Merge pull request #1467 from geoffw0/dates-cleanup1

CPP: Follow-up for Mishandling Japanese Era and Leap Year in calculations

Author: jbj

cpp/ql/src/Likely Bugs/JapaneseEra/ConstructorOrMethodWithExactEraDate.qhelp

@@ -11,7 +11,7 @@
 
 <references>
   <li>
-    <a href="https://blogs.msdn.microsoft.com/shawnste/2018/04/12/the-japanese-calendars-y2k-moment/">The Japanese Calendar’s Y2K Moment</a>.
+    <a href="https://blogs.msdn.microsoft.com/shawnste/2018/04/12/the-japanese-calendars-y2k-moment/">The Japanese Calendar's Y2K Moment</a>.
   </li>
 </references>
 </qhelp>

cpp/ql/src/Likely Bugs/JapaneseEra/ConstructorOrMethodWithExactEraDate.ql

@@ -10,8 +10,10 @@
  */
 
 import cpp
+
 from Call cc, int i
-where cc.getArgument(i).getValue().toInt() = 1989 and
-      cc.getArgument(i+1).getValue().toInt() = 1 and
-      cc.getArgument(i+2).getValue().toInt() = 8
-select cc, "Call that appears to have hard-coded Japanese era start date as parameter." 
+where
+  cc.getArgument(i).getValue().toInt() = 1989 and
+  cc.getArgument(i + 1).getValue().toInt() = 1 and
+  cc.getArgument(i + 2).getValue().toInt() = 8
+select cc, "Call that appears to have hard-coded Japanese era start date as parameter."

cpp/ql/src/Likely Bugs/JapaneseEra/StructWithExactEraDate.qhelp

@@ -11,7 +11,7 @@
 
 <references>
   <li>
-    <a href="https://blogs.msdn.microsoft.com/shawnste/2018/04/12/the-japanese-calendars-y2k-moment/">The Japanese Calendar’s Y2K Moment</a>.
+    <a href="https://blogs.msdn.microsoft.com/shawnste/2018/04/12/the-japanese-calendars-y2k-moment/">The Japanese Calendar's Y2K Moment</a>.
   </li>
 </references>
 </qhelp>

cpp/ql/src/Likely Bugs/JapaneseEra/StructWithExactEraDate.ql

@@ -4,17 +4,24 @@
  * @kind problem
  * @problem.severity warning
  * @id cpp/japanese-era/struct-with-exact-era-date
- * @precision medium
  * @tags reliability
  *       japanese-era
  */
 
 import cpp
-
 import semmle.code.cpp.commons.DateTime
 
-from StructLikeClass s, YearFieldAccess year, MonthFieldAccess month, DayFieldAccess day, Operation yearAssignment, Operation monthAssignment, Operation dayAssignment
-where s.getAField().getAnAccess () = year and yearAssignment.getAnOperand() = year and yearAssignment.getAnOperand().getValue().toInt() = 1989 and
-      s.getAField().getAnAccess () = month and monthAssignment.getAnOperand() = month and monthAssignment.getAnOperand().getValue().toInt() = 1 and 
-      s.getAField().getAnAccess () = day and dayAssignment.getAnOperand() = day and dayAssignment.getAnOperand().getValue().toInt() = 8
+from
+  StructLikeClass s, YearFieldAccess year, MonthFieldAccess month, DayFieldAccess day,
+  Operation yearAssignment, Operation monthAssignment, Operation dayAssignment
+where
+  s.getAField().getAnAccess() = year and
+  yearAssignment.getAnOperand() = year and
+  yearAssignment.getAnOperand().getValue().toInt() = 1989 and
+  s.getAField().getAnAccess() = month and
+  monthAssignment.getAnOperand() = month and
+  monthAssignment.getAnOperand().getValue().toInt() = 1 and
+  s.getAField().getAnAccess() = day and
+  dayAssignment.getAnOperand() = day and
+  dayAssignment.getAnOperand().getValue().toInt() = 8
 select year, "A time struct that is initialized with exact Japanese calendar era start date."

cpp/ql/src/Likely Bugs/Leap Year/Adding365daysPerYear.qhelp

@@ -15,6 +15,8 @@ of days.  Alternatively, use an established library routine that already contain
 </recommendation>
 
 <references>
-  <include src="LeapYearReferences.qhelp" />
+  <li>U.S. Naval Observatory Website - <a href="https://aa.usno.navy.mil/faq/docs/calendars.php"> Introduction to Calendars</a></li>
+  <li>Wikipedia - <a href="https://en.wikipedia.org/wiki/Leap_year_bug"> Leap year bug</a> </li>
+  <li>Microsoft Azure blog - <a href="https://azure.microsoft.com/en-us/blog/is-your-code-ready-for-the-leap-year/"> Is your code ready for the leap year?</a> </li>
 </references>
 </qhelp>

cpp/ql/src/Likely Bugs/Leap Year/Adding365daysPerYear.ql

@@ -2,9 +2,9 @@
  * @name Year field changed using an arithmetic operation is used on an unchecked time conversion function
  * @description A year field changed using an arithmetic operation is used on a time conversion function, but the return value of the function is not checked for success or failure.
  * @kind problem
- * @problem.severity error
+ * @problem.severity warning
  * @id cpp/leap-year/adding-365-days-per-year
- * @precision high
+ * @precision medium
  * @tags security
  *       leap-year
  */
@@ -15,6 +15,6 @@ import semmle.code.cpp.dataflow.DataFlow
 
 from Expr source, Expr sink, PossibleYearArithmeticOperationCheckConfiguration config
 where config.hasFlow(DataFlow::exprNode(source), DataFlow::exprNode(sink))
-select sink, "This arithmetic operation $@ uses a constant value of 365 ends up modifying the date/time located at $@, without considering leap year scenarios."
-  , source, source.toString()
-  , sink, sink.toString()
+select sink,
+  "This arithmetic operation $@ uses a constant value of 365 ends up modifying the date/time located at $@, without considering leap year scenarios.",
+  source, source.toString(), sink, sink.toString()

cpp/ql/src/Likely Bugs/Leap Year/LeapYearReferences.qhelp

@@ -22,6 +22,8 @@
 </example>
 
 <references>
-  <include src="LeapYearReferences.qhelp" />
+  <li>U.S. Naval Observatory Website - <a href="https://aa.usno.navy.mil/faq/docs/calendars.php"> Introduction to Calendars</a></li>
+  <li>Wikipedia - <a href="https://en.wikipedia.org/wiki/Leap_year_bug"> Leap year bug</a> </li>
+  <li>Microsoft Azure blog - <a href="https://azure.microsoft.com/en-us/blog/is-your-code-ready-for-the-leap-year/"> Is your code ready for the leap year?</a> </li>
 </references>
 </qhelp>

cpp/ql/src/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification.qhelp

@@ -2,57 +2,63 @@
  * @name Year field changed using an arithmetic operation without checking for leap year
  * @description A field that represents a year is being modified by an arithmetic operation, but no proper check for leap years can be detected afterwards.
  * @kind problem
- * @problem.severity error
+ * @problem.severity warning
  * @id cpp/leap-year/unchecked-after-arithmetic-year-modification
- * @precision high
+ * @precision medium
  * @tags security
  *       leap-year
  */
 
 import cpp
 import LeapYear
 
-from Variable var, LeapYearFieldAccess yfa 
+from Variable var, LeapYearFieldAccess yfa
 where
-   exists(VariableAccess va |
-     yfa.getQualifier() = va
-     and var.getAnAccess() = va
-     // The year is modified with an arithmetic operation. Avoid values that are likely false positives
-     and yfa.isModifiedByArithmeticOperationNotForNormalization()
-     // Avoid false positives
-     and not (
-        // If there is a local check for leap year after the modification
-        exists( LeapYearFieldAccess yfacheck |
-          yfacheck.getQualifier() = var.getAnAccess()
-          and yfacheck.isUsedInCorrectLeapYearCheck()
-          and yfacheck = yfa.getASuccessor*()
-        )
-        // If there is a data flow from the variable that was modified to a function that seems to check for leap year 
-        or exists(VariableAccess source,
-          ChecksForLeapYearFunctionCall fc, 
-          LeapYearCheckConfiguration config |
-          source = var.getAnAccess()
-          and config.hasFlow( DataFlow::exprNode(source), DataFlow::exprNode(fc.getAnArgument()))
-       )
-       // If there is a data flow from the field that was modified to a function that seems to check for leap year
-       or exists(VariableAccess vacheck,
-         YearFieldAccess yfacheck,
-         ChecksForLeapYearFunctionCall fc, 
-         LeapYearCheckConfiguration config |
-         vacheck = var.getAnAccess()
-         and yfacheck.getQualifier() = vacheck
-         and config.hasFlow( DataFlow::exprNode(yfacheck), DataFlow::exprNode(fc.getAnArgument()))
-       )
-       // If there is a successor or predecessor that sets the month = 1
-       or exists(MonthFieldAccess  mfa, AssignExpr ae |
-          mfa.getQualifier() = var.getAnAccess()
-          and mfa.isModified()
-          and (mfa = yfa.getASuccessor*()
-               or yfa = mfa.getASuccessor*())
-          and ae = mfa.getEnclosingElement()
-          and ae.getAnOperand().getValue().toInt() = 1 
-       )
-     )
-   )
-select yfa
-  , "Field $@ on variable $@ has been modified, but no appropriate check for LeapYear was found.", yfa.getTarget(), yfa.getTarget().toString(), var, var.toString()
+  exists(VariableAccess va |
+    yfa.getQualifier() = va and
+    var.getAnAccess() = va and
+    // The year is modified with an arithmetic operation. Avoid values that are likely false positives
+    yfa.isModifiedByArithmeticOperationNotForNormalization() and
+    // Avoid false positives
+    not (
+      // If there is a local check for leap year after the modification
+      exists(LeapYearFieldAccess yfacheck |
+        yfacheck.getQualifier() = var.getAnAccess() and
+        yfacheck.isUsedInCorrectLeapYearCheck() and
+        yfacheck = yfa.getASuccessor*()
+      )
+      or
+      // If there is a data flow from the variable that was modified to a function that seems to check for leap year
+      exists(
+        VariableAccess source, ChecksForLeapYearFunctionCall fc, LeapYearCheckConfiguration config
+      |
+        source = var.getAnAccess() and
+        config.hasFlow(DataFlow::exprNode(source), DataFlow::exprNode(fc.getAnArgument()))
+      )
+      or
+      // If there is a data flow from the field that was modified to a function that seems to check for leap year
+      exists(
+        VariableAccess vacheck, YearFieldAccess yfacheck, ChecksForLeapYearFunctionCall fc,
+        LeapYearCheckConfiguration config
+      |
+        vacheck = var.getAnAccess() and
+        yfacheck.getQualifier() = vacheck and
+        config.hasFlow(DataFlow::exprNode(yfacheck), DataFlow::exprNode(fc.getAnArgument()))
+      )
+      or
+      // If there is a successor or predecessor that sets the month = 1
+      exists(MonthFieldAccess mfa, AssignExpr ae |
+        mfa.getQualifier() = var.getAnAccess() and
+        mfa.isModified() and
+        (
+          mfa = yfa.getASuccessor*() or
+          yfa = mfa.getASuccessor*()
+        ) and
+        ae = mfa.getEnclosingElement() and
+        ae.getAnOperand().getValue().toInt() = 1
+      )
+    )
+  )
+select yfa,
+  "Field $@ on variable $@ has been modified, but no appropriate check for LeapYear was found.",
+  yfa.getTarget(), yfa.getTarget().toString(), var, var.toString()

cpp/ql/src/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification.ql

@@ -8,7 +8,7 @@
 <p>When using a function that transforms a date structure, and the year on the input argument for the API has been manipulated, it is important to check for the return value of the function to make sure it succeeded.</p>
 <p>Otherwise, the function may have failed, and the output parameter may contain invalid data that can cause any number of problems on the affected system.</p>
 <p>The following is a list of the functions that this query covers:</p>
-  <list>
+<ul>
   <li><code>FileTimeToSystemTime</code></li>
   <li><code>SystemTimeToFileTime</code></li>
   <li><code>SystemTimeToTzSpecificLocalTime</code></li>
@@ -18,7 +18,7 @@
   <li><code>RtlLocalTimeToSystemTime</code></li>
   <li><code>RtlTimeToSecondsSince1970</code></li>
   <li><code>_mkgmtime</code></li>
-</list>
+</ul>
 
 </overview>
 <recommendation>
@@ -34,6 +34,8 @@
 </example>
 
 <references>
-  <include src="LeapYearReferences.qhelp" />
+  <li>U.S. Naval Observatory Website - <a href="https://aa.usno.navy.mil/faq/docs/calendars.php"> Introduction to Calendars</a></li>
+  <li>Wikipedia - <a href="https://en.wikipedia.org/wiki/Leap_year_bug"> Leap year bug</a> </li>
+  <li>Microsoft Azure blog - <a href="https://azure.microsoft.com/en-us/blog/is-your-code-ready-for-the-leap-year/"> Is your code ready for the leap year?</a> </li>
 </references>
 </qhelp>