Update Code Scanning (#4)

Author: f-michaut

.github/workflows/cmake-multi-platform.yml

@@ -54,30 +54,13 @@ jobs:
       - name: Set Env
         shell: bash
         run: |
-          echo "VCPKG_ROOT=${VCPKG_INSTALLATION_ROOT}" >> "$GITHUB_ENV"
           echo "BUILD_OUTPUT_DIR=${{ github.workspace }}/build" >> "$GITHUB_ENV"
 
-      - name: Fetch VCPKG Cache (Windows)
-        id: fetch-vcpkg-cache
+      - name: VCPKG Install (Windows)
         if: runner.os == 'Windows'
-        uses: actions/cache/restore@v4
+        uses: ./.github/workflows/windows-vcpkg
         with:
-          key: ${{ runner.os }}-${{ matrix.build_type }}-${{ hashFiles('vcpkg.json') }}
-          path: ${{ env.VCPKG_ROOT }}
-
-      - name: Install OpenSSL (Windows)
-        if: runner.os == 'Windows'
-        shell: powershell
-        run: |
-          echo "CMAKE_TOOLCHAIN_FILE=${env:VCPKG_ROOT}\scripts\buildsystems\vcpkg.cmake" | Out-File -FilePath $env:GITHUB_ENV -Append
-          vcpkg install
-
-      - name: Always Save VCPKG Cache (Windows)
-        if: always() && runner.os == 'Windows' && steps.fetch-vcpkg-cache.outputs.cache-hit != 'true'
-        uses: actions/cache/save@v4
-        with:
-          key: ${{ steps.fetch-vcpkg-cache.outputs.cache-primary-key }}
-          path: ${{ env.VCPKG_ROOT }}
+          key: ${{ runner.os }}-${{ matrix.build_type }}
 
       - name: Configure CMake
         # Configure CMake in a 'build' subdirectory.

.github/workflows/code_scanning.yml

@@ -30,7 +30,7 @@ jobs:
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v2
+      uses: github/codeql-action/init@v3
       with:
         languages: 'c-cpp'
         # If you wish to specify custom queries, you can do so here or in a config file.
@@ -44,20 +44,10 @@ jobs:
     # Autobuild attempts to build any compiled languages (C/C++, C#, Go, Java, or Swift).
     # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild
-      uses: github/codeql-action/autobuild@v2
-
-    # ℹ️ Command-line programs to run using the OS shell.
-    # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
-
-    #   If the Autobuild fails above, remove it and uncomment the following three lines.
-    #   modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance.
-
-    # - run: |
-    #     echo "Run, Build Application using script"
-    #     ./location_of_script_within_repo/buildscript.sh
+      uses: github/codeql-action/autobuild@v3
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v2
+      uses: github/codeql-action/analyze@v3
       with:
         category: "/language:c-cpp"
 
@@ -73,53 +63,66 @@ jobs:
         uses: actions/checkout@v3
 
       - name: flawfinder_scan
-        uses: david-a-wheeler/flawfinder@8e4a779ad59dbfaee5da586aa9210853b701959c
+        uses: david-a-wheeler/flawfinder@2.0.19
         with:
           arguments: '--sarif ./'
           output: 'flawfinder_results.sarif'
 
       - name: Upload analysis results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@v3
         with:
           sarif_file: ${{github.workspace}}/flawfinder_results.sarif
 
-  # microsoft-analyze:
-  #   permissions:
-  #     contents: read # for actions/checkout to fetch code
-  #     security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
-  #     actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
-  #   name: Microsoft Analyze
-  #   runs-on: windows-latest
-
-  #   steps:
-  #     - name: Checkout repository
-  #       uses: actions/checkout@v3
-
-  #     - name: Configure CMake
-  #       run: cmake -B ./build
-
-  #     # Build is not required unless generated source files are used
-  #     # - name: Build CMake
-  #     #   run: cmake --build ./build
-
-  #     - name: Initialize MSVC Code Analysis
-  #       uses: microsoft/msvc-code-analysis-action@04825f6d9e00f87422d6bf04e1a38b1f3ed60d99
-  #       # Provide a unique ID to access the sarif output path
-  #       id: run-analysis
-  #       with:
-  #         cmakeBuildDirectory: ${{ env.build }}
-  #         # Ruleset file that will determine what checks will be run
-  #         ruleset: NativeRecommendedRules.ruleset
-
-  #     # Upload SARIF file to GitHub Code Scanning Alerts
-  #     - name: Upload SARIF to GitHub
-  #       uses: github/codeql-action/upload-sarif@v2
-  #       with:
-  #         sarif_file: ${{ steps.run-analysis.outputs.sarif }}
-
-  #     # Upload SARIF file as an Artifact to download and view
-  #     # - name: Upload SARIF as an Artifact
-  #     #   uses: actions/upload-artifact@v3
-  #     #   with:
-  #     #     name: sarif-file
-  #     #     path: ${{ steps.run-analysis.outputs.sarif }}
+  microsoft-analyze:
+    permissions:
+      actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
+      contents: read # for actions/checkout to fetch code
+      security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
+    name: Microsoft Analyze
+    runs-on: windows-latest
+
+    env:
+      # Path to the CMake build directory.
+      build: '${{ github.workspace }}/build'
+      config: 'Debug'
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      - name: VCPKG Install (Windows)
+        uses: ./.github/workflows/windows-vcpkg
+        with:
+          key: ${{ runner.os }}-${{ env.config }}
+
+      - name: Configure CMake
+        run: cmake -B ${{ env.build }} -DCMAKE_BUILD_TYPE=${{ env.config }}
+
+      # Build is not required unless generated source files are used
+      # - name: Build CMake
+      #   run: cmake --build ${{ env.build }} --config ${{ env.config }}
+
+      - name: Run MSVC Code Analysis
+        uses: microsoft/msvc-code-analysis-action@v0.1.1
+        # Provide a unique ID to access the sarif output path
+        id: run-analysis
+        with:
+          cmakeBuildDirectory: ${{ env.build }}
+          buildConfiguration: ${{ env.config }}
+          # Ruleset file that will determine what checks will be run
+          ruleset: NativeRecommendedRules.ruleset
+          # Paths to ignore analysis of CMake targets and includes
+          # ignoredPaths: ${{ github.workspace }}/dependencies;${{ github.workspace }}/test
+
+      # Upload SARIF file to GitHub Code Scanning Alerts
+      - name: Upload SARIF to GitHub
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: ${{ steps.run-analysis.outputs.sarif }}
+
+      # # Upload SARIF file as an Artifact to download and view
+      # - name: Upload SARIF as an Artifact
+      #   uses: actions/upload-artifact@v4
+      #   with:
+      #     name: sarif-file
+      #     path: ${{ steps.run-analysis.outputs.sarif }}

.github/workflows/download-cache.yml

@@ -0,0 +1,22 @@
+on:
+  workflow_dispatch:
+    inputs:
+      cache-key:
+        description: 'The key of the cache to retrieve'
+        required: true
+
+jobs:
+  download_and_upload_cache:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Restore cache
+      uses: actions/cache@v4
+      with:
+        path: ./cache
+        key: ${{ inputs.cache-key }}
+
+    - name: Upload cached data as artifact
+      uses: actions/upload-artifact@v3
+      with:
+        name: cached-data-artifact
+        path: ./cache

.github/workflows/windows-vcpkg/action.yml

@@ -0,0 +1,37 @@
+name: Windows VCPKG
+
+inputs:
+  key:
+    required: true
+    type: string
+
+runs:
+  using: "composite"
+  steps:
+    - name: Set Env
+      shell: powershell
+      run: |
+        echo "VCPKG_ROOT=${env:VCPKG_INSTALLATION_ROOT}" | Out-File -FilePath $env:GITHUB_ENV -Append
+        echo "VCPKG_CACHE=${env:LOCALAPPDATA}\vcpkg\archives" | Out-File -FilePath $env:GITHUB_ENV -Append
+
+    - name: Fetch VCPKG Cache (Windows)
+      id: fetch-vcpkg-cache
+      if: runner.os == 'Windows'
+      uses: actions/cache/restore@v4
+      with:
+        key: ${{ inputs.key }}-vcpkg-${{ hashFiles('vcpkg.json') }}
+        path: ${{ env.VCPKG_CACHE }}
+
+    - name: VCPKG Install (Windows)
+      if: runner.os == 'Windows'
+      shell: powershell
+      run: |
+        echo "CMAKE_TOOLCHAIN_FILE=${env:VCPKG_ROOT}\scripts\buildsystems\vcpkg.cmake" | Out-File -FilePath $env:GITHUB_ENV -Append
+        vcpkg install --debug
+
+    - name: Always Save VCPKG Cache (Windows)
+      if: always() && runner.os == 'Windows' && steps.fetch-vcpkg-cache.outputs.cache-hit != 'true'
+      uses: actions/cache/save@v4
+      with:
+        key: ${{ steps.fetch-vcpkg-cache.outputs.cache-primary-key }}
+        path: ${{ env.VCPKG_CACHE }}

CMakeLists.txt

@@ -4,13 +4,13 @@
 ## Author Francois Michaut
 ##
 ## Started on  Sun Aug 28 19:26:51 2022 Francois Michaut
-## Last update Mon Aug  4 23:34:08 2025 Francois Michaut
+## Last update Tue Aug  5 19:07:23 2025 Francois Michaut
 ##
 ## CMakeLists.txt : CMake to build the CppSockets library
 ##
 
 cmake_minimum_required (VERSION 3.15)
-set(CMAKE_CXX_STANDARD 17)
+set(CMAKE_CXX_STANDARD 20)
 set(CMAKE_CXX_STANDARD_REQUIRED True)
 set(CMAKE_EXPORT_COMPILE_COMMANDS ON)
 

include/CppSockets/Certificate.hpp

@@ -4,7 +4,7 @@
 ** Author Francois Michaut
 **
 ** Started on  Fri Aug  1 09:50:33 2025 Francois Michaut
-** Last update Mon Aug  4 23:45:31 2025 Francois Michaut
+** Last update Tue Aug  5 19:08:13 2025 Francois Michaut
 **
 ** Certificate.hpp : Classes to create and manage Certificates
 */
@@ -18,12 +18,6 @@
 #include <cstdint>
 #include <filesystem>
 
-#if __cplusplus < 202002L
-namespace std {
-    using u8string = basic_string<unsigned char>; // NOLINT(cert-dcl58-cpp)
-}
-#endif
-
 namespace CppSockets {
     class x509NameEntry;
 
@@ -164,8 +158,8 @@ namespace CppSockets {
             // TODO: Get methods
 
             // TODO: Provide overloads for hardcoded time
-            void set_not_before(int offset_day, std::int64_t offset_sec, time_t *in_tm);
-            void set_not_after(int offset_day, std::int64_t offset_sec, time_t *in_tm);
+            void set_not_before(int offset_day, std::int64_t offset_sec, time_t *in_tm = nullptr);
+            void set_not_after(int offset_day, std::int64_t offset_sec, time_t *in_tm = nullptr);
 
             void set_version(std::int64_t version);
             [[nodiscard]]

source/Certificate.cpp

@@ -4,7 +4,7 @@
 ** Author Francois Michaut
 **
 ** Started on  Sat Aug  2 22:41:35 2025 Francois Michaut
-** Last update Tue Aug  5 13:08:40 2025 Francois Michaut
+** Last update Tue Aug  5 19:12:12 2025 Francois Michaut
 **
 ** Certificate.cpp : Implementation of classes to create and manage Certificates
 */
@@ -72,19 +72,19 @@ namespace CppSockets {
     }
 
     void x509Name::add_entry(const std::string &field_name, int type, const std::u8string &data, int loc, int set) {
-        auto ret = X509_NAME_add_entry_by_txt(m_ptr.get(), field_name.c_str(), type, data.c_str(), numeric_cast<int>(data.size()), loc, set);
+        auto ret = X509_NAME_add_entry_by_txt(m_ptr.get(), field_name.c_str(), type, reinterpret_cast<const unsigned char *>(data.c_str()), numeric_cast<int>(data.size()), loc, set);
 
         check_or_throw_openssl_error(ret);
     }
 
     void x509Name::add_entry(const ASN1_OBJECT *obj, int type, const std::u8string &data, int loc, int set) {
-        auto ret = X509_NAME_add_entry_by_OBJ(m_ptr.get(), obj, type, data.c_str(), numeric_cast<int>(data.size()), loc, set);
+        auto ret = X509_NAME_add_entry_by_OBJ(m_ptr.get(), obj, type, reinterpret_cast<const unsigned char *>(data.c_str()), numeric_cast<int>(data.size()), loc, set);
 
         check_or_throw_openssl_error(ret);
     }
 
     void x509Name::add_entry(int nid, int type, const std::u8string &data, int loc, int set) {
-        auto ret = X509_NAME_add_entry_by_NID(m_ptr.get(), nid, type, data.c_str(), numeric_cast<int>(data.size()), loc, set);
+        auto ret = X509_NAME_add_entry_by_NID(m_ptr.get(), nid, type, reinterpret_cast<const unsigned char *>(data.c_str()), numeric_cast<int>(data.size()), loc, set);
 
         check_or_throw_openssl_error(ret);
     }
@@ -129,19 +129,19 @@ namespace CppSockets {
     }
 
     x509NameEntry::x509NameEntry(const std::string &name, int type, const std::u8string &data) :
-        m_ptr(X509_NAME_ENTRY_create_by_txt(nullptr, name.c_str(), type, data.c_str(), numeric_cast<int>(data.size())))
+        m_ptr(X509_NAME_ENTRY_create_by_txt(nullptr, name.c_str(), type, reinterpret_cast<const unsigned char *>(data.c_str()), numeric_cast<int>(data.size())))
     {
         REQUIRED_PTR(m_ptr, "X509_NAME_ENTRY")
     }
 
     x509NameEntry::x509NameEntry(const ASN1_OBJECT *obj, int type, const std::u8string &data) :
-        m_ptr(X509_NAME_ENTRY_create_by_OBJ(nullptr, obj, type, data.c_str(), numeric_cast<int>(data.size())))
+        m_ptr(X509_NAME_ENTRY_create_by_OBJ(nullptr, obj, type, reinterpret_cast<const unsigned char *>(data.c_str()), numeric_cast<int>(data.size())))
     {
         REQUIRED_PTR(m_ptr, "X509_NAME_ENTRY")
     }
 
     x509NameEntry::x509NameEntry(int nid, int type, const std::u8string &data) :
-        m_ptr(X509_NAME_ENTRY_create_by_NID(nullptr, nid, type, data.c_str(), numeric_cast<int>(data.size())))
+        m_ptr(X509_NAME_ENTRY_create_by_NID(nullptr, nid, type, reinterpret_cast<const unsigned char *>(data.c_str()), numeric_cast<int>(data.size())))
     {
         REQUIRED_PTR(m_ptr, "X509_NAME_ENTRY")
     }
@@ -157,7 +157,7 @@ namespace CppSockets {
     }
 
     void x509NameEntry::set_data(int type, const std::u8string &data) {
-        auto ret = X509_NAME_ENTRY_set_data(m_ptr.get(), type, data.c_str(), numeric_cast<int>(data.size()));
+        auto ret = X509_NAME_ENTRY_set_data(m_ptr.get(), type, reinterpret_cast<const unsigned char *>(data.c_str()), numeric_cast<int>(data.size()));
 
         check_or_throw_openssl_error(ret);
     }

source/Socket.cpp

@@ -4,7 +4,7 @@
 ** Author Francois Michaut
 **
 ** Started on  Sat Jan 15 01:27:40 2022 Francois Michaut
-** Last update Tue Aug  5 00:04:25 2025 Francois Michaut
+** Last update Tue Aug  5 14:46:12 2025 Francois Michaut
 **
 ** Socket.cpp : Protable C++ socket class implementation
 */
@@ -46,7 +46,7 @@ namespace CppSockets {
     {
         socklen_t len = sizeof(int);
 
-        Socket::getsockopt(sockfd, SOL_SOCKET, SO_TYPE, (SockOptType *)&m_type, &len);
+        Socket::getsockopt(sockfd, SOL_SOCKET, SO_TYPE, reinterpret_cast<SockOptType *>(&m_type), &len);
 #ifdef OS_LINUX
         Socket::getsockopt(sockfd, SOL_SOCKET, SO_DOMAIN, &m_domain, &len);
         Socket::getsockopt(sockfd, SOL_SOCKET, SO_PROTOCOL, &m_protocol, &len);
@@ -128,7 +128,7 @@ namespace CppSockets {
         std::size_t nb = 1;
 
         while (nb != 0 && (len == -1 || total < len)) {
-            nb = this->read(buff.data(), BUFF_SIZE);
+            nb = this->read(buff.data(), buff.size());
             if (nb > 0) {
                 res << std::string(buff.data(), nb);
             }
@@ -168,7 +168,7 @@ namespace CppSockets {
     auto Socket::set_reuseaddr(bool value) -> int {
         int val = static_cast<int>(value);
 
-        return this->setsockopt(SOL_SOCKET, SO_REUSEADDR, (SockOptType *)&val, sizeof(val));
+        return this->setsockopt(SOL_SOCKET, SO_REUSEADDR, reinterpret_cast<SockOptType *>(&val), sizeof(val));
     }
 
     auto Socket::getsockopt(int level, int optname, SockOptType *optval, socklen_t *optlen) -> int { // NOLINT(readability-make-member-function-const)