Update Code Scanning (#4)

Author: f-michaut

.github/workflows/cmake-multi-platform.yml

@@ -54,30 +54,13 @@ jobs:
  - name: Set Env
  shell: bash
  run: |
- echo "VCPKG_ROOT=${VCPKG_INSTALLATION_ROOT}" >> "$GITHUB_ENV"
  echo "BUILD_OUTPUT_DIR=${{ github.workspace }}/build" >> "$GITHUB_ENV"
 
- - name: Fetch VCPKG Cache (Windows)
- id: fetch-vcpkg-cache
+ - name: VCPKG Install (Windows)
  if: runner.os == 'Windows'
- uses: actions/cache/restore@v4
+ uses: ./.github/workflows/windows-vcpkg
  with:
- key: ${{ runner.os }}-${{ matrix.build_type }}-${{ hashFiles('vcpkg.json') }}
- path: ${{ env.VCPKG_ROOT }}
-
- - name: Install OpenSSL (Windows)
- if: runner.os == 'Windows'
- shell: powershell
- run: |
- echo "CMAKE_TOOLCHAIN_FILE=${env:VCPKG_ROOT}\scripts\buildsystems\vcpkg.cmake" | Out-File -FilePath $env:GITHUB_ENV -Append
- vcpkg install
-
- - name: Always Save VCPKG Cache (Windows)
- if: always() && runner.os == 'Windows' && steps.fetch-vcpkg-cache.outputs.cache-hit != 'true'
- uses: actions/cache/save@v4
- with:
- key: ${{ steps.fetch-vcpkg-cache.outputs.cache-primary-key }}
- path: ${{ env.VCPKG_ROOT }}
+ key: ${{ runner.os }}-${{ matrix.build_type }}
 
  - name: Configure CMake
  # Configure CMake in a 'build' subdirectory.

.github/workflows/code_scanning.yml

@@ -30,7 +30,7 @@ jobs:
 
  # Initializes the CodeQL tools for scanning.
  - name: Initialize CodeQL
- uses: github/codeql-action/init@v2
+ uses: github/codeql-action/init@v3
  with:
  languages: 'c-cpp'
  # If you wish to specify custom queries, you can do so here or in a config file.
@@ -44,20 +44,10 @@ jobs:
  # Autobuild attempts to build any compiled languages (C/C++, C#, Go, Java, or Swift).
  # If this step fails, then you should remove it and run the build manually (see below)
  - name: Autobuild
- uses: github/codeql-action/autobuild@v2
-
- # ℹ️ Command-line programs to run using the OS shell.
- # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
-
- # If the Autobuild fails above, remove it and uncomment the following three lines.
- # modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance.
-
- # - run: |
- # echo "Run, Build Application using script"
- # ./location_of_script_within_repo/buildscript.sh
+ uses: github/codeql-action/autobuild@v3
 
  - name: Perform CodeQL Analysis
- uses: github/codeql-action/analyze@v2
+ uses: github/codeql-action/analyze@v3
  with:
  category: "/language:c-cpp"
 
@@ -73,53 +63,66 @@ jobs:
  uses: actions/checkout@v3
 
  - name: flawfinder_scan
- uses: david-a-wheeler/flawfinder@8e4a779ad59dbfaee5da586aa9210853b701959c
+ uses: david-a-wheeler/flawfinder@2.0.19
  with:
  arguments: '--sarif ./'
  output: 'flawfinder_results.sarif'
 
  - name: Upload analysis results to GitHub Security tab
- uses: github/codeql-action/upload-sarif@v2
+ uses: github/codeql-action/upload-sarif@v3
  with:
  sarif_file: ${{github.workspace}}/flawfinder_results.sarif
 
- # microsoft-analyze:
- # permissions:
- # contents: read # for actions/checkout to fetch code
- # security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
- # actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
- # name: Microsoft Analyze
- # runs-on: windows-latest
-
- # steps:
- # - name: Checkout repository
- # uses: actions/checkout@v3
-
- # - name: Configure CMake
- # run: cmake -B ./build
-
- # # Build is not required unless generated source files are used
- # # - name: Build CMake
- # # run: cmake --build ./build
-
- # - name: Initialize MSVC Code Analysis
- # uses: microsoft/msvc-code-analysis-action@04825f6d9e00f87422d6bf04e1a38b1f3ed60d99
- # # Provide a unique ID to access the sarif output path
- # id: run-analysis
- # with:
- # cmakeBuildDirectory: ${{ env.build }}
- # # Ruleset file that will determine what checks will be run
- # ruleset: NativeRecommendedRules.ruleset
-
- # # Upload SARIF file to GitHub Code Scanning Alerts
- # - name: Upload SARIF to GitHub
- # uses: github/codeql-action/upload-sarif@v2
- # with:
- # sarif_file: ${{ steps.run-analysis.outputs.sarif }}
-
- # # Upload SARIF file as an Artifact to download and view
- # # - name: Upload SARIF as an Artifact
- # # uses: actions/upload-artifact@v3
- # # with:
- # # name: sarif-file
- # # path: ${{ steps.run-analysis.outputs.sarif }}
+ microsoft-analyze:
+ permissions:
+ actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
+ contents: read # for actions/checkout to fetch code
+ security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
+ name: Microsoft Analyze
+ runs-on: windows-latest
+
+ env:
+ # Path to the CMake build directory.
+ build: '${{ github.workspace }}/build'
+ config: 'Debug'
+
+ steps:
+ - name: Checkout repository
+ uses: actions/checkout@v3
+
+ - name: VCPKG Install (Windows)
+ uses: ./.github/workflows/windows-vcpkg
+ with:
+ key: ${{ runner.os }}-${{ env.config }}
+
+ - name: Configure CMake
+ run: cmake -B ${{ env.build }} -DCMAKE_BUILD_TYPE=${{ env.config }}
+
+ # Build is not required unless generated source files are used
+ # - name: Build CMake
+ # run: cmake --build ${{ env.build }} --config ${{ env.config }}
+
+ - name: Run MSVC Code Analysis
+ uses: microsoft/msvc-code-analysis-action@v0.1.1
+ # Provide a unique ID to access the sarif output path
+ id: run-analysis
+ with:
+ cmakeBuildDirectory: ${{ env.build }}
+ buildConfiguration: ${{ env.config }}
+ # Ruleset file that will determine what checks will be run
+ ruleset: NativeRecommendedRules.ruleset
+ # Paths to ignore analysis of CMake targets and includes
+ # ignoredPaths: ${{ github.workspace }}/dependencies;${{ github.workspace }}/test
+
+ # Upload SARIF file to GitHub Code Scanning Alerts
+ - name: Upload SARIF to GitHub
+ uses: github/codeql-action/upload-sarif@v3
+ with:
+ sarif_file: ${{ steps.run-analysis.outputs.sarif }}
+
+ # # Upload SARIF file as an Artifact to download and view
+ # - name: Upload SARIF as an Artifact
+ # uses: actions/upload-artifact@v4
+ # with:
+ # name: sarif-file
+ # path: ${{ steps.run-analysis.outputs.sarif }}

.github/workflows/download-cache.yml

@@ -0,0 +1,22 @@
+on:
+ workflow_dispatch:
+ inputs:
+ cache-key:
+ description: 'The key of the cache to retrieve'
+ required: true
+
+jobs:
+ download_and_upload_cache:
+ runs-on: ubuntu-latest
+ steps:
+ - name: Restore cache
+ uses: actions/cache@v4
+ with:
+ path: ./cache
+ key: ${{ inputs.cache-key }}
+
+ - name: Upload cached data as artifact
+ uses: actions/upload-artifact@v3
+ with:
+ name: cached-data-artifact
+ path: ./cache

.github/workflows/windows-vcpkg/action.yml

@@ -0,0 +1,37 @@
+name: Windows VCPKG
+
+inputs:
+ key:
+ required: true
+ type: string
+
+runs:
+ using: "composite"
+ steps:
+ - name: Set Env
+ shell: powershell
+ run: |
+ echo "VCPKG_ROOT=${env:VCPKG_INSTALLATION_ROOT}" | Out-File -FilePath $env:GITHUB_ENV -Append
+ echo "VCPKG_CACHE=${env:LOCALAPPDATA}\vcpkg\archives" | Out-File -FilePath $env:GITHUB_ENV -Append
+
+ - name: Fetch VCPKG Cache (Windows)
+ id: fetch-vcpkg-cache
+ if: runner.os == 'Windows'
+ uses: actions/cache/restore@v4
+ with:
+ key: ${{ inputs.key }}-vcpkg-${{ hashFiles('vcpkg.json') }}
+ path: ${{ env.VCPKG_CACHE }}
+
+ - name: VCPKG Install (Windows)
+ if: runner.os == 'Windows'
+ shell: powershell
+ run: |
+ echo "CMAKE_TOOLCHAIN_FILE=${env:VCPKG_ROOT}\scripts\buildsystems\vcpkg.cmake" | Out-File -FilePath $env:GITHUB_ENV -Append
+ vcpkg install --debug
+
+ - name: Always Save VCPKG Cache (Windows)
+ if: always() && runner.os == 'Windows' && steps.fetch-vcpkg-cache.outputs.cache-hit != 'true'
+ uses: actions/cache/save@v4
+ with:
+ key: ${{ steps.fetch-vcpkg-cache.outputs.cache-primary-key }}
+ path: ${{ env.VCPKG_CACHE }}

CMakeLists.txt

@@ -4,13 +4,13 @@
 ## Author Francois Michaut
 ##
 ## Started on Sun Aug 28 19:26:51 2022 Francois Michaut
-## Last update Mon Aug 4 23:34:08 2025 Francois Michaut
+## Last update Tue Aug 5 19:07:23 2025 Francois Michaut
 ##
 ## CMakeLists.txt : CMake to build the CppSockets library
 ##
 
 cmake_minimum_required (VERSION 3.15)
-set(CMAKE_CXX_STANDARD 17)
+set(CMAKE_CXX_STANDARD 20)
 set(CMAKE_CXX_STANDARD_REQUIRED True)
 set(CMAKE_EXPORT_COMPILE_COMMANDS ON)
 

include/CppSockets/Certificate.hpp

@@ -4,7 +4,7 @@
 ** Author Francois Michaut
 **
 ** Started on Fri Aug 1 09:50:33 2025 Francois Michaut
-** Last update Mon Aug 4 23:45:31 2025 Francois Michaut
+** Last update Tue Aug 5 19:08:13 2025 Francois Michaut
 **
 ** Certificate.hpp : Classes to create and manage Certificates
 */
@@ -18,12 +18,6 @@
 #include <cstdint>
 #include <filesystem>
 
-#if __cplusplus < 202002L
-namespace std {
- using u8string = basic_string<unsigned char>; // NOLINT(cert-dcl58-cpp)
-}
-#endif
-
 namespace CppSockets {
  class x509NameEntry;
 
@@ -164,8 +158,8 @@ namespace CppSockets {
  // TODO: Get methods
 
  // TODO: Provide overloads for hardcoded time
- void set_not_before(int offset_day, std::int64_t offset_sec, time_t *in_tm);
- void set_not_after(int offset_day, std::int64_t offset_sec, time_t *in_tm);
+ void set_not_before(int offset_day, std::int64_t offset_sec, time_t *in_tm = nullptr);
+ void set_not_after(int offset_day, std::int64_t offset_sec, time_t *in_tm = nullptr);
 
  void set_version(std::int64_t version);
  [[nodiscard]]

source/Certificate.cpp

@@ -4,7 +4,7 @@
 ** Author Francois Michaut
 **
 ** Started on Sat Aug 2 22:41:35 2025 Francois Michaut
-** Last update Tue Aug 5 13:08:40 2025 Francois Michaut
+** Last update Tue Aug 5 19:12:12 2025 Francois Michaut
 **
 ** Certificate.cpp : Implementation of classes to create and manage Certificates
 */
@@ -72,19 +72,19 @@ namespace CppSockets {
  }
 
  void x509Name::add_entry(const std::string &field_name, int type, const std::u8string &data, int loc, int set) {
- auto ret = X509_NAME_add_entry_by_txt(m_ptr.get(), field_name.c_str(), type, data.c_str(), numeric_cast<int>(data.size()), loc, set);
+ auto ret = X509_NAME_add_entry_by_txt(m_ptr.get(), field_name.c_str(), type, reinterpret_cast<const unsigned char *>(data.c_str()), numeric_cast<int>(data.size()), loc, set);
 
  check_or_throw_openssl_error(ret);
  }
 
  void x509Name::add_entry(const ASN1_OBJECT *obj, int type, const std::u8string &data, int loc, int set) {
- auto ret = X509_NAME_add_entry_by_OBJ(m_ptr.get(), obj, type, data.c_str(), numeric_cast<int>(data.size()), loc, set);
+ auto ret = X509_NAME_add_entry_by_OBJ(m_ptr.get(), obj, type, reinterpret_cast<const unsigned char *>(data.c_str()), numeric_cast<int>(data.size()), loc, set);
 
  check_or_throw_openssl_error(ret);
  }
 
  void x509Name::add_entry(int nid, int type, const std::u8string &data, int loc, int set) {
- auto ret = X509_NAME_add_entry_by_NID(m_ptr.get(), nid, type, data.c_str(), numeric_cast<int>(data.size()), loc, set);
+ auto ret = X509_NAME_add_entry_by_NID(m_ptr.get(), nid, type, reinterpret_cast<const unsigned char *>(data.c_str()), numeric_cast<int>(data.size()), loc, set);
 
  check_or_throw_openssl_error(ret);
  }
@@ -129,19 +129,19 @@ namespace CppSockets {
  }
 
  x509NameEntry::x509NameEntry(const std::string &name, int type, const std::u8string &data) :
- m_ptr(X509_NAME_ENTRY_create_by_txt(nullptr, name.c_str(), type, data.c_str(), numeric_cast<int>(data.size())))
+ m_ptr(X509_NAME_ENTRY_create_by_txt(nullptr, name.c_str(), type, reinterpret_cast<const unsigned char *>(data.c_str()), numeric_cast<int>(data.size())))
  {
  REQUIRED_PTR(m_ptr, "X509_NAME_ENTRY")
  }
 
  x509NameEntry::x509NameEntry(const ASN1_OBJECT *obj, int type, const std::u8string &data) :
- m_ptr(X509_NAME_ENTRY_create_by_OBJ(nullptr, obj, type, data.c_str(), numeric_cast<int>(data.size())))
+ m_ptr(X509_NAME_ENTRY_create_by_OBJ(nullptr, obj, type, reinterpret_cast<const unsigned char *>(data.c_str()), numeric_cast<int>(data.size())))
  {
  REQUIRED_PTR(m_ptr, "X509_NAME_ENTRY")
  }
 
  x509NameEntry::x509NameEntry(int nid, int type, const std::u8string &data) :
- m_ptr(X509_NAME_ENTRY_create_by_NID(nullptr, nid, type, data.c_str(), numeric_cast<int>(data.size())))
+ m_ptr(X509_NAME_ENTRY_create_by_NID(nullptr, nid, type, reinterpret_cast<const unsigned char *>(data.c_str()), numeric_cast<int>(data.size())))
  {
  REQUIRED_PTR(m_ptr, "X509_NAME_ENTRY")
  }
@@ -157,7 +157,7 @@ namespace CppSockets {
  }
 
  void x509NameEntry::set_data(int type, const std::u8string &data) {
- auto ret = X509_NAME_ENTRY_set_data(m_ptr.get(), type, data.c_str(), numeric_cast<int>(data.size()));
+ auto ret = X509_NAME_ENTRY_set_data(m_ptr.get(), type, reinterpret_cast<const unsigned char *>(data.c_str()), numeric_cast<int>(data.size()));
 
  check_or_throw_openssl_error(ret);
  }

source/Socket.cpp

@@ -4,7 +4,7 @@
 ** Author Francois Michaut
 **
 ** Started on Sat Jan 15 01:27:40 2022 Francois Michaut
-** Last update Tue Aug 5 00:04:25 2025 Francois Michaut
+** Last update Tue Aug 5 14:46:12 2025 Francois Michaut
 **
 ** Socket.cpp : Protable C++ socket class implementation
 */
@@ -46,7 +46,7 @@ namespace CppSockets {
  {
  socklen_t len = sizeof(int);
 
- Socket::getsockopt(sockfd, SOL_SOCKET, SO_TYPE, (SockOptType *)&m_type, &len);
+ Socket::getsockopt(sockfd, SOL_SOCKET, SO_TYPE, reinterpret_cast<SockOptType *>(&m_type), &len);
 #ifdef OS_LINUX
  Socket::getsockopt(sockfd, SOL_SOCKET, SO_DOMAIN, &m_domain, &len);
  Socket::getsockopt(sockfd, SOL_SOCKET, SO_PROTOCOL, &m_protocol, &len);
@@ -128,7 +128,7 @@ namespace CppSockets {
  std::size_t nb = 1;
 
  while (nb != 0 && (len == -1 || total < len)) {
- nb = this->read(buff.data(), BUFF_SIZE);
+ nb = this->read(buff.data(), buff.size());
  if (nb > 0) {
  res << std::string(buff.data(), nb);
  }
@@ -168,7 +168,7 @@ namespace CppSockets {
  auto Socket::set_reuseaddr(bool value) -> int {
  int val = static_cast<int>(value);
 
- return this->setsockopt(SOL_SOCKET, SO_REUSEADDR, (SockOptType *)&val, sizeof(val));
+ return this->setsockopt(SOL_SOCKET, SO_REUSEADDR, reinterpret_cast<SockOptType *>(&val), sizeof(val));
  }
 
  auto Socket::getsockopt(int level, int optname, SockOptType *optval, socklen_t *optlen) -> int { // NOLINT(readability-make-member-function-const)