Merge pull request #1847 from geoffw0/erafix8

CPP: Deal with two very similar Japanese era queries

Author: jbj

change-notes/1.23/analysis-cpp.md

@@ -8,13 +8,15 @@ The following changes in version 1.23 affect C/C++ analysis in all applications.
 
 | **Query**                   | **Tags**  | **Purpose**                                                        |
 |-----------------------------|-----------|--------------------------------------------------------------------|
-| Query name (`query id`) | tags | Message. |
+| Hard-coded Japanese era start date (`cpp/japanese-era/exact-era-date`) | reliability, japanese-era | This query is a combination of two old queries that were identical in purpose but separate as an implementation detail.  This new query replaces Hard-coded Japanese era start date in call (`cpp/japanese-era/constructor-or-method-with-exact-era-date`) and Hard-coded Japanese era start date in struct (`cpp/japanese-era/struct-with-exact-era-date`). |
 
 ## Changes to existing queries
 
 | **Query**                  | **Expected impact**    | **Change**                                                       |
 |----------------------------|------------------------|------------------------------------------------------------------|
 | Query name (`query id`) | Expected impact | Message. |
+| Hard-coded Japanese era start date in call (`cpp/japanese-era/constructor-or-method-with-exact-era-date`) | Deprecated | This query has been deprecated.  Use the new combined query Hard-coded Japanese era start date (`cpp/japanese-era/exact-era-date`) instead. |
+| Hard-coded Japanese era start date in struct (`cpp/japanese-era/struct-with-exact-era-date`) | Deprecated | This query has been deprecated.  Use the new combined query Hard-coded Japanese era start date (`cpp/japanese-era/exact-era-date`) instead. |
 
 ## Changes to QL libraries
 

cpp/ql/src/Best Practices/Magic Constants/JapaneseEraDate.qhelp

@@ -0,0 +1,17 @@
+<!DOCTYPE qhelp PUBLIC
+  "-//Semmle//qhelp//EN"
+  "qhelp.dtd">
+<qhelp>
+<overview>
+  <p>
+    When eras change, date and time conversions that rely on a hard-coded era start date need to be reviewed. Conversions relying on Japanese dates in the current era can produce an ambiguous date. 
+    The values for the current Japanese era dates should be read from a source that will be updated, such as the Windows registry.
+  </p>
+</overview>
+
+<references>
+  <li>
+    <a href="https://blogs.msdn.microsoft.com/shawnste/2018/04/12/the-japanese-calendars-y2k-moment/">The Japanese Calendar's Y2K Moment</a>.
+  </li>
+</references>
+</qhelp>

cpp/ql/src/Best Practices/Magic Constants/JapaneseEraDate.ql

@@ -0,0 +1,63 @@
+/**
+ * @name Hard-coded Japanese era start date
+ * @description Japanese era changes can lead to code behaving differently. Avoid hard-coding Japanese era start dates.
+ * @kind problem
+ * @problem.severity warning
+ * @id cpp/japanese-era/exact-era-date
+ * @precision medium
+ * @tags reliability
+ *       japanese-era
+ */
+
+import cpp
+import semmle.code.cpp.commons.DateTime
+
+predicate assignedYear(Struct s, YearFieldAccess year, int value) {
+  exists(Operation yearAssignment |
+    s.getAField().getAnAccess() = year and
+    yearAssignment.getAnOperand() = year and
+    yearAssignment.getAnOperand().getValue().toInt() = value
+  )
+}
+
+predicate assignedMonth(Struct s, MonthFieldAccess month, int value) {
+  exists(Operation monthAssignment |
+    s.getAField().getAnAccess() = month and
+    monthAssignment.getAnOperand() = month and
+    monthAssignment.getAnOperand().getValue().toInt() = value
+  )
+}
+
+predicate assignedDay(Struct s, DayFieldAccess day, int value) {
+  exists(Operation dayAssignment |
+    s.getAField().getAnAccess() = day and
+    dayAssignment.getAnOperand() = day and
+    dayAssignment.getAnOperand().getValue().toInt() = value
+  )
+}
+
+predicate badStructInitialization(Element target, string message) {
+  exists(StructLikeClass s, YearFieldAccess year, MonthFieldAccess month, DayFieldAccess day |
+    assignedYear(s, year, 1989) and
+    assignedMonth(s, month, 1) and
+    assignedDay(s, day, 8) and
+    target = year and
+    message = "A time struct that is initialized with exact Japanese calendar era start date."
+  )
+}
+
+predicate badCall(Element target, string message) {
+  exists(Call cc, int i |
+    cc.getArgument(i).getValue().toInt() = 1989 and
+    cc.getArgument(i + 1).getValue().toInt() = 1 and
+    cc.getArgument(i + 2).getValue().toInt() = 8 and
+    target = cc and
+    message = "Call that appears to have hard-coded Japanese era start date as parameter."
+  )
+}
+
+from Element target, string message
+where
+  badStructInitialization(target, message) or
+  badCall(target, message)
+select target, message

cpp/ql/src/Likely Bugs/JapaneseEra/ConstructorOrMethodWithExactEraDate.ql

@@ -1,12 +1,15 @@
 /**
- * @name Hard-coded Japanese era start date
+ * @name Hard-coded Japanese era start date in call
  * @description Japanese era changes can lead to code behaving differently. Avoid hard-coding Japanese era start dates.
  * @kind problem
  * @problem.severity warning
  * @id cpp/japanese-era/constructor-or-method-with-exact-era-date
  * @precision medium
  * @tags reliability
  *       japanese-era
+ * @deprecated This query is deprecated, use
+ *             Hard-coded Japanese era start date (`cpp/japanese-era/exact-era-date`)
+ *             instead.
  */
 
 import cpp

cpp/ql/src/Likely Bugs/JapaneseEra/StructWithExactEraDate.ql

@@ -1,12 +1,15 @@
 /**
- * @name Hard-coded Japanese era start date
+ * @name Hard-coded Japanese era start date in struct
  * @description Japanese era changes can lead to code behaving differently. Avoid hard-coding Japanese era start dates.
  * @kind problem
  * @problem.severity warning
  * @id cpp/japanese-era/struct-with-exact-era-date
  * @precision medium
  * @tags reliability
  *       japanese-era
+ * @deprecated This query is deprecated, use
+ *             Hard-coded Japanese era start date (`cpp/japanese-era/exact-era-date`)
+ *             instead.
  */
 
 import cpp

cpp/ql/src/Likely Bugs/Memory Management/PotentialBufferOverflow.ql

@@ -10,8 +10,9 @@
  *       security
  *       external/cwe/cwe-676
  * @deprecated This query is deprecated, use
- *             Security/CWE/CWE-120/OverrunWrite.ql and
- *             Security/CWE/CWE-120/OverrunWriteFloat.ql instead.
+ *             Potentially overrunning write (`cpp/overrunning-write`) and
+ *             Potentially overrunning write with float to string conversion
+ *             (`cpp/overrunning-write-with-float) instead.
  */
 import cpp
 import semmle.code.cpp.commons.Buffer

cpp/ql/src/Likely Bugs/OO/NonVirtualDestructor.ql

@@ -8,8 +8,8 @@
  * @problem.severity warning
  * @tags reliability
  * @deprecated This query is deprecated, and replaced by
- *             jsf/4.10 Classes/AV Rule 78.ql, which has far fewer false
- *             positives on typical code.
+ *             No virtual destructor (`cpp/jsf/av-rule-78`), which has far
+ *             fewer false positives on typical code.
  */
 
 import cpp

…Era/ConstructorOrMethodWithExactDate.cpp …Era/ConstructorOrMethodWithExactDate.cppcpp/ql/test/query-tests/Likely Bugs/Japanese Era/ConstructorOrMethodWithExactDate.cpp renamed to cpp/ql/test/query-tests/Best Practices/Magic Constants/Japanese Era/ConstructorOrMethodWithExactDate.cpp cpp/ql/test/query-tests/Likely Bugs/Japanese Era/ConstructorOrMethodWithExactDate.cpp renamed to cpp/ql/test/query-tests/Best Practices/Magic Constants/Japanese Era/ConstructorOrMethodWithExactDate.cpp

@@ -1,3 +1,5 @@
 | ConstructorOrMethodWithExactDate.cpp:27:31:27:53 | call to EraInfo | Call that appears to have hard-coded Japanese era start date as parameter. |
 | ConstructorOrMethodWithExactDate.cpp:30:32:30:77 | call to EraInfo | Call that appears to have hard-coded Japanese era start date as parameter. |
 | ConstructorOrMethodWithExactDate.cpp:36:32:36:55 | call to EraInfoFromDate | Call that appears to have hard-coded Japanese era start date as parameter. |
+| StructWithExactDate.cpp:31:13:31:19 | tm_year | A time struct that is initialized with exact Japanese calendar era start date. |
+| StructWithExactDate.cpp:46:8:46:12 | wYear | A time struct that is initialized with exact Japanese calendar era start date. |

…tructorOrMethodWithExactEraDate.expected …ts/Japanese Era/JapaneseEraDate.expectedcpp/ql/test/query-tests/Likely Bugs/Japanese Era/ConstructorOrMethodWithExactEraDate.expected renamed to cpp/ql/test/query-tests/Best Practices/Magic Constants/Japanese Era/JapaneseEraDate.expected cpp/ql/test/query-tests/Likely Bugs/Japanese Era/ConstructorOrMethodWithExactEraDate.expected renamed to cpp/ql/test/query-tests/Best Practices/Magic Constants/Japanese Era/JapaneseEraDate.expected

@@ -0,0 +1 @@
+Best Practices/Magic Constants/JapaneseEraDate.ql