Merge pull request #2542 from geoffw0/datetime

C++: Sort through the leap year and japanese era queries
2026-05-04 05:05:12 +02:00 · 2019-12-23 10:13:12 +01:00
parent f921cf7d01 b2e2db1e5c
commit 7e84453ec9
7 changed files with 16 additions and 9 deletions
--- a/change-notes/1.24/analysis-cpp.md
+++ b/change-notes/1.24/analysis-cpp.md
@@ -19,6 +19,7 @@ The following changes in version 1.24 affect C/C++ analysis in all applications.
 | Memory may not be freed (`cpp/memory-may-not-be-freed`) | More true positive results | This query now identifies a wider variety of buffer allocations using the `semmle.code.cpp.models.interfaces.Allocation` library. |
 | Hard-coded Japanese era start date (`cpp/japanese-era/exact-era-date`) |  | This query is no longer run on LGTM. |
 | No space for zero terminator (`cpp/no-space-for-terminator`) | Fewer false positive results | This query has been modified to be more conservative when identifying which pointers point to null-terminated strings.  This approach produces fewer, more accurate results. |
+| Unsafe array for days of the year (`cpp/leap-year/unsafe-array-for-days-of-the-year`) |  | This query is no longer run on LGTM. |

 ## Changes to libraries

--- a/Constants/JapaneseEraDate.ql
+++ b/Constants/JapaneseEraDate.ql
@@ -5,7 +5,8 @@
 * @problem.severity warning
 * @id cpp/japanese-era/exact-era-date
 * @precision low
- * @tags reliability
+ * @tags maintainability
+ *       reliability
 *       japanese-era
 */

--- a/Year/Adding365DaysPerYear.ql
+++ b/Year/Adding365DaysPerYear.ql
@@ -8,6 +8,7 @@
 * @id cpp/leap-year/adding-365-days-per-year
 * @precision medium
 * @tags leap-year
+ *       correctness
 */

 import cpp
--- a/Year/UncheckedLeapYearAfterYearModification.ql
+++ b/Year/UncheckedLeapYearAfterYearModification.ql
@@ -6,6 +6,7 @@
 * @id cpp/leap-year/unchecked-after-arithmetic-year-modification
 * @precision medium
 * @tags leap-year
+ *       correctness
 */

 import cpp
--- a/Year/UncheckedReturnValueForTimeFunctions.ql
+++ b/Year/UncheckedReturnValueForTimeFunctions.ql
@@ -8,6 +8,7 @@
 * @id cpp/leap-year/unchecked-return-value-for-time-conversion-function
 * @precision medium
 * @tags leap-year
+ *       correctness
 */

 import cpp
--- a/Year/UnsafeArrayForDaysOfYear.ql
+++ b/Year/UnsafeArrayForDaysOfYear.ql
@@ -5,7 +5,7 @@
 * @kind problem
 * @problem.severity warning
 * @id cpp/leap-year/unsafe-array-for-days-of-the-year
- * @precision medium
+ * @precision low
 * @tags security
 *       leap-year
 */
--- a/cpp/ql/src/semmle/code/cpp/commons/DateTime.qll
+++ b/cpp/ql/src/semmle/code/cpp/commons/DateTime.qll
@@ -10,22 +10,24 @@ import cpp
 class PackedTimeType extends Type {
  PackedTimeType() {
    this.getName() = "_FILETIME" or
-    this.getName().matches("_FILETIME %")
+    this.(DerivedType).getBaseType*().getName() = "_FILETIME"
  }
 }

+private predicate timeType(string typeName) {
+  typeName = "_SYSTEMTIME" or
+  typeName = "SYSTEMTIME" or
+  typeName = "tm"
+}
+
 /**
 * A type that is used to represent times and dates in an 'unpacked' form, that is,
 * with separate fields for day, month, year etc.
 */
 class UnpackedTimeType extends Type {
  UnpackedTimeType() {
-    this.getName() = "_SYSTEMTIME" or
-    this.getName() = "SYSTEMTIME" or
-    this.getName() = "tm" or
-    this.getName().matches("_SYSTEMTIME %") or
-    this.getName().matches("SYSTEMTIME %") or
-    this.getName().matches("tm %")
+    timeType(this.getName()) or
+    timeType(this.(DerivedType).getBaseType*().getName())
  }
 }