From 6d516e0192c5f69236af52d37a85b35739e7d72b Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Mon, 16 Dec 2019 19:04:59 +0000 Subject: [PATCH 1/5] C++: Make some implementations in DatTime.qll more robust (and cope with 'const'). --- cpp/ql/src/semmle/code/cpp/commons/DateTime.qll | 15 ++++++++------- 1 file changed, 8 insertions(+), 7 deletions(-) diff --git a/cpp/ql/src/semmle/code/cpp/commons/DateTime.qll b/cpp/ql/src/semmle/code/cpp/commons/DateTime.qll index 7c12cb73523f..0fa133a3d9f7 100644 --- a/cpp/ql/src/semmle/code/cpp/commons/DateTime.qll +++ b/cpp/ql/src/semmle/code/cpp/commons/DateTime.qll @@ -10,22 +10,23 @@ import cpp class PackedTimeType extends Type { PackedTimeType() { this.getName() = "_FILETIME" or - this.getName().matches("_FILETIME %") + this.(DerivedType).getBaseType*().getName() = "_FILETIME" } } +private predicate timeType(string typeName) { + typeName = "_SYSTEMTIME" or + typeName = "SYSTEMTIME" or + typeName = "tm" +} /** * A type that is used to represent times and dates in an 'unpacked' form, that is, * with separate fields for day, month, year etc. */ class UnpackedTimeType extends Type { UnpackedTimeType() { - this.getName() = "_SYSTEMTIME" or - this.getName() = "SYSTEMTIME" or - this.getName() = "tm" or - this.getName().matches("_SYSTEMTIME %") or - this.getName().matches("SYSTEMTIME %") or - this.getName().matches("tm %") + timeType(this.getName()) or + timeType(this.(DerivedType).getBaseType*().getName()) } } From c1be4c78afcd824b9bf263d0bbcc4d71a12a7f24 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Tue, 17 Dec 2019 09:24:45 +0000 Subject: [PATCH 2/5] C++: Add tags to the leap year + japanese era queries. --- cpp/ql/src/Best Practices/Magic Constants/JapaneseEraDate.ql | 3 ++- cpp/ql/src/Likely Bugs/Leap Year/Adding365DaysPerYear.ql | 1 + .../Leap Year/UncheckedLeapYearAfterYearModification.ql | 1 + .../Leap Year/UncheckedReturnValueForTimeFunctions.ql | 1 + 4 files changed, 5 insertions(+), 1 deletion(-) diff --git a/cpp/ql/src/Best Practices/Magic Constants/JapaneseEraDate.ql b/cpp/ql/src/Best Practices/Magic Constants/JapaneseEraDate.ql index c55bd30b1bf2..a81aa4fc12d3 100644 --- a/cpp/ql/src/Best Practices/Magic Constants/JapaneseEraDate.ql +++ b/cpp/ql/src/Best Practices/Magic Constants/JapaneseEraDate.ql @@ -5,7 +5,8 @@ * @problem.severity warning * @id cpp/japanese-era/exact-era-date * @precision low - * @tags reliability + * @tags maintainability + * reliability * japanese-era */ diff --git a/cpp/ql/src/Likely Bugs/Leap Year/Adding365DaysPerYear.ql b/cpp/ql/src/Likely Bugs/Leap Year/Adding365DaysPerYear.ql index 77919182b651..7171185a11c8 100644 --- a/cpp/ql/src/Likely Bugs/Leap Year/Adding365DaysPerYear.ql +++ b/cpp/ql/src/Likely Bugs/Leap Year/Adding365DaysPerYear.ql @@ -8,6 +8,7 @@ * @id cpp/leap-year/adding-365-days-per-year * @precision medium * @tags leap-year + * correctness */ import cpp diff --git a/cpp/ql/src/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification.ql b/cpp/ql/src/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification.ql index 9a3e2364e1c5..7668ca714632 100644 --- a/cpp/ql/src/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification.ql +++ b/cpp/ql/src/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification.ql @@ -6,6 +6,7 @@ * @id cpp/leap-year/unchecked-after-arithmetic-year-modification * @precision medium * @tags leap-year + * correctness */ import cpp diff --git a/cpp/ql/src/Likely Bugs/Leap Year/UncheckedReturnValueForTimeFunctions.ql b/cpp/ql/src/Likely Bugs/Leap Year/UncheckedReturnValueForTimeFunctions.ql index 8d512e9184f6..31af5b3ce794 100644 --- a/cpp/ql/src/Likely Bugs/Leap Year/UncheckedReturnValueForTimeFunctions.ql +++ b/cpp/ql/src/Likely Bugs/Leap Year/UncheckedReturnValueForTimeFunctions.ql @@ -8,6 +8,7 @@ * @id cpp/leap-year/unchecked-return-value-for-time-conversion-function * @precision medium * @tags leap-year + * correctness */ import cpp From 4d3fa3ac1d45e0d5e1a9341910d8dd26152b654e Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Tue, 17 Dec 2019 10:13:44 +0000 Subject: [PATCH 3/5] C++: Demote UnsafeArrayForDaysOfYear.ql. --- cpp/ql/src/Likely Bugs/Leap Year/UnsafeArrayForDaysOfYear.ql | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/cpp/ql/src/Likely Bugs/Leap Year/UnsafeArrayForDaysOfYear.ql b/cpp/ql/src/Likely Bugs/Leap Year/UnsafeArrayForDaysOfYear.ql index c4bfc3e31b5d..b27db937b577 100644 --- a/cpp/ql/src/Likely Bugs/Leap Year/UnsafeArrayForDaysOfYear.ql +++ b/cpp/ql/src/Likely Bugs/Leap Year/UnsafeArrayForDaysOfYear.ql @@ -5,7 +5,7 @@ * @kind problem * @problem.severity warning * @id cpp/leap-year/unsafe-array-for-days-of-the-year - * @precision medium + * @precision low * @tags security * leap-year */ From 19835cd11d93774c2b4e5a6d1f5fa6300ecf5f20 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Tue, 17 Dec 2019 10:27:13 +0000 Subject: [PATCH 4/5] C++: Change note. --- change-notes/1.24/analysis-cpp.md | 1 + 1 file changed, 1 insertion(+) diff --git a/change-notes/1.24/analysis-cpp.md b/change-notes/1.24/analysis-cpp.md index d3889cc4c3b9..287e1e2e9778 100644 --- a/change-notes/1.24/analysis-cpp.md +++ b/change-notes/1.24/analysis-cpp.md @@ -15,6 +15,7 @@ The following changes in version 1.24 affect C/C++ analysis in all applications. |----------------------------|------------------------|------------------------------------------------------------------| | Hard-coded Japanese era start date (`cpp/japanese-era/exact-era-date`) | | This query is no longer run on LGTM. | | No space for zero terminator (`cpp/no-space-for-terminator`) | Fewer false positive results | This query has been modified to be more conservative when identifying which pointers point to null-terminated strings. This approach produces fewer, more accurate results. | +| Unsafe array for days of the year (`cpp/leap-year/unsafe-array-for-days-of-the-year`) | | This query is no longer run on LGTM. | ## Changes to libraries From b2e2db1e5c796177a3687d3e8bea0826330daf1d Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Tue, 17 Dec 2019 10:39:52 +0000 Subject: [PATCH 5/5] CPP: Autoformat. --- cpp/ql/src/semmle/code/cpp/commons/DateTime.qll | 1 + 1 file changed, 1 insertion(+) diff --git a/cpp/ql/src/semmle/code/cpp/commons/DateTime.qll b/cpp/ql/src/semmle/code/cpp/commons/DateTime.qll index 0fa133a3d9f7..abbb1193021a 100644 --- a/cpp/ql/src/semmle/code/cpp/commons/DateTime.qll +++ b/cpp/ql/src/semmle/code/cpp/commons/DateTime.qll @@ -19,6 +19,7 @@ private predicate timeType(string typeName) { typeName = "SYSTEMTIME" or typeName = "tm" } + /** * A type that is used to represent times and dates in an 'unpacked' form, that is, * with separate fields for day, month, year etc.