Set MULTIPART_FILE_LIMIT_EXCEEDED variable

examples/reading_logs_via_rule_message/reading_logs_via_rule_message.h

@@ -96,20 +96,20 @@ static void process_request(modsecurity::ModSecurity *modsec, modsecurity::Rules
 
 class ReadingLogsViaRuleMessage {
  public:
-    ReadingLogsViaRuleMessage(char *request_header,
-        char *request_uri,
-        char *request_body,
-        char *response_headers,
-        char *response_body,
-        char *ip,
-        const std::string &rules) :
-            m_request_header(request_header),
-            m_request_uri(request_uri),
-            m_request_body(request_body),
-            m_response_headers(response_headers),
-            m_response_body(response_body),
-            m_ip(ip),
-            m_rules(rules)
+    ReadingLogsViaRuleMessage(char *arg_request_header,
+        char *arg_request_uri,
+        char *arg_request_body,
+        char *arg_response_headers,
+        char *arg_response_body,
+        char *arg_ip,
+        const std::string &arg_rules) :
+            m_request_header(arg_request_header),
+            m_request_uri(arg_request_uri),
+            m_request_body(arg_request_body),
+            m_response_headers(arg_response_headers),
+            m_response_body(arg_response_body),
+            m_ip(arg_ip),
+            m_rules(arg_rules)
         { }
 
     int process() const {

headers/modsecurity/transaction.h

@@ -405,7 +405,7 @@ class Transaction : public TransactionAnchoredVariables, public TransactionSecMa
     size_t getRequestBodyLength();
 
 #ifndef NO_LOGS
-    void debug(int, const std::string &) const;
+    void debug(int level, const std::string& message) const;
 #endif
     void serverLog(const RuleMessage &rm);
 

src/modsecurity.cc

@@ -391,7 +391,7 @@ void ModSecurity::setServerLogCb(ModSecLogCb cb) {
 }
 
 
-void ModSecurity::setServerLogCb(ModSecLogCb cb, int properties) {
+void ModSecurity::setServerLogCb(ModSecLogCb cb, int properties) { // cppcheck-suppress funcArgNamesDifferentUnnamed - this is a false positive
     m_logCb = (ModSecLogCb) cb;
     m_logProperties = properties;
 }

src/request_body_processor/multipart.cc

@@ -1140,6 +1140,10 @@ int Multipart::multipart_complete(std::string *error) {
             "Multipart: Warning: invalid header folding used.");
     }
 
+    m_transaction->m_variableMultipartFileLimitExceeded.set(
+        std::to_string(m_flag_file_limit_exceeded),
+        m_transaction->m_variableOffset);
+
     m_transaction->m_variableMultipartStrictError.set(
         std::to_string(m_flag_error || m_flag_boundary_quoted != 0
         || m_flag_boundary_whitespace != 0 || m_flag_data_before != 0

src/request_body_processor/xml.h

@@ -60,7 +60,7 @@ class XMLNodes {
         // need to stop parsing if the number of arguments reached the limit
         xmlParserCtxtPtr  parsing_ctx_arg;
 
-        explicit XMLNodes (Transaction *);
+        explicit XMLNodes(Transaction *transaction);
         ~XMLNodes();
 };
 
@@ -69,7 +69,7 @@ struct xml_data {
     xmlParserCtxtPtr parsing_ctx;
     xmlDocPtr doc;
 
-    unsigned int well_formed;
+    unsigned int well_formed = 0;
 
     /* error reporting and XML array flag */
     std::string               xml_error;

src/utils/shared_files.h

@@ -55,11 +55,11 @@ class SharedFiles {
     void operator=(SharedFiles const&) = delete;
 
      struct handler_info {
-         FILE* fp;
+         FILE* fp = nullptr;
 #ifdef WIN32
-         HANDLE hMutex;
+         HANDLE hMutex = nullptr;
 #endif
-         unsigned int cnt;
+         unsigned int cnt = 0;
      };
 
     using handlers_map = std::unordered_map<std::string, handler_info>;

test/common/modsecurity_test.h

@@ -34,7 +34,7 @@ template <class T> class ModSecurityTest :
     ModSecurityTest() = default;
 
     std::string header();
-    void cmd_options(int, char **);
+    void cmd_options(int argc, char** argv);
     void load_tests();
     void load_tests(const std::string &path);
     bool load_test_json(const std::string &file);

test/common/modsecurity_test_results.h

@@ -25,7 +25,7 @@ namespace modsecurity_test {
 template <class T> class ModSecurityTestResults : public std::vector<T *> {
  public:
     std::string log_raw_debug_log;
-    int status;
+    int status = 0;
     std::string location;
 };
 

test/regression/regression_test.h

@@ -32,7 +32,7 @@ namespace modsecurity_test {
 
 class RegressionTest {
  public:
-    static std::unique_ptr<RegressionTest> from_yajl_node(const yajl_val &);
+    static std::unique_ptr<RegressionTest> from_yajl_node(const yajl_val &node);
 
     static std::string print();
     std::string filename;
@@ -42,8 +42,8 @@ class RegressionTest {
     std::string rules;
 
     std::string url;
-    int enabled;
-    int version_min;
+    int enabled = 0;
+    int version_min = 0;
     std::optional<int> version_max;
     std::optional<int> github_issue;
 
@@ -60,8 +60,8 @@ class RegressionTest {
 
     std::string clientIp;
     std::string serverIp;
-    int clientPort;
-    int serverPort;
+    int clientPort = 0;
+    int serverPort = 0;
     std::string hostname;
 
     std::string method;
@@ -75,7 +75,7 @@ class RegressionTest {
     static inline std::vector<std::pair<std::string, std::string>>
         yajl_array_to_map(const yajl_val &node);
 
-    int http_code;
+    int http_code = 0;
     std::string redirect_url;
 
     // fields for formatting JSON
@@ -96,7 +96,7 @@ class RegressionTest {
 
 class RegressionTests {
  public:
-    static std::unique_ptr<RegressionTests> from_yajl_node(const yajl_val &);
+    static std::unique_ptr<RegressionTests> from_yajl_node(const yajl_val &node);
     void update_content_lengths();
     std::string toJSON() const;
 

test/test-cases/regression/request-body-parser-multipart.json

@@ -1525,7 +1525,7 @@
     },
     "expected": {
       "debug_log": "boundary whitespace in C-T header",
-      "error_log": "msg \"Multipart request body failed strict validation:PE 1,BQ 0,BW 1,DB 0,DA 0,HF 0,LF 0,SM 0,IQ 0,IP 0,IH 0,FL \"",
+      "error_log": "msg \"Multipart request body failed strict validation:PE 1,BQ 0,BW 1,DB 0,DA 0,HF 0,LF 0,SM 0,IQ 0,IP 0,IH 0,FL 0\"",
       "http_code": 403
     },
     "rules": [
@@ -1587,7 +1587,7 @@
       ]
     },
     "expected": {
-      "error_log": "msg \"Multipart request body failed strict validation:PE 1,BQ 0,BW 0,DB 0,DA 0,HF 0,LF 0,SM 0,IQ 0,IP 0,IH 0,FL \"",
+      "error_log": "msg \"Multipart request body failed strict validation:PE 1,BQ 0,BW 0,DB 0,DA 0,HF 0,LF 0,SM 0,IQ 0,IP 0,IH 0,FL 0\"",
       "http_code": 403
     },
     "rules": [
@@ -1650,7 +1650,7 @@
     },
     "expected": {
       "debug_log": "No boundaries found in payload",
-      "error_log": "msg \"Multipart request body failed strict validation:PE 1,BQ 0,BW 0,DB 1,DA 0,HF 0,LF 0,SM 0,IQ 0,IP 0,IH 0,FL \"",
+      "error_log": "msg \"Multipart request body failed strict validation:PE 1,BQ 0,BW 0,DB 1,DA 0,HF 0,LF 0,SM 0,IQ 0,IP 0,IH 0,FL 0\"",
       "http_code": 403
     },
     "rules": [
@@ -1713,7 +1713,7 @@
     },
     "expected": {
       "debug_log": "Invalid boundary in C-T \\(characters\\)",
-      "error_log": "msg \"Multipart request body failed strict validation:PE 1,BQ 0,BW 0,DB 0,DA 0,HF 0,LF 0,SM 0,IQ 0,IP 0,IH 0,FL \"",
+      "error_log": "msg \"Multipart request body failed strict validation:PE 1,BQ 0,BW 0,DB 0,DA 0,HF 0,LF 0,SM 0,IQ 0,IP 0,IH 0,FL 0\"",
       "http_code": 403
     },
     "rules": [
@@ -1776,7 +1776,7 @@
     },
     "expected": {
       "debug_log": "boundary was quoted",
-      "error_log": "msg \"Multipart request body failed strict validation:PE 1,BQ 1,BW 0,DB 0,DA 0,HF 0,LF 0,SM 0,IQ 0,IP 0,IH 0,FL \"",
+      "error_log": "msg \"Multipart request body failed strict validation:PE 1,BQ 1,BW 0,DB 0,DA 0,HF 0,LF 0,SM 0,IQ 0,IP 0,IH 0,FL 0\"",
       "http_code": 403
     },
     "rules": [
@@ -1839,7 +1839,7 @@
     },
     "expected": {
       "debug_log": "boundary was quoted.*No boundaries found in payload",
-      "error_log": "msg \"Multipart request body failed strict validation:PE 1,BQ 1,BW 0,DB 0,DA 0,HF 0,LF 0,SM 0,IQ 0,IP 0,IH 0,FL \"",
+      "error_log": "msg \"Multipart request body failed strict validation:PE 1,BQ 1,BW 0,DB 0,DA 0,HF 0,LF 0,SM 0,IQ 0,IP 0,IH 0,FL 0\"",
       "http_code": 403
     },
     "rules": [
@@ -1902,7 +1902,7 @@
     },
     "expected": {
       "debug_log": "Invalid boundary in C-T \\(characters\\).*boundary was quoted.",
-      "error_log": "msg \"Multipart request body failed strict validation:PE 1,BQ 1,BW 0,DB 0,DA 0,HF 0,LF 0,SM 0,IQ 0,IP 0,IH 0,FL \"",
+      "error_log": "msg \"Multipart request body failed strict validation:PE 1,BQ 1,BW 0,DB 0,DA 0,HF 0,LF 0,SM 0,IQ 0,IP 0,IH 0,FL 0\"",
       "http_code": 403
     },
     "rules": [
@@ -1965,7 +1965,7 @@
     },
     "expected": {
       "debug_log": "Invalid boundary in C-T \\(characters\\).*boundary was quoted.",
-      "error_log": "msg \"Multipart request body failed strict validation:PE 1,BQ 1,BW 0,DB 0,DA 0,HF 0,LF 0,SM 0,IQ 0,IP 0,IH 0,FL \"",
+      "error_log": "msg \"Multipart request body failed strict validation:PE 1,BQ 1,BW 0,DB 0,DA 0,HF 0,LF 0,SM 0,IQ 0,IP 0,IH 0,FL 0\"",
       "http_code": 403
     },
     "rules": [
@@ -2028,7 +2028,7 @@
     },
     "expected": {
       "debug_log": "boundary was quoted",
-      "error_log": "msg \"Multipart request body failed strict validation:PE 1,BQ 1,BW 0,DB 0,DA 0,HF 0,LF 0,SM 0,IQ 0,IP 0,IH 0,FL \"",
+      "error_log": "msg \"Multipart request body failed strict validation:PE 1,BQ 1,BW 0,DB 0,DA 0,HF 0,LF 0,SM 0,IQ 0,IP 0,IH 0,FL 0\"",
       "http_code": 403
     },
     "rules": [
@@ -2091,7 +2091,7 @@
     },
     "expected": {
       "debug_log": "Invalid boundary in C-T \\(characters\\)",
-      "error_log": "msg \"Multipart request body failed strict validation:PE 1,BQ 1,BW 0,DB 0,DA 0,HF 0,LF 0,SM 0,IQ 0,IP 0,IH 0,FL \"",
+      "error_log": "msg \"Multipart request body failed strict validation:PE 1,BQ 1,BW 0,DB 0,DA 0,HF 0,LF 0,SM 0,IQ 0,IP 0,IH 0,FL 0\"",
       "http_code": 403
     },
     "rules": [
@@ -2154,7 +2154,7 @@
     },
     "expected": {
       "debug_log": "Invalid boundary in C-T \\(characters\\)",
-      "error_log": "msg \"Multipart request body failed strict validation:PE 1,BQ 1,BW 0,DB 0,DA 0,HF 0,LF 0,SM 0,IQ 0,IP 0,IH 0,FL \"",
+      "error_log": "msg \"Multipart request body failed strict validation:PE 1,BQ 1,BW 0,DB 0,DA 0,HF 0,LF 0,SM 0,IQ 0,IP 0,IH 0,FL 0\"",
       "http_code": 403
     },
     "rules": [
@@ -2217,7 +2217,7 @@
     },
     "expected": {
       "debug_log": "Invalid boundary in C-T \\(quote\\)",
-      "error_log": "msg \"Multipart request body failed strict validation:PE 1,BQ 0,BW 0,DB 0,DA 0,HF 0,LF 0,SM 0,IQ 0,IP 0,IH 0,FL \"",
+      "error_log": "msg \"Multipart request body failed strict validation:PE 1,BQ 0,BW 0,DB 0,DA 0,HF 0,LF 0,SM 0,IQ 0,IP 0,IH 0,FL 0\"",
       "http_code": 403
     },
     "rules": [
@@ -2280,7 +2280,7 @@
     },
     "expected": {
       "debug_log": "Invalid boundary in C-T \\(quote\\)",
-      "error_log": "msg \"Multipart request body failed strict validation:PE 1,BQ 0,BW 0,DB 0,DA 0,HF 0,LF 0,SM 0,IQ 0,IP 0,IH 0,FL \"",
+      "error_log": "msg \"Multipart request body failed strict validation:PE 1,BQ 0,BW 0,DB 0,DA 0,HF 0,LF 0,SM 0,IQ 0,IP 0,IH 0,FL 0\"",
       "http_code": 403
     },
     "rules": [
@@ -2353,7 +2353,7 @@
     },
     "expected": {
       "debug_log": "Invalid Content-Disposition header",
-      "error_log": "msg \"Multipart request body failed strict validation:PE 1,BQ 0,BW 0,DB 0,DA 0,HF 0,LF 0,SM 0,IQ 0,IP 1,IH 0,FL \"",
+      "error_log": "msg \"Multipart request body failed strict validation:PE 1,BQ 0,BW 0,DB 0,DA 0,HF 0,LF 0,SM 0,IQ 0,IP 1,IH 0,FL 0\"",
       "http_code": 403
     },
     "rules": [
@@ -2425,7 +2425,7 @@
     },
     "expected": {
       "debug_log": "Part missing Content-Disposition header",
-      "error_log": "msg \"Multipart request body failed strict validation:PE 1,BQ 0,BW 0,DB 0,DA 0,HF 0,LF 0,SM 0,IQ 0,IP 1,IH 0,FL \"",
+      "error_log": "msg \"Multipart request body failed strict validation:PE 1,BQ 0,BW 0,DB 0,DA 0,HF 0,LF 0,SM 0,IQ 0,IP 1,IH 0,FL 0\"",
       "http_code": 403
     },
     "rules": [
@@ -2502,6 +2502,7 @@
     },
     "expected": {
       "debug_log": "Upload file limit exceeded",
+      "error_log": "Check variable for test:FL 1",
       "http_code": 403
     },
     "rules": [
@@ -2511,7 +2512,7 @@
       "SecUploadFileLimit 2",
       "SecRule MULTIPART_STRICT_ERROR \"!@eq 1\" \"phase:2,deny,id:500161\"",
       "SecRule MULTIPART_FILE_LIMIT_EXCEEDED \"!@eq 1\" \"phase:2,deny,id:500162\"",
-      "SecRule REQBODY_PROCESSOR_ERROR \"@eq 1\" \"phase:2,deny,id:500163\"",
+      "SecRule REQBODY_PROCESSOR_ERROR \"@eq 1\" \"phase:2,deny,id:500163,msg:'Check variable for test:FL %{MULTIPART_FILE_LIMIT_EXCEEDED}'\"",
       "SecRule &FILES \"!@eq 3\" \"phase:2,deny,id:500164\"",
       "SecRule &FILES_NAMES \"!@eq 3\" \"phase:2,deny,id:500165\"",
       "SecRule &FILES_SIZES \"!@eq 3\" \"phase:2,deny,id:500166\"",

test/unit/unit_test.h

@@ -27,13 +27,13 @@ namespace modsecurity_test {
 
 class UnitTestResult {
  public:
-    int ret;
+    int ret = 0;
     std::string output;
 };
 
 class UnitTest {
  public:
-    static std::unique_ptr<UnitTest> from_yajl_node(const yajl_val &);
+    static std::unique_ptr<UnitTest> from_yajl_node(const yajl_val &node);
 
     std::string print() const;
 
@@ -45,9 +45,9 @@ class UnitTest {
     std::string filename;
     std::string output;
     std::string libinjection_override;
-    int ret;
-    int capture;
-    int skipped;
+    int ret = 0;
+    int capture = 0;
+    int skipped = 0;
     UnitTestResult result;
 };