Open
Conversation
…to a more precise ignorable operation analysis. Ignorable operations that flow to a possible source also invalidate that source. Also added a root source finder to get the earliest source if many exist. Modified the leap year checker finder to use a new dataflow mechanic that flows from a YearFieldAccess.
… constant being a literal, but a known value variable or literal.
… ignore certain opeartions. Also added an ignorable function class to be used to ignore operation sources.
…ure they are actually necessary or providing much utility.
…iewing the unit tests and conversations about how to handle some of the fp/fn cases observed. Updated the unit tests to use InlineExpectationsTestQuery.ql so it is easier to detect FP/FNs.
…eds to be generally reassessed but recent test changes alter the expected results.
…se positive we currently do not have a solution for, marked as SPURIOUS.
… for handing mktime and other variants that convert the time automatically without the need for a check if the date is an incorrect leap year date.
ropwareJB
reviewed
Jan 30, 2026
ropwareJB
reviewed
Jan 30, 2026
cpp/ql/src/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification.ql
Show resolved
Hide resolved
ropwareJB
reviewed
Jan 30, 2026
cpp/ql/src/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification.ql
Show resolved
Hide resolved
ropwareJB
reviewed
Jan 30, 2026
cpp/ql/src/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification.ql
Show resolved
Hide resolved
…ification.ql Co-authored-by: Josh Brown <jb1@microsoft.com>
…ification.ql Co-authored-by: Josh Brown <jb1@microsoft.com>
…ification.ql Co-authored-by: Josh Brown <jb1@microsoft.com>
ropwareJB
reviewed
Feb 2, 2026
cpp/ql/src/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification.ql
Outdated
Show resolved
Hide resolved
ropwareJB
approved these changes
Feb 2, 2026
…ification.ql Co-authored-by: Josh Brown <jb1@microsoft.com>
…into jb1/ap1-maturity
…ear dates without needing to be checked.
MathiasVP
reviewed
Feb 6, 2026
Collaborator
MathiasVP
left a comment
MathiasVP
left a comment
There was a problem hiding this comment.
Lots of comments! I've tried to anticipate some of the things that GitHub would probably like to see fixed. I'm sure they will have other comments, but this should at least shave off the first round of review comments 😄
Comment on lines
98
to
118
|
|
||
| /** | ||
| * A `DayFieldAccess` for the `TIME_FIELDS` struct. | ||
| */ | ||
| class TimeFieldsDayFieldAccess extends DayFieldAccess { | ||
| TimeFieldsDayFieldAccess() { this.getTarget().getName() = "Day" } | ||
| } | ||
|
|
||
| /** | ||
| * A `MonthFieldAccess` for the `TIME_FIELDS` struct. | ||
| */ | ||
| class TimeFieldsMonthFieldAccess extends MonthFieldAccess { | ||
| TimeFieldsMonthFieldAccess() { this.getTarget().getName() = "Month" } | ||
| } | ||
|
|
||
| /** | ||
| * A `YearFieldAccess` for the `TIME_FIELDS` struct. | ||
| */ | ||
| class TimeFieldsYearFieldAccess extends YearFieldAccess { | ||
| TimeFieldsYearFieldAccess() { this.getTarget().getName() = "Year" } | ||
| } No newline at end of file |
Collaborator
There was a problem hiding this comment.
Ideally these should all be private, but I see that the old StructTmYearFieldAccess and friends also aren't private so 🤷
Should we also check for the declaring types here? i.e., add something like:
this.getTarget().getDeclaringType().hasGlobalName("_TIME_FIELDS")?(note the underscore in front)
Author
There was a problem hiding this comment.
I'm trying to match the existing approach here, and none of the others do this, so I'm inclined to leave it and such a change should be a separate PR.
cpp/ql/src/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification.ql
Outdated
Show resolved
Hide resolved
cpp/ql/src/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification.ql
Outdated
Show resolved
Hide resolved
cpp/ql/src/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification.ql
Show resolved
Hide resolved
cpp/ql/src/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification.ql
Outdated
Show resolved
Hide resolved
cpp/ql/src/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification.ql
Show resolved
Hide resolved
…ification.ql Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
…ification.ql Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
…ification.ql Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
…ification.ql Co-authored-by: Mathias Vorreiter Pedersen <mathiasvp@github.com>
…into jb1/ap1-maturity
…utoLeapYearCorrecting. Updating expected results.
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
False positive clean up for cpp/microsoft/public/leap-year/unchecked-after-arithmetic-year-modification.