From cc69a527800ec24992074fbbcc5e80270aebff42 Mon Sep 17 00:00:00 2001
From: Matt Mundell <matt@mundell.me>
Date: Tue, 25 Feb 2025 22:02:56 +0200
Subject: [PATCH 1/2] Change: move assignments out of if conditions (base)

---
 base/drop_privileges.c |  5 +++--
 base/hosts.c           | 21 ++++++++++++++-------
 base/networking.c      |  6 ++++--
 base/pwpolicy.c        |  3 ++-
 4 files changed, 23 insertions(+), 12 deletions(-)

diff --git a/base/drop_privileges.c b/base/drop_privileges.c
index f31c7706..8063f1c5 100644
--- a/base/drop_privileges.c
+++ b/base/drop_privileges.c
@@ -64,9 +64,10 @@ drop_privileges (gchar *username, GError **error)
 
   if (geteuid () == 0)
     {
-      struct passwd *user_pw = NULL;
+      struct passwd *user_pw;
 
-      if ((user_pw = getpwnam (username)))
+      user_pw = getpwnam (username);
+      if (user_pw)
         {
           if (initgroups (username, user_pw->pw_gid) != 0)
             return drop_privileges_error (
diff --git a/base/hosts.c b/base/hosts.c
index 7c1c4ca6..085c427c 100644
--- a/base/hosts.c
+++ b/base/hosts.c
@@ -1053,7 +1053,8 @@ gvm_hosts_deduplicate (gvm_hosts_t *hosts)
     {
       gchar *name;
 
-      if ((name = gvm_host_value_str (hosts->hosts[i])))
+      name = gvm_host_value_str (hosts->hosts[i]);
+      if (name)
         {
           gvm_host_t *host, *removed = hosts->hosts[i];
 
@@ -1589,7 +1590,8 @@ gvm_hosts_exclude_with_max (gvm_hosts_t *hosts, const char *excluded_str,
     {
       gchar *name;
 
-      if ((name = gvm_host_value_str (excluded_hosts->hosts[i])))
+      name = gvm_host_value_str (excluded_hosts->hosts[i]);
+      if (name)
         g_hash_table_insert (name_table, name, hosts);
     }
 
@@ -1598,7 +1600,8 @@ gvm_hosts_exclude_with_max (gvm_hosts_t *hosts, const char *excluded_str,
     {
       gchar *name;
 
-      if ((name = gvm_host_value_str (hosts->hosts[i])))
+      name = gvm_host_value_str (hosts->hosts[i]);
+      if (name)
         {
           if (g_hash_table_lookup (name_table, name))
             {
@@ -1667,7 +1670,8 @@ gvm_hosts_allowed_only (gvm_hosts_t *hosts, const char *deny_hosts_str,
         {
           gchar *name;
 
-          if ((name = gvm_host_value_str (denied_hosts->hosts[i])))
+          name = gvm_host_value_str (denied_hosts->hosts[i]);
+          if (name)
             g_hash_table_insert (name_deny_table, name, hosts);
         }
     }
@@ -1682,7 +1686,8 @@ gvm_hosts_allowed_only (gvm_hosts_t *hosts, const char *deny_hosts_str,
         {
           gchar *name;
 
-          if ((name = gvm_host_value_str (allowed_hosts->hosts[i])))
+          name = gvm_host_value_str (allowed_hosts->hosts[i]);
+          if (name)
             g_hash_table_insert (name_allow_table, name, hosts);
         }
     }
@@ -1693,7 +1698,8 @@ gvm_hosts_allowed_only (gvm_hosts_t *hosts, const char *deny_hosts_str,
     {
       gchar *name;
 
-      if ((name = gvm_host_value_str (hosts->hosts[i])))
+      name = gvm_host_value_str (hosts->hosts[i]);
+      if (name)
         {
           if (denied_hosts != NULL
               && g_hash_table_lookup (name_deny_table, name))
@@ -2022,7 +2028,8 @@ gvm_hosts_reverse_lookup_unify_excluded (gvm_hosts_t *hosts)
     {
       gchar *name;
 
-      if ((name = gvm_host_reverse_lookup (hosts->hosts[i])))
+      name = gvm_host_reverse_lookup (hosts->hosts[i]);
+      if (name)
         {
           if (g_hash_table_lookup (name_table, name))
             {
diff --git a/base/networking.c b/base/networking.c
index ce63af6f..a38ef291 100644
--- a/base/networking.c
+++ b/base/networking.c
@@ -949,7 +949,8 @@ get_routes (void)
 
       interface = g_strndup (items_in_line[0], 64);
       /* Cut interface str after ":" if IP aliasing is used. */
-      if ((char_p = strchr (interface, ':')))
+      char_p = strchr (interface, ':');
+      if (char_p)
         {
           *char_p = '\0';
         }
@@ -1292,7 +1293,8 @@ gvm_get_outgoing_iface (struct sockaddr_storage *target_addr)
     return NULL;
 
   // get a connected udp socket
-  if ((sockfd = get_connected_udp_sock (target_addr)) < 0)
+  sockfd = get_connected_udp_sock (target_addr);
+  if (sockfd < 0)
     return NULL;
   // get socked address which is the addr of the interface we want to get
   out_iface_addr.ss_family = family;
diff --git a/base/pwpolicy.c b/base/pwpolicy.c
index cc2bef96..0b8dc08c 100644
--- a/base/pwpolicy.c
+++ b/base/pwpolicy.c
@@ -241,7 +241,8 @@ parse_pattern_line (char *line, const char *fname, int lineno, char **descp,
   else if (*line == '#' && line[1] == '+') /* Processing instruction.  */
     {
       line += 2;
-      if ((p = is_keyword (line, "desc")))
+      p = is_keyword (line, "desc");
+      if (p)
         {
           g_free (*descp);
           if (*p)

From fcb22c11470033dce4d3fa9f29360f39796c2d95 Mon Sep 17 00:00:00 2001
From: Matt Mundell <matt@mundell.me>
Date: Tue, 25 Feb 2025 22:05:38 +0200
Subject: [PATCH 2/2] Add: first tests of pwpolicy.c

---
 base/CMakeLists.txt   |  1 +
 base/pwpolicy_tests.c | 79 +++++++++++++++++++++++++++++++++++++++++++
 2 files changed, 80 insertions(+)
 create mode 100644 base/pwpolicy_tests.c

diff --git a/base/CMakeLists.txt b/base/CMakeLists.txt
index 44fb9112..bdaef939 100644
--- a/base/CMakeLists.txt
+++ b/base/CMakeLists.txt
@@ -102,6 +102,7 @@ if (BUILD_TESTS)
 
   set (NETWORKING_TEST_LINKER_WRAP_OPTIONS "-Wl,-wrap,g_io_channel_new_file,-wrap,g_io_channel_shutdown")
   add_unit_test (networking-test networking_tests.c gvm_base_shared ${CGREEN_LIBRARIES} ${GLIB_LDFLAGS} ${LINKER_HARDENING_FLAGS} ${NETWORKING_TEST_LINKER_WRAP_OPTIONS})
+  add_unit_test (pwpolicy-test pwpolicy_tests.c ${GLIB_LDFLAGS} ${LINKER_HARDENING_FLAGS})
   add_unit_test (version-test version_tests.c ${GLIB_LDFLAGS} ${LINKER_HARDENING_FLAGS})
   add_unit_test (nvti-test nvti_tests.c ${GLIB_LDFLAGS} ${LINKER_HARDENING_FLAGS})
   add_unit_test (hosts-test hosts_tests.c gvm_base_shared gvm_util_shared ${GLIB_LDFLAGS} ${LINKER_HARDENING_FLAGS})
diff --git a/base/pwpolicy_tests.c b/base/pwpolicy_tests.c
new file mode 100644
index 00000000..a22b1d97
--- /dev/null
+++ b/base/pwpolicy_tests.c
@@ -0,0 +1,79 @@
+/* SPDX-FileCopyrightText: 2019-2023 Greenbone AG
+ *
+ * SPDX-License-Identifier: GPL-2.0-or-later
+ */
+
+#include "pwpolicy.c"
+
+#include <cgreen/assertions.h>
+#include <cgreen/cgreen.h>
+#include <cgreen/constraint_syntax_helpers.h>
+#include <cgreen/internal/c_assertions.h>
+#include <cgreen/mocks.h>
+
+Describe (pwpolicy);
+BeforeEach (pwpolicy)
+{
+}
+
+AfterEach (pwpolicy)
+{
+}
+
+/* parse_pattern_line */
+
+Ensure (pwpolicy, parse_pattern_line_allows)
+{
+  char *desc, *error, *line;
+
+  desc = NULL;
+  line = g_strdup ("password");
+  error = parse_pattern_line (line, "test", 111, &desc, "passw0rd", "name");
+  assert_that (error, is_null);
+  g_free (desc);
+  g_free (line);
+}
+
+Ensure (pwpolicy, parse_pattern_line_refuses)
+{
+  char *desc, *error, *line;
+
+  desc = NULL;
+  line = g_strdup ("password");
+  error = parse_pattern_line (line, "test", 111, &desc, "password", "name");
+  assert_that (error, is_not_null);
+  g_free (desc);
+  g_free (error);
+  g_free (line);
+}
+
+Ensure (pwpolicy, parse_pattern_line_comment)
+{
+  char *desc, *error, *line;
+
+  desc = NULL;
+  line = g_strdup ("# password");
+  error = parse_pattern_line (line, "test", 111, &desc, "password", "name");
+  assert_that (error, is_null);
+  g_free (desc);
+  g_free (error);
+  g_free (line);
+}
+
+/* Test suite. */
+int
+main (int argc, char **argv)
+{
+  TestSuite *suite;
+
+  suite = create_test_suite ();
+
+  add_test_with_context (suite, pwpolicy, parse_pattern_line_allows);
+  add_test_with_context (suite, pwpolicy, parse_pattern_line_refuses);
+  add_test_with_context (suite, pwpolicy, parse_pattern_line_comment);
+
+  if (argc > 1)
+    return run_single_test (suite, argv[1], create_text_reporter ());
+
+  return run_test_suite (suite, create_text_reporter ());
+}