create fopen_modsec#3582
Conversation
fc57857 to
c369be6
Compare
c369be6 to
3ed9115
Compare
|
"The SonarCloud duplication (66.7%) is a false positive caused by the very small diff size (only 6 lines). Since I don't have permission to modify the SonarCloud config, could a maintainer please check and approve this manually?" |
|
There was a problem hiding this comment.
Pull request overview
This pull request introduces a fopen_modsec() helper intended to replace direct fopen() usage (primarily to address Windows/MSVC deprecation warnings flagged by static analysis) and updates several call sites to use the new helper.
Changes:
- Added
modsecurity::utils::fopen_modsec(FILE**, const char*, const char*)declaration/definition and migratedisFile()to use it. - Updated file-opening in
SharedFilesand SecLang include-handling in the scanner to callfopen_modsec()instead offopen(). - Added new includes where needed to access the helper.
Reviewed changes
Copilot reviewed 5 out of 5 changed files in this pull request and generated 6 comments.
Show a summary per file
| File | Description |
|---|---|
| src/utils/system.h | Declares the new fopen_modsec() helper in the utils API. |
| src/utils/system.cc | Implements fopen_modsec() and switches isFile() to use it. |
| src/utils/shared_files.cc | Switches audit/debug shared file handler creation to use fopen_modsec(). |
| src/parser/seclang-scanner.ll | Updates scanner include-handling to use fopen_modsec(). |
| src/parser/seclang-scanner.cc | Updates the generated scanner output to use fopen_modsec() in include-handling paths. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| #include <bits/types/FILE.h> | ||
| #include <stdio.h> |
| std::list<std::string> expandEnv(const std::string& var, int flags); | ||
| bool createDir(const std::string& dir, int mode, std::string *error); | ||
| bool isFile(const std::string& f); | ||
| bool fopen_modsec(FILE **v_fp, const char *filename, const char *mode); |
| bool fopen_modsec(FILE **v_fp, const char *filename, const char *mode) { | ||
| if (v_fp == nullptr || filename == nullptr || mode == nullptr) { | ||
| return false; | ||
| } | ||
| *v_fp = fopen(filename, mode); | ||
| if (*v_fp == nullptr) { | ||
| return false; | ||
| } | ||
| return true; | ||
| } |
|
|
||
| yyin = fopen(f.c_str(), "r" ); | ||
| if (!yyin) { | ||
| if (!modsecurity::utils::fopen_modsec(&yyin, f.c_str(), "r") != 0) { |
| driver.loc.back()->begin.filename = driver.loc.back()->end.filename = &(driver.m_filenames.back()); | ||
| yyin = fopen(f.c_str(), "r" ); | ||
| if (!yyin) { | ||
| if (!modsecurity::utils::fopen_modsec(&yyin, f.c_str(), "r") != 0) { // NOSONAR |
|
|
||
| yyin = fopen(f.c_str(), "r" ); | ||
| if (!yyin) { | ||
| if (!modsecurity::utils::fopen_modsec(&yyin, f.c_str(), "r") != 0) { // NOSONAR |


what
Since fopen_s, which is used in win32, is more secure, we defined and implemented it internally so that it can be used in other operating systems as well.
Since
fopen_scan have name conflicts, we're creating it asfopen_modsec.why
SonarCloud Code Analysis has started causing errors with fopen.
references
The goal is to resolve this error.
https://github.com/owasp-modsecurity/ModSecurity/pull/3521/changes#diff-2f0c197bfdbe90b112359e18d7980ca2c8535fe1cbd47ce1029c27130812de2aR113