Update Code Scanning

f-michaut · f-michaut · commit 7c157c2a877d · 2025-08-05T13:52:13.000-03:00
diff --git a/.github/workflows/code_scanning.yml b/.github/workflows/code_scanning.yml
@@ -30,7 +30,7 @@ jobs:
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v2
+      uses: github/codeql-action/init@v3
       with:
         languages: 'c-cpp'
         # If you wish to specify custom queries, you can do so here or in a config file.
@@ -44,20 +44,10 @@ jobs:
     # Autobuild attempts to build any compiled languages (C/C++, C#, Go, Java, or Swift).
     # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild
-      uses: github/codeql-action/autobuild@v2
-
-    # ℹ️ Command-line programs to run using the OS shell.
-    # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
-
-    #   If the Autobuild fails above, remove it and uncomment the following three lines.
-    #   modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance.
-
-    # - run: |
-    #     echo "Run, Build Application using script"
-    #     ./location_of_script_within_repo/buildscript.sh
+      uses: github/codeql-action/autobuild@v3
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v2
+      uses: github/codeql-action/analyze@v3
       with:
         category: "/language:c-cpp"
 
@@ -73,53 +63,53 @@ jobs:
         uses: actions/checkout@v3
 
       - name: flawfinder_scan
-        uses: david-a-wheeler/flawfinder@8e4a779ad59dbfaee5da586aa9210853b701959c
+        uses: david-a-wheeler/flawfinder@2.0.19
         with:
           arguments: '--sarif ./'
           output: 'flawfinder_results.sarif'
 
       - name: Upload analysis results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@v3
         with:
           sarif_file: ${{github.workspace}}/flawfinder_results.sarif
 
-  # microsoft-analyze:
-  #   permissions:
-  #     contents: read # for actions/checkout to fetch code
-  #     security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
-  #     actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
-  #   name: Microsoft Analyze
-  #   runs-on: windows-latest
-
-  #   steps:
-  #     - name: Checkout repository
-  #       uses: actions/checkout@v3
-
-  #     - name: Configure CMake
-  #       run: cmake -B ./build
-
-  #     # Build is not required unless generated source files are used
-  #     # - name: Build CMake
-  #     #   run: cmake --build ./build
-
-  #     - name: Initialize MSVC Code Analysis
-  #       uses: microsoft/msvc-code-analysis-action@04825f6d9e00f87422d6bf04e1a38b1f3ed60d99
-  #       # Provide a unique ID to access the sarif output path
-  #       id: run-analysis
-  #       with:
-  #         cmakeBuildDirectory: ${{ env.build }}
-  #         # Ruleset file that will determine what checks will be run
-  #         ruleset: NativeRecommendedRules.ruleset
-
-  #     # Upload SARIF file to GitHub Code Scanning Alerts
-  #     - name: Upload SARIF to GitHub
-  #       uses: github/codeql-action/upload-sarif@v2
-  #       with:
-  #         sarif_file: ${{ steps.run-analysis.outputs.sarif }}
-
-  #     # Upload SARIF file as an Artifact to download and view
-  #     # - name: Upload SARIF as an Artifact
-  #     #   uses: actions/upload-artifact@v3
-  #     #   with:
-  #     #     name: sarif-file
-  #     #     path: ${{ steps.run-analysis.outputs.sarif }}
+  microsoft-analyze:
+    permissions:
+      actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
+      contents: read # for actions/checkout to fetch code
+      security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
+    name: Microsoft Analyze
+    runs-on: windows-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      - name: Configure CMake
+        run: cmake -B ./build
+
+      # Build is not required unless generated source files are used
+      # - name: Build CMake
+      #   run: cmake --build ./build
+
+      - name: Initialize MSVC Code Analysis
+        uses: microsoft/msvc-code-analysis-action@04825f6d9e00f87422d6bf04e1a38b1f3ed60d99
+        # Provide a unique ID to access the sarif output path
+        id: run-analysis
+        with:
+          cmakeBuildDirectory: ./build
+          # Ruleset file that will determine what checks will be run
+          ruleset: NativeRecommendedRules.ruleset
+
+      # Upload SARIF file to GitHub Code Scanning Alerts
+      - name: Upload SARIF to GitHub
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: ${{ steps.run-analysis.outputs.sarif }}
+
+      # Upload SARIF file as an Artifact to download and view
+      # - name: Upload SARIF as an Artifact
+      #   uses: actions/upload-artifact@v3
+      #   with:
+      #     name: sarif-file
+      #     path: ${{ steps.run-analysis.outputs.sarif }}
diff --git a/source/Socket.cpp b/source/Socket.cpp
@@ -4,7 +4,7 @@
 ** Author Francois Michaut
 **
 ** Started on  Sat Jan 15 01:27:40 2022 Francois Michaut
-** Last update Tue Aug  5 00:04:25 2025 Francois Michaut
+** Last update Tue Aug  5 13:40:49 2025 Francois Michaut
 **
 ** Socket.cpp : Protable C++ socket class implementation
 */
@@ -46,7 +46,7 @@ namespace CppSockets {
     {
         socklen_t len = sizeof(int);
 
-        Socket::getsockopt(sockfd, SOL_SOCKET, SO_TYPE, (SockOptType *)&m_type, &len);
+        Socket::getsockopt(sockfd, SOL_SOCKET, SO_TYPE, static_cast<SockOptType *>(&m_type), &len);
 #ifdef OS_LINUX
         Socket::getsockopt(sockfd, SOL_SOCKET, SO_DOMAIN, &m_domain, &len);
         Socket::getsockopt(sockfd, SOL_SOCKET, SO_PROTOCOL, &m_protocol, &len);
@@ -128,7 +128,7 @@ namespace CppSockets {
         std::size_t nb = 1;
 
         while (nb != 0 && (len == -1 || total < len)) {
-            nb = this->read(buff.data(), BUFF_SIZE);
+            nb = this->read(buff.data(), buff.size());
             if (nb > 0) {
                 res << std::string(buff.data(), nb);
             }
@@ -168,7 +168,7 @@ namespace CppSockets {
     auto Socket::set_reuseaddr(bool value) -> int {
         int val = static_cast<int>(value);
 
-        return this->setsockopt(SOL_SOCKET, SO_REUSEADDR, (SockOptType *)&val, sizeof(val));
+        return this->setsockopt(SOL_SOCKET, SO_REUSEADDR, static_cast<SockOptType *>(&val), sizeof(val));
     }
 
     auto Socket::getsockopt(int level, int optname, SockOptType *optval, socklen_t *optlen) -> int { // NOLINT(readability-make-member-function-const)
diff --git a/source/TlsSocket.cpp b/source/TlsSocket.cpp
@@ -4,7 +4,7 @@
 ** Author Francois Michaut
 **
 ** Started on  Wed Sep 14 21:04:42 2022 Francois Michaut
-** Last update Sun Aug  3 22:18:06 2025 Francois Michaut
+** Last update Tue Aug  5 13:49:19 2025 Francois Michaut
 **
 ** SecureSocket.cpp : TLS socket wrapper implementation
 */
@@ -154,13 +154,13 @@ namespace CppSockets {
         std::size_t nb = 0;
         std::size_t total;
 
-        if (SSL_peek(m_ssl.get(), buff.data(), BUFF_SIZE) <= 0) {
+        if (SSL_peek(m_ssl.get(), buff.data(), buff.size()) <= 0) {
             set_connected(false); // TODO: we should replace this with check_for_error
         }
         check_for_error("Failed to read from socket", 1); // Do not raise an error if peek failed
         total = SSL_pending(m_ssl.get());
         while (total != 0 && len != 0) {
-            nb = this->read(buff.data(), (BUFF_SIZE > len ? len : BUFF_SIZE));
+            nb = this->read(buff.data(), (buff.size() > len ? len : buff.size()));
             res << std::string(buff.data(), nb);
             total -= nb;
             if (len != -1)
