diff --git a/change-notes/1.24/analysis-cpp.md b/change-notes/1.24/analysis-cpp.md index d3889cc4c3b9..287e1e2e9778 100644 --- a/change-notes/1.24/analysis-cpp.md +++ b/change-notes/1.24/analysis-cpp.md @@ -15,6 +15,7 @@ The following changes in version 1.24 affect C/C++ analysis in all applications. |----------------------------|------------------------|------------------------------------------------------------------| | Hard-coded Japanese era start date (`cpp/japanese-era/exact-era-date`) | | This query is no longer run on LGTM. | | No space for zero terminator (`cpp/no-space-for-terminator`) | Fewer false positive results | This query has been modified to be more conservative when identifying which pointers point to null-terminated strings. This approach produces fewer, more accurate results. | +| Unsafe array for days of the year (`cpp/leap-year/unsafe-array-for-days-of-the-year`) | | This query is no longer run on LGTM. | ## Changes to libraries diff --git a/cpp/ql/src/Best Practices/Magic Constants/JapaneseEraDate.ql b/cpp/ql/src/Best Practices/Magic Constants/JapaneseEraDate.ql index c55bd30b1bf2..a81aa4fc12d3 100644 --- a/cpp/ql/src/Best Practices/Magic Constants/JapaneseEraDate.ql +++ b/cpp/ql/src/Best Practices/Magic Constants/JapaneseEraDate.ql @@ -5,7 +5,8 @@ * @problem.severity warning * @id cpp/japanese-era/exact-era-date * @precision low - * @tags reliability + * @tags maintainability + * reliability * japanese-era */ diff --git a/cpp/ql/src/Likely Bugs/Leap Year/Adding365DaysPerYear.ql b/cpp/ql/src/Likely Bugs/Leap Year/Adding365DaysPerYear.ql index 77919182b651..7171185a11c8 100644 --- a/cpp/ql/src/Likely Bugs/Leap Year/Adding365DaysPerYear.ql +++ b/cpp/ql/src/Likely Bugs/Leap Year/Adding365DaysPerYear.ql @@ -8,6 +8,7 @@ * @id cpp/leap-year/adding-365-days-per-year * @precision medium * @tags leap-year + * correctness */ import cpp diff --git a/cpp/ql/src/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification.ql b/cpp/ql/src/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification.ql index 9a3e2364e1c5..7668ca714632 100644 --- a/cpp/ql/src/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification.ql +++ b/cpp/ql/src/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification.ql @@ -6,6 +6,7 @@ * @id cpp/leap-year/unchecked-after-arithmetic-year-modification * @precision medium * @tags leap-year + * correctness */ import cpp diff --git a/cpp/ql/src/Likely Bugs/Leap Year/UncheckedReturnValueForTimeFunctions.ql b/cpp/ql/src/Likely Bugs/Leap Year/UncheckedReturnValueForTimeFunctions.ql index 8d512e9184f6..31af5b3ce794 100644 --- a/cpp/ql/src/Likely Bugs/Leap Year/UncheckedReturnValueForTimeFunctions.ql +++ b/cpp/ql/src/Likely Bugs/Leap Year/UncheckedReturnValueForTimeFunctions.ql @@ -8,6 +8,7 @@ * @id cpp/leap-year/unchecked-return-value-for-time-conversion-function * @precision medium * @tags leap-year + * correctness */ import cpp diff --git a/cpp/ql/src/Likely Bugs/Leap Year/UnsafeArrayForDaysOfYear.ql b/cpp/ql/src/Likely Bugs/Leap Year/UnsafeArrayForDaysOfYear.ql index c4bfc3e31b5d..b27db937b577 100644 --- a/cpp/ql/src/Likely Bugs/Leap Year/UnsafeArrayForDaysOfYear.ql +++ b/cpp/ql/src/Likely Bugs/Leap Year/UnsafeArrayForDaysOfYear.ql @@ -5,7 +5,7 @@ * @kind problem * @problem.severity warning * @id cpp/leap-year/unsafe-array-for-days-of-the-year - * @precision medium + * @precision low * @tags security * leap-year */ diff --git a/cpp/ql/src/semmle/code/cpp/commons/DateTime.qll b/cpp/ql/src/semmle/code/cpp/commons/DateTime.qll index 7c12cb73523f..abbb1193021a 100644 --- a/cpp/ql/src/semmle/code/cpp/commons/DateTime.qll +++ b/cpp/ql/src/semmle/code/cpp/commons/DateTime.qll @@ -10,22 +10,24 @@ import cpp class PackedTimeType extends Type { PackedTimeType() { this.getName() = "_FILETIME" or - this.getName().matches("_FILETIME %") + this.(DerivedType).getBaseType*().getName() = "_FILETIME" } } +private predicate timeType(string typeName) { + typeName = "_SYSTEMTIME" or + typeName = "SYSTEMTIME" or + typeName = "tm" +} + /** * A type that is used to represent times and dates in an 'unpacked' form, that is, * with separate fields for day, month, year etc. */ class UnpackedTimeType extends Type { UnpackedTimeType() { - this.getName() = "_SYSTEMTIME" or - this.getName() = "SYSTEMTIME" or - this.getName() = "tm" or - this.getName().matches("_SYSTEMTIME %") or - this.getName().matches("SYSTEMTIME %") or - this.getName().matches("tm %") + timeType(this.getName()) or + timeType(this.(DerivedType).getBaseType*().getName()) } }