Merge pull request #155 from microsoft/brodes/open_source_query_trans…

…ition Brodes/open source query transition
microsoft · Jan 29, 2025 · 81fa6fc · 81fa6fc
2 parents 25a46a8 + 350742a
commit 81fa6fc
Show file tree

Hide file tree

Showing 87 changed files with 3,374 additions and 290 deletions.
diff --git a/cpp/ql/src/Likely Bugs/Leap Year/Adding365DaysPerYear.qhelp b/cpp/ql/src/Likely Bugs/Leap Year/Adding365DaysPerYear.qhelp
@@ -11,7 +11,7 @@ It is not safe to assume that a year is 365 days long.</p>
 
 <recommendation>
 <p>Determine whether the time span in question contains a leap day, then perform the calculation using the correct number
-of days.  Alternatively, use an established library routine that already contains correct leap year logic.</p>
+of days. Alternatively, use an established library routine that already contains correct leap year logic.</p>
 </recommendation>
 
 <references>

diff --git a/cpp/ql/src/Likely Bugs/Leap Year/Adding365DaysPerYear.ql b/cpp/ql/src/Likely Bugs/Leap Year/Adding365DaysPerYear.ql
@@ -4,7 +4,7 @@
  *              value of 365, it may be a sign that leap years are not taken
  *              into account.
  * @kind problem
- * @problem.severity warning
+ * @problem.severity error
  * @id cpp/leap-year/adding-365-days-per-year
  * @precision medium
  * @tags leap-year
@@ -13,11 +13,13 @@
 
 import cpp
 import LeapYear
+import semmle.code.cpp.dataflow.new.DataFlow
 
 from Expr source, Expr sink
 where
   PossibleYearArithmeticOperationCheckFlow::flow(DataFlow::exprNode(source),
     DataFlow::exprNode(sink))
 select sink,
-  "An arithmetic operation $@ that uses a constant value of 365 ends up modifying this date/time, without considering leap year scenarios.",
-  source, source.toString()
+  "$@: This arithmetic operation $@ uses a constant value of 365 ends up modifying the date/time located at $@, without considering leap year scenarios.",
+  sink.getEnclosingFunction(), sink.getEnclosingFunction().toString(), source, source.toString(),
+  sink, sink.toString()
diff --git a/cpp/ql/src/Likely Bugs/Leap Year/AntiPattern5InvalidLeapYearCheck.ql b/cpp/ql/src/Likely Bugs/Leap Year/AntiPattern5InvalidLeapYearCheck.ql
@@ -0,0 +1,17 @@
+/**
+ * @name Leap Year Invalid Check (AntiPattern 5)
+ * @description An expression is used to check a year is presumably a leap year, but the conditions used are insufficient.
+ * @kind problem
+ * @problem.severity warning
+ * @id cpp/leap-year/invalid-leap-year-check
+ * @precision medium
+ * @tags leap-year
+ *       correctness
+ */
+
+import cpp
+import LeapYear
+
+from Mod4CheckedExpr exprMod4
+where not exists(ExprCheckLeapYear lyCheck | lyCheck.getAChild*() = exprMod4)
+select exprMod4, "Possible Insufficient Leap Year check (AntiPattern 5)"