Introduce initial security checks

cmake/Build.cmake

@@ -1,19 +1,26 @@
 function(build_boxing_module build_static_flag build_shared_flag module_name module_name_core source_files)
+    include(${CMAKE_CURRENT_LIST_DIR}/cmake/Security.cmake)
+
     if (${build_static_flag})
         add_library("${${module_name}}" STATIC ${${source_files}})
+        enable_strict_warnings(module_name)
         set_target_properties("${${module_name}}" PROPERTIES DEBUG_POSTFIX "-d")
     endif ()
 
     if (${build_shared_flag})
         add_library("${${module_name}}" SHARED ${${source_files}})
+        enable_strict_warnings(module_name)
         target_link_libraries("${${module_name}}" ${module_name_core})
         set_target_properties("${${module_name}}" PROPERTIES DEBUG_POSTFIX "-d")
     endif ()
 endfunction()
 
 function(build_core_module build_static_flag build_shared_flag build_jni_flag module_name source_files jni_source_files)
+    include(${CMAKE_CURRENT_LIST_DIR}/cmake/Security.cmake)
+
     if (${build_static_flag})
         add_library("${${module_name}}" STATIC ${${source_files}})
+        enable_strict_warnings(module_name)
         set_target_properties("${${module_name}}" PROPERTIES DEBUG_POSTFIX "-d")
     endif ()
 
@@ -21,56 +28,73 @@ function(build_core_module build_static_flag build_shared_flag build_jni_flag mo
         if (${build_jni_flag})
             message("${${module_name}}: building with JNI...")
             add_library("${${module_name}}" SHARED ${${source_files}} ${${jni_source_files}})
+            enable_strict_warnings(module_name)
             set_target_properties("${${module_name}}" PROPERTIES DEBUG_POSTFIX "-d")
         else ()
             add_library("${${module_name}}" SHARED ${${source_files}})
+            enable_strict_warnings(module_name)
             set_target_properties("${${module_name}}" PROPERTIES DEBUG_POSTFIX "-d")
         endif ()
     endif ()
 endfunction()
 
 function(build_encoding_module build_static_flag build_shared_flag module_name module_name_core source_files)
+    include(${CMAKE_CURRENT_LIST_DIR}/cmake/Security.cmake)
+
     if (${build_static_flag})
         add_library("${${module_name}}" STATIC ${${source_files}})
+        enable_strict_warnings(module_name)
         set_target_properties("${${module_name}}" PROPERTIES DEBUG_POSTFIX "-d")
     endif ()
 
     if (${build_shared_flag})
         add_library("${${module_name}}" SHARED ${${source_files}})
+        enable_strict_warnings(module_name)
         target_link_libraries("${${module_name}}" ${module_name_core})
         set_target_properties("${${module_name}}" PROPERTIES DEBUG_POSTFIX "-d")
     endif ()
 endfunction()
 
 function(build_event_module build_static_flag build_shared_flag module_name module_name_core source_files)
+    include(${CMAKE_CURRENT_LIST_DIR}/cmake/Security.cmake)
+
     if (${build_static_flag})
         add_library("${${module_name}}" STATIC ${${source_files}})
+        enable_strict_warnings(module_name)
         set_target_properties("${${module_name}}" PROPERTIES DEBUG_POSTFIX "-d")
     endif ()
 
     if (${build_shared_flag})
         add_library("${${module_name}}" SHARED ${${source_files}})
+        enable_strict_warnings(module_name)
         target_link_libraries("${${module_name}}" ${module_name_core})
         set_target_properties("${${module_name}}" PROPERTIES DEBUG_POSTFIX "-d")
     endif ()
 endfunction()
 
 function(build_io_module build_static_flag build_shared_flag module_name module_name_core source_files)
+    include(${CMAKE_CURRENT_LIST_DIR}/cmake/Security.cmake)
+
     if (${build_static_flag})
         add_library("${${module_name}}" STATIC ${${source_files}})
+        enable_strict_warnings(module_name)
         set_target_properties("${${module_name}}" PROPERTIES DEBUG_POSTFIX "-d")
     endif ()
 
     if (${build_shared_flag})
         add_library("${${module_name}}" SHARED ${${source_files}})
+        enable_strict_warnings(module_name)
         target_link_libraries("${${module_name}}" ${module_name_core})
         set_target_properties("${${module_name}}" PROPERTIES DEBUG_POSTFIX "-d")
     endif ()
 endfunction()
 
 function(build_time_module build_static_flag build_shared_flag build_jni_flag module_name module_name_core source_files source_files_linux source_files_windows source_files_jni)
+    include(${CMAKE_CURRENT_LIST_DIR}/cmake/Security.cmake)
+
     if (${build_static_flag})
         add_library("${${module_name}}" STATIC ${${source_files}} ${${source_files_linux}} ${${source_files_windows}})
+        enable_strict_warnings(module_name)
         set_target_properties("${${module_name}}" PROPERTIES DEBUG_POSTFIX "-d")
     endif ()
 
@@ -78,10 +102,12 @@ function(build_time_module build_static_flag build_shared_flag build_jni_flag mo
         if (${build_jni_flag})
             message("${${module_name}}: building with JNI...")
             add_library("${${module_name}}" SHARED ${${source_files}} ${${source_files_linux}} ${${source_files_windows}} ${${source_files_jni}})
+            enable_strict_warnings(module_name)
             target_link_libraries("${${module_name}}" ${module_name_core})
             set_target_properties("${${module_name}}" PROPERTIES DEBUG_POSTFIX "-d")
         else ()
             add_library("${${module_name}}" SHARED ${${source_files}} ${${source_files_linux}} ${${source_files_windows}})
+            enable_strict_warnings(module_name)
             target_link_libraries("${${module_name}}" ${module_name_core})
             set_target_properties("${${module_name}}" PROPERTIES DEBUG_POSTFIX "-d")
         endif ()

cmake/Security.cmake

@@ -0,0 +1,23 @@
+function(enable_strict_warnings target)
+    if (MSVC)
+        target_compile_options(${${${target}}} PRIVATE
+                /W4
+                /WX
+                /permissive-
+                /sdl
+        )
+    else()
+        target_compile_options(${${${target}}} PRIVATE
+                -Wall
+                -Wextra
+                -Wpedantic
+                -Werror
+                -Wshadow
+                -Wconversion
+                -Wsign-conversion
+                -Wnull-dereference
+                -Wdouble-promotion
+                -Wformat=2
+        )
+    endif()
+endfunction()

include/ls-std/boxing/String.hpp

@@ -3,7 +3,7 @@
  * Company:         Lynar Studios
  * E-Mail:          webmaster@lynarstudios.com
  * Created:         2020-08-14
- * Changed:         2024-09-11
+ * Changed:         2025-12-21
  *
  * */
 
@@ -43,7 +43,7 @@ namespace ls::std::boxing
       ::std::string operator+(ls::std::boxing::String _string) const;
       ::std::string operator+(const ::std::string &_string) const;
       ::std::string operator+(const char *_string) const;
-      ::std::string operator-(int _number) const;
+      ::std::string operator-(::std::string::size_type _number) const;
 
       // compound operators
 

include/ls-std/io/File.hpp

@@ -3,7 +3,7 @@
  * Company:         Lynar Studios
  * E-Mail:          webmaster@lynarstudios.com
  * Created:         2020-08-15
- * Changed:         2024-09-13
+ * Changed:         2025-12-21
  *
  * */
 
@@ -52,7 +52,7 @@ namespace ls::std::io
       [[nodiscard]] ::std::string getAbsoluteFilePath() const;
       [[nodiscard]] ::std::string getName() const;
       [[nodiscard]] ::std::string getParent() const;
-      [[nodiscard]] long getSize() const;
+      [[nodiscard]] size_t getSize() const;
       [[nodiscard]] static ::std::string getWorkingDirectory();
       [[nodiscard]] bool isDirectory() const;
       [[nodiscard]] bool isFile() const;

source/ls-std/boxing/Double.cpp

@@ -3,7 +3,7 @@
  * Company:         Lynar Studios
  * E-Mail:          webmaster@lynarstudios.com
  * Created:         2020-08-14
- * Changed:         2023-05-17
+ * Changed:         2025-12-21
  *
  * */
 
@@ -192,12 +192,12 @@ bool Double::operator<=(double _value) const
 
 void Double::operator++()
 {
-  this->value += 1.0f;
+  this->value += 1.0;
 }
 
 void Double::operator--()
 {
-  this->value -= 1.0f;
+  this->value -= 1.0;
 }
 
 void Double::parse(const string &_parseText)

source/ls-std/boxing/Float.cpp

@@ -3,7 +3,7 @@
  * Company:         Lynar Studios
  * E-Mail:          webmaster@lynarstudios.com
  * Created:         2020-08-14
- * Changed:         2023-05-17
+ * Changed:         2025-12-21
  *
  * */
 
@@ -223,7 +223,7 @@ void Float::setEpsilon(float _epsilon)
 
 void Float::_assignEpsilon(float _epsilon)
 {
-  if (_epsilon <= 0.0)
+  if (_epsilon <= 0.0f)
   {
     throw IllegalArgumentException{"epsilon is less than or equal zero"};
   }

source/ls-std/boxing/String.cpp

@@ -3,7 +3,7 @@
  * Company:         Lynar Studios
  * E-Mail:          webmaster@lynarstudios.com
  * Created:         2020-08-14
- * Changed:         2023-05-17
+ * Changed:         2025-12-21
  *
  * */
 
@@ -51,7 +51,7 @@ string String::operator+(const char *_string) const
   return this->value + _string;
 }
 
-string String::operator-(int _number) const
+string String::operator-(string::size_type _number) const
 {
   string copy = this->value;
   return copy.substr(0, copy.size() - _number);

source/ls-std/encoding/Base64.cpp

@@ -3,7 +3,7 @@
  * Company:         Lynar Studios
  * E-Mail:          webmaster@lynarstudios.com
  * Created:         2022-01-03
- * Changed:         2023-05-15
+ * Changed:         2025-12-21
  *
  * */
 
@@ -37,7 +37,7 @@ string Base64::decode(const string &_sequence)
 {
   string decodedString{};
 
-  for (int index{}; index < _sequence.size(); index += 4)
+  for (size_t index{}; index < _sequence.size(); index += 4)
   {
     string_view quadruple = Base64::_getNextByteQuadruple(string_view{_sequence}, index);
     decodedString += Base64::_decodeByteQuadruple(quadruple);

source/ls-std/io/File.cpp

@@ -3,7 +3,7 @@
  * Company:         Lynar Studios
  * E-Mail:          webmaster@lynarstudios.com
  * Created:         2020-08-15
- * Changed:         2023-05-16
+ * Changed:         2025-12-21
  *
  * */
 
@@ -46,6 +46,7 @@ using std::remove;
 using std::remove_if;
 using std::rename;
 using std::replace;
+using std::streamoff;
 using std::streampos;
 using std::string;
 using std::stringstream;
@@ -149,7 +150,7 @@ string File::getWorkingDirectory()
   return workingDirectory;
 }
 
-long File::getSize() const
+size_t File::getSize() const
 {
   streampos fileSize{};
 
@@ -162,7 +163,8 @@ long File::getSize() const
     fileHandler.close();
   }
 
-  return (long) fileSize;
+  const auto off = static_cast<streamoff>(fileSize);
+  return static_cast<size_t>(off); // not redundant ;)
 }
 
 bool File::isDirectory() const
@@ -599,7 +601,7 @@ string File::_reduceSeparators(const string &_path)
 {
   static const char separator = {FilePathSeparator::get()};
   string normalizedPath{};
-  int index{};
+  size_t index{};
 
   while (index < _path.size())
   {

source/ls-std/io/FileReader.cpp

@@ -3,14 +3,16 @@
  * Company:         Lynar Studios
  * E-Mail:          webmaster@lynarstudios.com
  * Created:         2020-08-17
- * Changed:         2023-05-16
+ * Changed:         2025-12-21
  *
  * */
 
 #include <fstream>
+#include <limits>
 #include <ls-std/core/exception/FileOperationException.hpp>
 #include <ls-std/io/FileReader.hpp>
 #include <ls-std/io/evaluator/FileExistenceEvaluator.hpp>
+#include <stdexcept>
 
 using ls::std::core::Class;
 using ls::std::core::FileOperationException;
@@ -20,6 +22,9 @@ using ls::std::io::File;
 using ls::std::io::FileExistenceEvaluator;
 using ls::std::io::FileReader;
 using std::ifstream;
+using std::numeric_limits;
+using std::overflow_error;
+using std::streamsize;
 using std::string;
 
 FileReader::FileReader(const File &_file) : Class("FileReader"), file(_file)
@@ -32,9 +37,15 @@ FileReader::~FileReader() noexcept = default;
 byte_field FileReader::read()
 {
   ifstream inputStream{this->file.getAbsoluteFilePath(), ifstream::binary};
-  auto length = (int) this->file.getSize();
+  const auto length = this->file.getSize();
   auto data = string(length, 'x');
-  inputStream.read(data.data(), length);
+
+  if (length > static_cast<size_t>(numeric_limits<streamsize>::max()))
+  {
+    throw overflow_error("file size too large to read");
+  }
+
+  inputStream.read(data.data(), static_cast<streamsize>(length));
 
   if (inputStream.fail())
   {

source/ls-std/io/section-pair/model/SectionPairRowValue.cpp

@@ -3,13 +3,15 @@
 * Company:         Lynar Studios
 * E-Mail:          webmaster@lynarstudios.com
 * Created:         2023-02-10
-* Changed:         2023-05-22
+* Changed:         2025-12-21
 *
 * */
 
 #include <ls-std/io/section-pair/model/SectionPairRowValue.hpp>
+#include <ls-std/core/exception/NotImplementedException.hpp>
 
 using ls::std::core::type::byte_field;
+using ls::std::core::NotImplementedException;
 using ls::std::io::SectionPairRowEnumType;
 using ls::std::io::SectionPairRowValue;
 using std::string;
@@ -32,7 +34,7 @@ void SectionPairRowValue::reserveNewLine(string_view _reservedNewLine)
 
 void SectionPairRowValue::unmarshal(const byte_field &_data)
 {
-  // since this class is abstract, these methods are not implemented
+  throw NotImplementedException("data (" + _data + ") not used!");
 }
 
 string SectionPairRowValue::_getReservedNewLine() const

source/ls-std/io/section-pair/serialization/SerializableSectionPairDocument.cpp

@@ -3,7 +3,7 @@
 * Company:         Lynar Studios
 * E-Mail:          webmaster@lynarstudios.com
 * Created:         2023-02-16
-* Changed:         2023-05-19
+* Changed:         2025-12-21
 *
 * */
 
@@ -106,7 +106,7 @@ byte_field SerializableSectionPairDocument::_getNextSerializedSection(const byte
   {
     ++iterations;
     currentRow = this->_getCurrentRow(iterations, serializedDocument);
-    isNotNewSection = this->_isNotNewSection(currentRow) && !serializedDocument.empty() || iterations == 1;
+    isNotNewSection = (this->_isNotNewSection(currentRow) && !serializedDocument.empty()) || iterations == 1;
     serializedDocument = serializedDocument.substr(currentRow.size());
     serializedSection += currentRow;
   } while (isNotNewSection);

source/ls-std/io/section-pair/serialization/SerializableSectionPairSection.cpp

@@ -3,7 +3,7 @@
 * Company:         Lynar Studios
 * E-Mail:          webmaster@lynarstudios.com
 * Created:         2023-02-14
-* Changed:         2023-05-19
+* Changed:         2025-12-21
 *
 * */
 
@@ -117,10 +117,10 @@ byte_field SerializableSectionPairSection::_collectSectionSingleValueRow(const b
 
 size_t SerializableSectionPairSection::_getNthSubStringPosition(string_view _text, string_view _subText)
 {
-  size_t position = -1;
+  size_t position = string::npos;
   size_t amount{};
 
-  for (int index = 0; index < (_text.size() - _subText.size()); index++)
+  for (size_t index = 0; index < (_text.size() - _subText.size()); index++)
   {
     if (_text.substr(index, _subText.size()) == _subText)
     {
@@ -142,7 +142,7 @@ byte_field SerializableSectionPairSection::_getSectionHeader(const byte_field &_
   byte_field sectionHeader{};
   string newLine = this->parameter.getNewLine();
 
-  if (size_t position = SerializableSectionPairSection::_getNthSubStringPosition(_data, newLine); position != -1)
+  if (size_t position = SerializableSectionPairSection::_getNthSubStringPosition(_data, newLine); position != string::npos)
   {
     sectionHeader = _data.substr(0, position + 2 * newLine.size());
   }