -64,7 +64,7 @@ TcpStreamTracker::TcpStreamTracker(bool client) : TcpStreamTracker::~TcpStreamTracker() { delete splitter; } -TcpStreamTracker::TcpEvent TcpStreamTracker::set_tcp_event(TcpSegmentDescriptor& tsd) +TcpStreamTracker::TcpEvent TcpStreamTracker::set_tcp_event(const TcpSegmentDescriptor& tsd) { bool talker; const tcp::TCPHdr* tcph = tsd.get_tcph(); @@ -159,7 +159,7 @@ bool TcpStreamTracker::compare_mac_addresses(const uint8_t eth_addr[]) return true; } -void TcpStreamTracker::cache_mac_address(TcpSegmentDescriptor& tsd, uint8_t direction) +void TcpStreamTracker::cache_mac_address(const TcpSegmentDescriptor& tsd, uint8_t direction) { /* Not Ethernet based, nothing to do */ if ( tsd.get_pkt()->is_eth() ) diff --git a/src/stream/libtcp/tcp_stream_tracker.h b/src/stream/libtcp/tcp_stream_tracker.h index f9db25f46..50104c608 100644 --- a/src/stream/libtcp/tcp_stream_tracker.h +++ b/src/stream/libtcp/tcp_stream_tracker.h @@ -112,7 +112,7 @@ public: TcpEvent get_tcp_event() const { return tcp_event; } - TcpEvent set_tcp_event(TcpSegmentDescriptor&); + TcpEvent set_tcp_event(const TcpSegmentDescriptor&); void set_tcp_event(TcpEvent tcp_event) { this->tcp_event = tcp_event; } @@ -209,7 +209,7 @@ public: } // ack number must ack syn - bool is_rst_valid_in_syn_sent(TcpSegmentDescriptor& tsd) + bool is_rst_valid_in_syn_sent(const TcpSegmentDescriptor& tsd) const { return tsd.get_seg_ack() == snd_una; } uint32_t get_ts_last() const @@ -245,7 +245,7 @@ public: void set_tcp_options_len(uint8_t tcp_options_len) { this->tcp_options_len = tcp_options_len; } - void cache_mac_address(TcpSegmentDescriptor&, uint8_t direction); + void cache_mac_address(const TcpSegmentDescriptor&, uint8_t direction); bool compare_mac_addresses(const uint8_t eth_addr[]); bool is_rst_pkt_sent() const diff --git a/src/stream/paf.cc b/src/stream/paf.cc index 455f98a21..203561e70 100644 --- a/src/stream/paf.cc +++ b/src/stream/paf.cc @@ -61,7 +61,7 @@ THREAD_LOCAL snort::ProfileStats pafPerfStats; //-------------------------------------------------------------------- -static uint32_t paf_flush (PAF_State* ps, PafAux& px, uint32_t* flags) +static uint32_t paf_flush (PAF_State* ps, const PafAux& px, uint32_t* flags) { uint32_t at = 0; *flags &= ~(PKT_PDU_HEAD | PKT_PDU_TAIL); diff --git a/src/stream/tcp/tcp_normalizers.cc b/src/stream/tcp/tcp_normalizers.cc index 4946eae9a..cf1946505 100644 --- a/src/stream/tcp/tcp_normalizers.cc +++ b/src/stream/tcp/tcp_normalizers.cc @@ -181,7 +181,7 @@ public: static inline int handle_repeated_syn_mswin( TcpStreamTracker* talker, TcpStreamTracker* listener, - TcpSegmentDescriptor& tsd, TcpStreamSession* session) + const TcpSegmentDescriptor& tsd, TcpStreamSession* session) { /* Windows has some strange behavior here. If the sequence of the reset is the * next expected sequence, it Resets. Otherwise it ignores the 2nd SYN. @@ -200,7 +200,7 @@ static inline int handle_repeated_syn_mswin( } static inline int handle_repeated_syn_bsd( - TcpStreamTracker* talker, TcpSegmentDescriptor& tsd, TcpStreamSession* session) + TcpStreamTracker* talker, const TcpSegmentDescriptor& tsd, TcpStreamSession* session) { /* If its not a retransmission of the actual SYN... RESET */ if (!SEQ_EQ(tsd.get_seg_seq(), talker->get_iss())) @@ -234,7 +234,7 @@ static inline bool paws_3whs_zero_ts_not_supported( // Older Linux ( <= 2.2 kernel ), Win32 (non 2K3) allow the 3whs to use a 0 timestamp. static inline bool paws_3whs_zero_ts_supported( - TcpStreamTracker* talker, TcpStreamTracker* listener, TcpSegmentDescriptor& tsd) + TcpStreamTracker* talker, TcpStreamTracker* listener, const TcpSegmentDescriptor& tsd) { bool check_ts = true; diff --git a/src/stream/tcp/tcp_reassembler.cc b/src/stream/tcp/tcp_reassembler.cc index b902eda18..77d3d198c 100644 --- a/src/stream/tcp/tcp_reassembler.cc +++ b/src/stream/tcp/tcp_reassembler.cc @@ -133,12 +133,12 @@ bool TcpReassembler::flush_data_ready(TcpReassemblerState& trs) return ( get_pending_segment_count(trs, 2) > 1 ); // FIXIT-L return false? } -bool TcpReassembler::next_no_gap(TcpSegmentNode& tsn) +bool TcpReassembler::next_no_gap(const TcpSegmentNode& tsn) { return tsn.next and (tsn.next->i_seq == tsn.i_seq + tsn.i_len); } -void TcpReassembler::update_next(TcpReassemblerState& trs, TcpSegmentNode& tsn) +void TcpReassembler::update_next(TcpReassemblerState& trs, const TcpSegmentNode& tsn) { trs.sos.seglist.cur_rseg = next_no_gap(tsn) ? tsn.next : nullptr; if ( trs.sos.seglist.cur_rseg ) @@ -190,7 +190,7 @@ void TcpReassembler::queue_reassembly_segment( } bool TcpReassembler::is_segment_fasttrack( - TcpReassemblerState&, TcpSegmentNode* tail, TcpSegmentDescriptor& tsd) + TcpReassemblerState&, TcpSegmentNode* tail, const TcpSegmentDescriptor& tsd) { if ( SEQ_EQ(tsd.get_seg_seq(), tail->i_seq + tail->i_len) ) return true; diff --git a/src/stream/tcp/tcp_reassembler.h b/src/stream/tcp/tcp_reassembler.h index 6bf9b60fb..3a10387da 100644 --- a/src/stream/tcp/tcp_reassembler.h +++ b/src/stream/tcp/tcp_reassembler.h @@ -61,7 +61,7 @@ protected: int trim_delete_reassembly_segment(TcpReassemblerState&, TcpSegmentNode*, uint32_t flush_seq); void queue_reassembly_segment(TcpReassemblerState&, TcpSegmentNode* prev, TcpSegmentNode*); void init_overlap_editor(TcpReassemblerState&, TcpSegmentDescriptor&); - bool is_segment_fasttrack(TcpReassemblerState&, TcpSegmentNode* tail, TcpSegmentDescriptor&); + bool is_segment_fasttrack(TcpReassemblerState&, TcpSegmentNode* tail, const TcpSegmentDescriptor&); void show_rebuilt_packet(TcpReassemblerState&, snort::Packet*); uint32_t get_flush_data_len( TcpReassemblerState&, TcpSegmentNode*, uint32_t to_seq, unsigned max); @@ -86,8 +86,8 @@ protected: int32_t flush_pdu_ackd(TcpReassemblerState&, uint32_t* flags, snort::Packet*); void purge_to_seq(TcpReassemblerState&, uint32_t flush_seq); - bool next_no_gap(TcpSegmentNode&); - void update_next(TcpReassemblerState&, TcpSegmentNode&); + bool next_no_gap(const TcpSegmentNode&); + void update_next(TcpReassemblerState&, const TcpSegmentNode&); }; #endif diff --git a/src/stream/tcp/tcp_segment_node.cc b/src/stream/tcp/tcp_segment_node.cc index ed1d3bed2..b67c22c6b 100644 --- a/src/stream/tcp/tcp_segment_node.cc +++ b/src/stream/tcp/tcp_segment_node.cc @@ -102,7 +102,7 @@ TcpSegmentNode* TcpSegmentNode::create( return tsn; } -TcpSegmentNode* TcpSegmentNode::init(TcpSegmentDescriptor& tsd) +TcpSegmentNode* TcpSegmentNode::init(const TcpSegmentDescriptor& tsd) { return create(tsd.get_pkt()->pkth->ts, tsd.get_pkt()->data, tsd.get_seg_len()); } diff --git a/src/stream/tcp/tcp_segment_node.h b/src/stream/tcp/tcp_segment_node.h index 885548d20..bb4b47337 100644 --- a/src/stream/tcp/tcp_segment_node.h +++ b/src/stream/tcp/tcp_segment_node.h @@ -41,7 +41,7 @@ private: static TcpSegmentNode* create(const struct timeval& tv, const uint8_t* segment, uint16_t len); public: - static TcpSegmentNode* init(TcpSegmentDescriptor&); + static TcpSegmentNode* init(const TcpSegmentDescriptor&); static TcpSegmentNode* init(TcpSegmentNode&); void term(); diff --git a/src/stream/tcp/tcp_session.cc b/src/stream/tcp/tcp_session.cc index ba46c5f01..bf02529cf 100644 --- a/src/stream/tcp/tcp_session.cc +++ b/src/stream/tcp/tcp_session.cc @@ -279,7 +279,7 @@ void TcpSession::update_perf_base_state(char newState) DataBus::publish(FLOW_STATE_EVENT, nullptr, flow); } -bool TcpSession::flow_exceeds_config_thresholds(TcpSegmentDescriptor& tsd) +bool TcpSession::flow_exceeds_config_thresholds(const TcpSegmentDescriptor& tsd) { if ( listener->flush_policy == STREAM_FLPOLICY_IGNORE ) { @@ -341,7 +341,7 @@ void TcpSession::process_tcp_stream(TcpSegmentDescriptor& tsd) } } -void TcpSession::update_stream_order(TcpSegmentDescriptor& tsd, bool aligned) +void TcpSession::update_stream_order(const TcpSegmentDescriptor& tsd, bool aligned) { switch ( listener->order ) { @@ -886,7 +886,7 @@ void TcpSession::set_extra_data(Packet* p, uint32_t xid) st.reassembler.set_xtradata_mask(st.reassembler.get_xtradata_mask() | BIT(xid)); } -static inline void set_window_scale(TcpStreamTracker& talker, TcpStreamTracker& listener, +static inline void set_window_scale(const TcpStreamTracker& talker, const TcpStreamTracker& listener, TcpSegmentDescriptor& tsd) { // scale the window. Only if BOTH client and server specified wscale option as part diff --git a/src/stream/tcp/tcp_session.h b/src/stream/tcp/tcp_session.h index ba247867b..56de3672c 100644 --- a/src/stream/tcp/tcp_session.h +++ b/src/stream/tcp/tcp_session.h @@ -71,8 +71,8 @@ public: private: void set_os_policy() override; - bool flow_exceeds_config_thresholds(TcpSegmentDescriptor&); - void update_stream_order(TcpSegmentDescriptor&, bool aligned); + bool flow_exceeds_config_thresholds(const TcpSegmentDescriptor&); + void update_stream_order(const TcpSegmentDescriptor&, bool aligned); void process_tcp_stream(TcpSegmentDescriptor&); int process_tcp_data(TcpSegmentDescriptor&); void swap_trackers(); diff --git a/src/stream/user/user_session.cc b/src/stream/user/user_session.cc index ce58802bc..8fc38a1f9 100644 --- a/src/stream/user/user_session.cc +++ b/src/stream/user/user_session.cc @@ -210,7 +210,6 @@ int UserTracker::scan(Packet* p, uint32_t& flags) void UserTracker::flush(Packet* p, unsigned flush_amt, uint32_t flags) { unsigned bytes_flushed = 0; - StreamBuffer sb = { nullptr, 0 }; trace_logf(stream_user, "flush[%d]\n", flush_amt); uint32_t rflags = flags & ~PKT_PDU_TAIL; Packet* up = DetectionEngine::set_next_packet(p); @@ -232,7 +231,7 @@ void UserTracker::flush(Packet* p, unsigned flush_amt, uint32_t flags) } trace_logf(stream_user, "reassemble[%d]\n", len); - sb = splitter->reassemble( + StreamBuffer sb = splitter->reassemble( p->flow, flush_amt, bytes_flushed, data, len, rflags, bytes_copied); bytes_flushed += bytes_copied; @@ -471,7 +470,7 @@ void UserSession::set_splitter(bool c2s, StreamSplitter* ss) StreamSplitter* UserSession::get_splitter(bool c2s) { - UserTracker& ut = c2s ? server : client; + const UserTracker& ut = c2s ? server : client; return ut.splitter; } diff --git a/src/time/packet_time.cc b/src/time/packet_time.cc index b6607d418..13e56bc4e 100644 --- a/src/time/packet_time.cc +++ b/src/time/packet_time.cc @@ -33,11 +33,11 @@ #include "config.h" #endif +#include "packet_time.h" + #include "main/thread.h" #include "time/timersub.h" -#include "packet_time.h" - static THREAD_LOCAL struct timeval s_recent_packet = { 0, 0 }; static THREAD_LOCAL uint32_t s_first_packet = 0; @@ -64,7 +64,7 @@ int64_t timersub_ms(const struct timeval* end, const struct timeval* start) void packet_time_update(const struct timeval* cur_tv) { - if (timercmp(cur_tv, &s_recent_packet, >)) + if (timercmp(&s_recent_packet, cur_tv, <)) { if ( !s_first_packet ) s_first_packet = cur_tv->tv_sec; diff --git a/src/utils/stats.cc b/src/utils/stats.cc index 5f8b0ca1d..5501bfaad 100644 --- a/src/utils/stats.cc +++ b/src/utils/stats.cc @@ -305,7 +305,7 @@ void show_stats( void show_stats( PegCount* pegs, const PegInfo* info, - IndexVec& peg_idxs, const char* module_name, FILE* fh) + const IndexVec& peg_idxs, const char* module_name, FILE* fh) { bool head = false; diff --git a/src/utils/stats.h b/src/utils/stats.h index 6d7895a93..8d70bfc87 100644 --- a/src/utils/stats.h +++ b/src/utils/stats.h @@ -115,7 +115,7 @@ SO_PUBLIC void LogStat(const char*, double, FILE* = stdout); void sum_stats(PegCount* sums, PegCount* counts, unsigned n); void show_stats(PegCount*, const PegInfo*, const char* module_name = nullptr); void show_stats(PegCount*, const PegInfo*, unsigned n, const char* module_name = nullptr); -void show_stats(PegCount*, const PegInfo*, IndexVec&, const char* module_name, FILE*); +void show_stats(PegCount*, const PegInfo*, const IndexVec&, const char* module_name, FILE*); void show_percent_stats(PegCount*, const char*[], unsigned n, const char* module_name = nullptr); void sum_stats(SimpleStats* sums, SimpleStats* counts); diff --git a/src/utils/util_ber.cc b/src/utils/util_ber.cc index 0c339e4c1..9b79157b8 100644 --- a/src/utils/util_ber.cc +++ b/src/utils/util_ber.cc @@ -165,7 +165,7 @@ bool BerReader::read(const uint8_t* c, BerElement& e) return true; } -bool BerReader::convert(BerElement& e, uint32_t& intval) +bool BerReader::convert(const BerElement& e, uint32_t& intval) { if ( e.type != BerType::INTEGER ) return false; diff --git a/src/utils/util_ber.h b/src/utils/util_ber.h index 6b77c6b9f..ccd9b9de3 100644 --- a/src/utils/util_ber.h +++ b/src/utils/util_ber.h @@ -45,7 +45,7 @@ struct BerElement class SO_PUBLIC BerReader { public: - BerReader(Cursor& c) + BerReader(const Cursor& c) { beg = c.buffer(); end = c.endo(); @@ -53,7 +53,7 @@ public: bool read(const uint8_t* c, BerElement& e); - bool convert(BerElement& e, uint32_t& intval); + bool convert(const BerElement& e, uint32_t& intval); bool extract(const uint8_t*& c, uint32_t& intval); bool skip(const uint8_t*& c, uint32_t type); diff --git a/src/utils/util_net.cc b/src/utils/util_net.cc index 9e97ff8f2..cf5a9eca2 100644 --- a/src/utils/util_net.cc +++ b/src/utils/util_net.cc @@ -28,7 +28,7 @@ namespace snort { -char* ObfuscateIpToText(const SfIp* ip, SfCidr& homenet, SfCidr& obfunet, InetBuf& ab) +char* ObfuscateIpToText(const SfIp* ip, const SfCidr& homenet, SfCidr& obfunet, InetBuf& ab) { ab[0] = 0; diff --git a/src/utils/util_net.h b/src/utils/util_net.h index f99ecaf9d..470313af8 100644 --- a/src/utils/util_net.h +++ b/src/utils/util_net.h @@ -29,7 +29,7 @@ struct SfCidr; typedef char InetBuf[INET6_ADDRSTRLEN]; SO_PUBLIC char* ObfuscateIpToText( - const struct SfIp*, SfCidr& homenet, SfCidr& obfuscate_net, InetBuf&); + const struct SfIp*, const SfCidr& homenet, SfCidr& obfuscate_net, InetBuf&); } #endif diff --git a/tools/snort2lua/data/data_types/dt_rule.cc b/tools/snort2lua/data/data_types/dt_rule.cc index 0e6af65a6..b18790727 100644 --- a/tools/snort2lua/data/data_types/dt_rule.cc +++ b/tools/snort2lua/data/data_types/dt_rule.cc @@ -96,7 +96,7 @@ std::string Rule::get_option(const std::string& keyword) return std::string(); } -void Rule::update_option(const std::string& keyword, std::string& val) +void Rule::update_option(const std::string& keyword, const std::string& val) { for (auto option : options) { @@ -232,7 +232,7 @@ void Rule::resolve_pcre_buffer_options() { curr_sticky_buffer = new_buffer; RuleOption* new_opt = new RuleOption(new_buffer); - options.insert(iter, new_opt); + iter = options.insert(iter, new_opt); ++iter; } } diff --git a/tools/snort2lua/data/data_types/dt_rule.h b/tools/snort2lua/data/data_types/dt_rule.h index bbcc5906e..fa2cf8f01 100644 --- a/tools/snort2lua/data/data_types/dt_rule.h +++ b/tools/snort2lua/data/data_types/dt_rule.h @@ -37,7 +37,7 @@ public: void add_option(const std::string& keyword); void add_option(const std::string& keyword, const std::string& data); std::string get_option(const std::string& keyword); - void update_option(const std::string& keyword, std::string& val); + void update_option(const std::string& keyword, const std::string& val); void add_suboption(const std::string& keyword); void add_suboption(const std::string& keyword, const std::string& val); void set_curr_options_buffer(const std::string& buffer, bool add_option); diff --git a/tools/snort2lua/data/data_types/dt_rule_option.h b/tools/snort2lua/data/data_types/dt_rule_option.h index 1ca5324f5..1dca8ca51 100644 --- a/tools/snort2lua/data/data_types/dt_rule_option.h +++ b/tools/snort2lua/data/data_types/dt_rule_option.h @@ -35,7 +35,7 @@ public: inline const std::string& get_name() { return name; } inline const std::string& get_value() { return value; } - inline void update_value(std::string& new_value) { value = new_value; } + inline void update_value(const std::string& new_value) { value = new_value; } bool add_suboption(const std::string& name); bool add_suboption(const std::string& name, const std::string& val); diff --git a/tools/snort2lua/data/dt_rule_api.cc b/tools/snort2lua/data/dt_rule_api.cc index dd592b503..807c892ec 100644 --- a/tools/snort2lua/data/dt_rule_api.cc +++ b/tools/snort2lua/data/dt_rule_api.cc @@ -207,7 +207,7 @@ std::string RuleApi::get_option(const std::string& keyword) return curr_rule->get_option(keyword); } -void RuleApi::update_option(const std::string& keyword, std::string& val) +void RuleApi::update_option(const std::string& keyword, const std::string& val) { if (!curr_rule) return; diff --git a/tools/snort2lua/data/dt_rule_api.h b/tools/snort2lua/data/dt_rule_api.h index 3c5248f6b..5c6747d8d 100644 --- a/tools/snort2lua/data/dt_rule_api.h +++ b/tools/snort2lua/data/dt_rule_api.h @@ -68,7 +68,7 @@ public: void add_option(const std::string& keyword); void add_option(const std::string& keyword, const std::string& val); std::string get_option(const std::string& keyword); - void update_option(const std::string& keyword, std::string& val); + void update_option(const std::string& keyword, const std::string& val); void add_suboption(const std::string& keyword); void add_suboption(const std::string& keyword, const std::string& val); void set_curr_options_buffer(const std::string& buffer, bool add_option=false); diff --git a/tools/snort2lua/data/dt_table_api.h b/tools/snort2lua/data/dt_table_api.h index a7c6dbe71..23c0ecae0 100644 --- a/tools/snort2lua/data/dt_table_api.h +++ b/tools/snort2lua/data/dt_table_api.h @@ -58,7 +58,7 @@ class TableApi { public: TableApi() = default; - TableApi(TableApi* d, TableDelegation& td) : delegate(d), delegations(td) {} + TableApi(TableApi* d, const TableDelegation& td) : delegate(d), delegations(td) {} virtual ~TableApi(); void reset_state();