Fix many, but not all, clang-tidy complaints

src/action_mapper.cpp

@@ -4,10 +4,16 @@
 // This product includes software developed at Datadog (https://www.datadoghq.com/).
 // Copyright 2021 Datadog, Inc.
 
+#include <functional>
+#include <map>
+#include <memory>
 #include <stdexcept>
+#include <string>
+#include <string_view>
+#include <unordered_map>
+#include <utility>
 
 #include "action_mapper.hpp"
-#include "uuid.hpp"
 
 namespace ddwaf {
 action_type action_type_from_string(std::string_view type)

src/builder/processor_builder.cpp

@@ -5,10 +5,17 @@
 // Copyright 2021 Datadog, Inc.
 
 #include <concepts>
+#include <memory>
+#include <set>
+#include <vector>
 
 #include "builder/processor_builder.hpp"
+#include "indexer.hpp"
+#include "parser/specification.hpp"
+#include "processor/base.hpp"
 #include "processor/extract_schema.hpp"
 #include "processor/fingerprint.hpp"
+#include "scanner.hpp"
 
 namespace ddwaf {
 

src/clock.cpp

@@ -5,11 +5,15 @@
 // Copyright 2021 Datadog, Inc.
 
 #include "clock.hpp"
+#include <atomic>
+#include <bits/time.h>
+#include <bits/types/clockid_t.h>
+#include <cerrno>
+#include <chrono>
+#include <time.h>
 
 #ifdef __linux__
 
-# include <system_error>
-
 // NOLINTNEXTLINE(cppcoreguidelines-macro-usage)
 # define _GNU_SOURCE 1
 # include <ctime>

src/collection.cpp

@@ -5,9 +5,22 @@
 // Copyright 2021 Datadog, Inc.
 
 #include "collection.hpp"
+#include "clock.hpp"
+#include "context_allocator.hpp"
+#include "event.hpp"
 #include "exception.hpp"
-#include "exclusion/rule_filter.hpp"
+#include "exclusion/common.hpp"
 #include "log.hpp"
+#include "matcher/base.hpp"
+#include "object_store.hpp"
+#include "rule.hpp"
+#include <memory>
+#include <optional>
+#include <string>
+#include <string_view>
+#include <unordered_map>
+#include <utility>
+#include <vector>
 
 namespace ddwaf {
 

src/condition/lfi_detector.cpp

@@ -5,10 +5,22 @@
 // Copyright 2021 Datadog, Inc.
 
 #include "condition/lfi_detector.hpp"
+#include "argument_retriever.hpp"
+#include "clock.hpp"
+#include "condition/base.hpp"
+#include "ddwaf.h"
 #include "exception.hpp"
+#include "exclusion/common.hpp"
 #include "iterator.hpp"
+#include "log.hpp"
 #include "platform.hpp"
 #include "utils.hpp"
+#include <cstddef>
+#include <optional>
+#include <string>
+#include <string_view>
+#include <utility>
+#include <vector>
 
 using namespace std::literals;
 
@@ -63,9 +75,9 @@ bool lfi_impl_windows(std::string_view path, std::string_view param)
  return false;
  }
 
- bool is_absolute = param[0] == '/' || param[0] == '\\' ||
- (param.size() >= 3 && (ddwaf::isalpha(param[0]) && param[1] == ':' &&
- (param[2] == '/' || param[2] == '\\')));
+ const bool is_absolute = param[0] == '/' || param[0] == '\\' ||
+  (param.size() >= 3 && (ddwaf::isalpha(param[0]) && param[1] == ':' &&
+  (param[2] == '/' || param[2] == '\\')));
  return (is_absolute && param == path) || find_directory_escape(param, "/\\");
 }
 
@@ -100,7 +112,7 @@ lfi_result lfi_impl(std::string_view path, const ddwaf_object &params,
  continue;
  }
 
- std::string_view value{param.stringValue, static_cast<std::size_t>(param.nbEntries)};
+ const std::string_view value{param.stringValue, static_cast<std::size_t>(param.nbEntries)};
  if (lfi_fn(path, value)) {
  return {{std::string(value), it.get_current_path()}};
  }
@@ -118,7 +130,7 @@ eval_result lfi_detector::eval_impl(const unary_argument<std::string_view> &path
  auto res = lfi_impl(path.value, *param.value, objects_excluded, limits_, deadline);
  if (res.has_value()) {
  std::vector<std::string> path_kp{path.key_path.begin(), path.key_path.end()};
- bool ephemeral = path.ephemeral || param.ephemeral;
+ const bool ephemeral = path.ephemeral || param.ephemeral;
 
  auto &[highlight, param_kp] = res.value();
 

src/condition/scalar_condition.cpp

@@ -5,9 +5,25 @@
 // Copyright 2021 Datadog, Inc.
 
 #include "scalar_condition.hpp"
+#include "clock.hpp"
+#include "condition/base.hpp"
+#include "ddwaf.h"
 #include "exception.hpp"
+#include "exclusion/common.hpp"
 #include "iterator.hpp"
+#include "log.hpp"
+#include "matcher/base.hpp"
+#include "object_store.hpp"
+#include "transformer/base.hpp"
 #include "transformer/manager.hpp"
+#include "utils.hpp"
+#include <memory>
+#include <optional>
+#include <span>
+#include <string>
+#include <string_view>
+#include <unordered_map>
+#include <utility>
 
 using namespace std::literals;
 

src/condition/shi_detector.cpp

@@ -5,11 +5,23 @@
 // Copyright 2021 Datadog, Inc.
 
 #include "condition/shi_detector.hpp"
+#include "argument_retriever.hpp"
+#include "clock.hpp"
+#include "condition/base.hpp"
 #include "condition/match_iterator.hpp"
+#include "condition/structured_condition.hpp"
+#include "ddwaf.h"
 #include "exception.hpp"
-#include "iterator.hpp"
+#include "exclusion/common.hpp"
+#include "log.hpp"
 #include "tokenizer/shell.hpp"
 #include "utils.hpp"
+#include <cstddef>
+#include <optional>
+#include <string>
+#include <string_view>
+#include <utility>
+#include <vector>
 
 using namespace std::literals;
 
@@ -86,7 +98,7 @@ eval_result shi_detector::eval_impl(const unary_argument<std::string_view> &reso
  if (res.has_value()) {
  std::vector<std::string> resource_kp{
  resource.key_path.begin(), resource.key_path.end()};
- bool ephemeral = resource.ephemeral || param.ephemeral;
+ const bool ephemeral = resource.ephemeral || param.ephemeral;
 
  auto &[highlight, param_kp] = res.value();
 

src/condition/sqli_detector.cpp

@@ -4,16 +4,30 @@
 // This product includes software developed at Datadog (https://www.datadoghq.com/).
 // Copyright 2021 Datadog, Inc.
 #include "condition/sqli_detector.hpp"
+#include "argument_retriever.hpp"
+#include "clock.hpp"
+#include "condition/base.hpp"
 #include "condition/match_iterator.hpp"
+#include "ddwaf.h"
 #include "exception.hpp"
-#include "iterator.hpp"
+#include "exclusion/common.hpp"
+#include "log.hpp"
 #include "tokenizer/generic_sql.hpp"
 #include "tokenizer/mysql.hpp"
 #include "tokenizer/pgsql.hpp"
+#include "tokenizer/sql_base.hpp"
 #include "tokenizer/sqlite.hpp"
 #include "utils.hpp"
 
+#include <cstddef>
+#include <limits>
+#include <span>
+#include <stdexcept>
+#include <string>
+#include <string_view>
+#include <utility>
 #include <variant>
+#include <vector>
 
 using namespace std::literals;
 
@@ -356,8 +370,8 @@ bool is_benign_order_by_clause(const std::vector<sql_token> &resource_tokens,
  return false;
  }
 
- std::string_view order = resource_tokens[param_tokens_begin - 2].str;
- std::string_view by = resource_tokens[param_tokens_begin - 1].str;
+ const std::string_view order = resource_tokens[param_tokens_begin - 2].str;
+ const std::string_view by = resource_tokens[param_tokens_begin - 1].str;
 
  if (!string_iequals_literal(order, "order") || !string_iequals_literal(by, "by")) {
  return false;
@@ -508,7 +522,7 @@ sqli_result sqli_impl(std::string_view resource, std::vector<sql_token> &resourc
  sql.value, resource_tokens, *param.value, dialect, objects_excluded, limits_, deadline);
  if (std::holds_alternative<internal::matched_param>(res)) {
  std::vector<std::string> sql_kp{sql.key_path.begin(), sql.key_path.end()};
- bool ephemeral = sql.ephemeral || param.ephemeral;
+ const bool ephemeral = sql.ephemeral || param.ephemeral;
 
  auto stripped_stmt = internal::strip_literals(sql.value, resource_tokens);
 

src/condition/ssrf_detector.cpp

@@ -5,11 +5,27 @@
 // Copyright 2021 Datadog, Inc.
 
 #include "condition/ssrf_detector.hpp"
+#include "argument_retriever.hpp"
+#include "clock.hpp"
+#include "condition/base.hpp"
 #include "condition/match_iterator.hpp"
+#include "condition/structured_condition.hpp"
+#include "ddwaf.h"
 #include "exception.hpp"
-#include "iterator.hpp"
+#include "exclusion/common.hpp"
+#include "log.hpp"
+#include "matcher/ip_match.hpp"
 #include "uri_utils.hpp"
 #include "utils.hpp"
+#include <array>
+#include <cstddef>
+#include <memory>
+#include <optional>
+#include <string>
+#include <string_view>
+#include <unordered_set>
+#include <utility>
+#include <vector>
 
 using namespace std::literals;
 
@@ -183,7 +199,7 @@ ssrf_result ssrf_impl(const uri_decomposed &uri, const ddwaf_object &params,
  //
  // scheme://userinfo@host:port/path?query#fragment
  // <────>
- bool host_fully_injected =
+ const bool host_fully_injected =
  param_index <= uri.authority.host_index &&
  param_index + param.size() >= uri.authority.host_index + uri.authority.host.size();
 
@@ -252,7 +268,7 @@ eval_result ssrf_detector::eval_impl(const unary_argument<std::string_view> &uri
  dangerous_ip_matcher_, authorised_schemes_, deadline);
  if (res.has_value()) {
  std::vector<std::string> uri_kp{uri.key_path.begin(), uri.key_path.end()};
- bool ephemeral = uri.ephemeral || param.ephemeral;
+ const bool ephemeral = uri.ephemeral || param.ephemeral;
 
  auto &[highlight, param_kp] = res.value();
 

src/context.cpp

@@ -5,9 +5,19 @@
 // Copyright 2021 Datadog, Inc.
 
 #include "context.hpp"
+#include "clock.hpp"
+#include "collection.hpp"
+#include "ddwaf.h"
+#include "event.hpp"
 #include "exception.hpp"
 #include "log.hpp"
+#include "object_store.hpp"
+#include "processor/base.hpp"
 #include "utils.hpp"
+#include <chrono>
+#include <cstdint>
+#include <string_view>
+#include <vector>
 
 namespace ddwaf {
 
@@ -22,7 +32,7 @@ using attribute = object_store::attribute;
 // on whether the events were ephemeral or not.
 void set_context_event_address(object_store &store)
 {
- static std::string_view event_addr = "waf.context.event";
+ static const std::string_view event_addr = "waf.context.event";
  static auto event_addr_idx = get_target_index(event_addr);
 
  if (store.has_target(event_addr_idx)) {

src/context_allocator.cpp

@@ -5,6 +5,7 @@
 // Copyright 2021 Datadog, Inc.
 
 #include <memory>
+#include <memory_resource>
 
 #include "context_allocator.hpp"
 

src/event.cpp

@@ -4,11 +4,16 @@
 // This product includes software developed at Datadog (https://www.datadoghq.com/).
 // Copyright 2021 Datadog, Inc.
 
+#include <string>
+#include <string_view>
 #include <unordered_set>
+#include <vector>
 
 #include "action_mapper.hpp"
+#include "condition/base.hpp"
 #include "ddwaf.h"
 #include "event.hpp"
+#include "obfuscator.hpp"
 #include "rule.hpp"
 #include "uuid.hpp"
 
@@ -58,7 +63,7 @@ void serialize_match(const condition_match &match, ddwaf_object &match_map, auto
  ddwaf_object param;
  ddwaf_object_map(&param);
 
- bool redact = redact_match(obfuscator, match);
+ const bool redact = redact_match(obfuscator, match);
 
  ddwaf_object highlight_arr;
  ddwaf_object_array(&highlight_arr);
@@ -114,14 +119,14 @@ void serialize_match(const condition_match &match, ddwaf_object &match_map, auto
 struct action_tracker {
  // The blocking action refers to either a block_request or redirect_request
  // action, the latter having precedence over the former.
- std::string_view blocking_action{};
+ std::string_view blocking_action;
  action_type blocking_action_type{action_type::none};
 
  // Stack trace ID
- std::string stack_id{};
+ std::string stack_id;
 
  // This set contains all remaining actions other than the blocking action
- std::unordered_set<std::string_view> non_blocking_actions{};
+ std::unordered_set<std::string_view> non_blocking_actions;
 
  const action_mapper &mapper;
 };

src/exclusion/input_filter.cpp

@@ -11,7 +11,20 @@
 // Copyright 2021 Datadog, Inc.
 
 #include "exclusion/input_filter.hpp"
+#include "clock.hpp"
+#include "exclusion/object_filter.hpp"
+#include "expression.hpp"
 #include "log.hpp"
+#include "matcher/base.hpp"
+#include "object_store.hpp"
+#include "rule.hpp"
+#include <memory>
+#include <optional>
+#include <set>
+#include <stdexcept>
+#include <string>
+#include <unordered_map>
+#include <utility>
 
 namespace ddwaf::exclusion {