Merge pull request #1847 from geoffw0/erafix8

CPP: Deal with two very similar Japanese era queries
2025-12-17 01:03:14 +01:00 · 2019-09-04 09:57:10 +02:00
parent 0e54709d47 c4d74c3922
commit 3ba650911c
14 changed files with 99 additions and 11 deletions
--- a/change-notes/1.23/analysis-cpp.md
+++ b/change-notes/1.23/analysis-cpp.md
@@ -8,13 +8,15 @@ The following changes in version 1.23 affect C/C++ analysis in all applications.

 | **Query**                   | **Tags**  | **Purpose**                                                        |
 |-----------------------------|-----------|--------------------------------------------------------------------|
-| Query name (`query id`) | tags | Message. |
+| Hard-coded Japanese era start date (`cpp/japanese-era/exact-era-date`) | reliability, japanese-era | This query is a combination of two old queries that were identical in purpose but separate as an implementation detail.  This new query replaces Hard-coded Japanese era start date in call (`cpp/japanese-era/constructor-or-method-with-exact-era-date`) and Hard-coded Japanese era start date in struct (`cpp/japanese-era/struct-with-exact-era-date`). |

 ## Changes to existing queries

 | **Query**                  | **Expected impact**    | **Change**                                                       |
 |----------------------------|------------------------|------------------------------------------------------------------|
 | Query name (`query id`) | Expected impact | Message. |
+| Hard-coded Japanese era start date in call (`cpp/japanese-era/constructor-or-method-with-exact-era-date`) | Deprecated | This query has been deprecated.  Use the new combined query Hard-coded Japanese era start date (`cpp/japanese-era/exact-era-date`) instead. |
+| Hard-coded Japanese era start date in struct (`cpp/japanese-era/struct-with-exact-era-date`) | Deprecated | This query has been deprecated.  Use the new combined query Hard-coded Japanese era start date (`cpp/japanese-era/exact-era-date`) instead. |

 ## Changes to QL libraries

--- a/Constants/JapaneseEraDate.qhelp
+++ b/Constants/JapaneseEraDate.qhelp
@@ -0,0 +1,17 @@
+<!DOCTYPE qhelp PUBLIC
+  "-//Semmle//qhelp//EN"
+  "qhelp.dtd">
+<qhelp>
+<overview>
+  <p>
+    When eras change, date and time conversions that rely on a hard-coded era start date need to be reviewed. Conversions relying on Japanese dates in the current era can produce an ambiguous date. 
+    The values for the current Japanese era dates should be read from a source that will be updated, such as the Windows registry.
+  </p>
+</overview>
+
+<references>
+  <li>
+    <a href="https://blogs.msdn.microsoft.com/shawnste/2018/04/12/the-japanese-calendars-y2k-moment/">The Japanese Calendar's Y2K Moment</a>.
+  </li>
+</references>
+</qhelp>
--- a/Constants/JapaneseEraDate.ql
+++ b/Constants/JapaneseEraDate.ql
@@ -0,0 +1,63 @@
+/**
+ * @name Hard-coded Japanese era start date
+ * @description Japanese era changes can lead to code behaving differently. Avoid hard-coding Japanese era start dates.
+ * @kind problem
+ * @problem.severity warning
+ * @id cpp/japanese-era/exact-era-date
+ * @precision medium
+ * @tags reliability
+ *       japanese-era
+ */
+
+import cpp
+import semmle.code.cpp.commons.DateTime
+
+predicate assignedYear(Struct s, YearFieldAccess year, int value) {
+  exists(Operation yearAssignment |
+    s.getAField().getAnAccess() = year and
+    yearAssignment.getAnOperand() = year and
+    yearAssignment.getAnOperand().getValue().toInt() = value
+  )
+}
+
+predicate assignedMonth(Struct s, MonthFieldAccess month, int value) {
+  exists(Operation monthAssignment |
+    s.getAField().getAnAccess() = month and
+    monthAssignment.getAnOperand() = month and
+    monthAssignment.getAnOperand().getValue().toInt() = value
+  )
+}
+
+predicate assignedDay(Struct s, DayFieldAccess day, int value) {
+  exists(Operation dayAssignment |
+    s.getAField().getAnAccess() = day and
+    dayAssignment.getAnOperand() = day and
+    dayAssignment.getAnOperand().getValue().toInt() = value
+  )
+}
+
+predicate badStructInitialization(Element target, string message) {
+  exists(StructLikeClass s, YearFieldAccess year, MonthFieldAccess month, DayFieldAccess day |
+    assignedYear(s, year, 1989) and
+    assignedMonth(s, month, 1) and
+    assignedDay(s, day, 8) and
+    target = year and
+    message = "A time struct that is initialized with exact Japanese calendar era start date."
+  )
+}
+
+predicate badCall(Element target, string message) {
+  exists(Call cc, int i |
+    cc.getArgument(i).getValue().toInt() = 1989 and
+    cc.getArgument(i + 1).getValue().toInt() = 1 and
+    cc.getArgument(i + 2).getValue().toInt() = 8 and
+    target = cc and
+    message = "Call that appears to have hard-coded Japanese era start date as parameter."
+  )
+}
+
+from Element target, string message
+where
+  badStructInitialization(target, message) or
+  badCall(target, message)
+select target, message
--- a/Bugs/JapaneseEra/ConstructorOrMethodWithExactEraDate.ql
+++ b/Bugs/JapaneseEra/ConstructorOrMethodWithExactEraDate.ql
@@ -1,5 +1,5 @@
 /**
- * @name Hard-coded Japanese era start date
+ * @name Hard-coded Japanese era start date in call
 * @description Japanese era changes can lead to code behaving differently. Avoid hard-coding Japanese era start dates.
 * @kind problem
 * @problem.severity warning
@@ -7,6 +7,9 @@
 * @precision medium
 * @tags reliability
 *       japanese-era
+ * @deprecated This query is deprecated, use
+ *             Hard-coded Japanese era start date (`cpp/japanese-era/exact-era-date`)
+ *             instead.
 */

 import cpp
--- a/Bugs/JapaneseEra/StructWithExactEraDate.ql
+++ b/Bugs/JapaneseEra/StructWithExactEraDate.ql
@@ -1,5 +1,5 @@
 /**
- * @name Hard-coded Japanese era start date
+ * @name Hard-coded Japanese era start date in struct
 * @description Japanese era changes can lead to code behaving differently. Avoid hard-coding Japanese era start dates.
 * @kind problem
 * @problem.severity warning
@@ -7,6 +7,9 @@
 * @precision medium
 * @tags reliability
 *       japanese-era
+ * @deprecated This query is deprecated, use
+ *             Hard-coded Japanese era start date (`cpp/japanese-era/exact-era-date`)
+ *             instead.
 */

 import cpp
--- a/Management/PotentialBufferOverflow.ql
+++ b/Management/PotentialBufferOverflow.ql
@@ -10,8 +10,9 @@
 *       security
 *       external/cwe/cwe-676
 * @deprecated This query is deprecated, use
- *             Security/CWE/CWE-120/OverrunWrite.ql and
- *             Security/CWE/CWE-120/OverrunWriteFloat.ql instead.
+ *             Potentially overrunning write (`cpp/overrunning-write`) and
+ *             Potentially overrunning write with float to string conversion
+ *             (`cpp/overrunning-write-with-float) instead.
 */
 import cpp
 import semmle.code.cpp.commons.Buffer
--- a/Bugs/OO/NonVirtualDestructor.ql
+++ b/Bugs/OO/NonVirtualDestructor.ql
@@ -8,8 +8,8 @@
 * @problem.severity warning
 * @tags reliability
 * @deprecated This query is deprecated, and replaced by
- *             jsf/4.10 Classes/AV Rule 78.ql, which has far fewer false
- *             positives on typical code.
+ *             No virtual destructor (`cpp/jsf/av-rule-78`), which has far
+ *             fewer false positives on typical code.
 */

 import cpp
--- a/Era/ConstructorOrMethodWithExactDate.cpp
+++ b/Era/ConstructorOrMethodWithExactDate.cpp
--- a/Era/ConstructorOrMethodWithExactEraDate.expected
+++ b/Era/ConstructorOrMethodWithExactEraDate.expected
@@ -1,3 +1,5 @@
 | ConstructorOrMethodWithExactDate.cpp:27:31:27:53 | call to EraInfo | Call that appears to have hard-coded Japanese era start date as parameter. |
 | ConstructorOrMethodWithExactDate.cpp:30:32:30:77 | call to EraInfo | Call that appears to have hard-coded Japanese era start date as parameter. |
 | ConstructorOrMethodWithExactDate.cpp:36:32:36:55 | call to EraInfoFromDate | Call that appears to have hard-coded Japanese era start date as parameter. |
+| StructWithExactDate.cpp:31:13:31:19 | tm_year | A time struct that is initialized with exact Japanese calendar era start date. |
+| StructWithExactDate.cpp:46:8:46:12 | wYear | A time struct that is initialized with exact Japanese calendar era start date. |
--- a/cpp/ql/test/query-tests/Best
+++ b/cpp/ql/test/query-tests/Best
@@ -0,0 +1 @@
+Best Practices/Magic Constants/JapaneseEraDate.ql
--- a/cpp/ql/test/query-tests/Likely
+++ b/cpp/ql/test/query-tests/Likely
--- a/Era/ConstructorOrMethodWithExactEraDate.qlref
+++ b/Era/ConstructorOrMethodWithExactEraDate.qlref
@@ -1 +0,0 @@
-Likely Bugs/JapaneseEra/ConstructorOrMethodWithExactEraDate.ql
--- a/Era/StructWithExactEraDate.expected
+++ b/Era/StructWithExactEraDate.expected
@@ -1,2 +0,0 @@
-| StructWithExactDate.cpp:31:13:31:19 | tm_year | A time struct that is initialized with exact Japanese calendar era start date. |
-| StructWithExactDate.cpp:46:8:46:12 | wYear | A time struct that is initialized with exact Japanese calendar era start date. |
--- a/Era/StructWithExactEraDate.qlref
+++ b/Era/StructWithExactEraDate.qlref
@@ -1 +0,0 @@
-Likely Bugs/JapaneseEra/StructWithExactEraDate.ql
				`@@ -0,0 +1 @@`
				`Best Practices/Magic Constants/JapaneseEraDate.ql`
				`@@ -1 +0,0 @@`
				`Likely Bugs/JapaneseEra/ConstructorOrMethodWithExactEraDate.ql`
				`@@ -1 +0,0 @@`
				`Likely Bugs/JapaneseEra/StructWithExactEraDate.ql`