From b441b65918c423f712362577cabe46efa0a48e58 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Thu, 29 Aug 2019 17:34:52 +0100 Subject: [PATCH 1/7] CPP: Give the two japanese era queries unique @names. --- .../JapaneseEra/ConstructorOrMethodWithExactEraDate.ql | 2 +- cpp/ql/src/Likely Bugs/JapaneseEra/StructWithExactEraDate.ql | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/cpp/ql/src/Likely Bugs/JapaneseEra/ConstructorOrMethodWithExactEraDate.ql b/cpp/ql/src/Likely Bugs/JapaneseEra/ConstructorOrMethodWithExactEraDate.ql index 2a6a0f528745..a8b23e10e99f 100644 --- a/cpp/ql/src/Likely Bugs/JapaneseEra/ConstructorOrMethodWithExactEraDate.ql +++ b/cpp/ql/src/Likely Bugs/JapaneseEra/ConstructorOrMethodWithExactEraDate.ql @@ -1,5 +1,5 @@ /** - * @name Hard-coded Japanese era start date + * @name Hard-coded Japanese era start date in call * @description Japanese era changes can lead to code behaving differently. Avoid hard-coding Japanese era start dates. * @kind problem * @problem.severity warning diff --git a/cpp/ql/src/Likely Bugs/JapaneseEra/StructWithExactEraDate.ql b/cpp/ql/src/Likely Bugs/JapaneseEra/StructWithExactEraDate.ql index 72069d07e133..4b8dcc7fde2e 100644 --- a/cpp/ql/src/Likely Bugs/JapaneseEra/StructWithExactEraDate.ql +++ b/cpp/ql/src/Likely Bugs/JapaneseEra/StructWithExactEraDate.ql @@ -1,5 +1,5 @@ /** - * @name Hard-coded Japanese era start date + * @name Hard-coded Japanese era start date in struct * @description Japanese era changes can lead to code behaving differently. Avoid hard-coding Japanese era start dates. * @kind problem * @problem.severity warning From 7c14c68486438170fa843012273246c348ddab79 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Thu, 29 Aug 2019 17:40:55 +0100 Subject: [PATCH 2/7] CPP: Add a new, combined Japanese era query. --- .../Magic Constants/JapaneseEraDate.qhelp | 17 +++++ .../Magic Constants/JapaneseEraDate.ql | 63 +++++++++++++++++++ 2 files changed, 80 insertions(+) create mode 100644 cpp/ql/src/Best Practices/Magic Constants/JapaneseEraDate.qhelp create mode 100644 cpp/ql/src/Best Practices/Magic Constants/JapaneseEraDate.ql diff --git a/cpp/ql/src/Best Practices/Magic Constants/JapaneseEraDate.qhelp b/cpp/ql/src/Best Practices/Magic Constants/JapaneseEraDate.qhelp new file mode 100644 index 000000000000..f009401099aa --- /dev/null +++ b/cpp/ql/src/Best Practices/Magic Constants/JapaneseEraDate.qhelp @@ -0,0 +1,17 @@ + + + +

+ When eras change, date and time conversions that rely on a hard-coded era start date need to be reviewed. Conversions relying on Japanese dates in the current era can produce an ambiguous date. + The values for the current Japanese era dates should be read from a source that will be updated, such as the Windows registry. +

+ + + +
  • + The Japanese Calendar's Y2K Moment. +
    • +     +     diff --git a/cpp/ql/src/Best Practices/Magic Constants/JapaneseEraDate.ql b/cpp/ql/src/Best Practices/Magic Constants/JapaneseEraDate.ql new file mode 100644 index 000000000000..7deccfdcd5d9 --- /dev/null +++ b/cpp/ql/src/Best Practices/Magic Constants/JapaneseEraDate.ql @@ -0,0 +1,63 @@ +/** + * @name Hard-coded Japanese era start date + * @description Japanese era changes can lead to code behaving differently. Avoid hard-coding Japanese era start dates. + * @kind problem + * @problem.severity warning + * @id cpp/japanese-era/exact-era-date + * @precision medium + * @tags reliability + * japanese-era + */ + +import cpp +import semmle.code.cpp.commons.DateTime + +predicate assignedYear(Struct s, YearFieldAccess year, int value) { + exists(Operation yearAssignment | + s.getAField().getAnAccess() = year and + yearAssignment.getAnOperand() = year and + yearAssignment.getAnOperand().getValue().toInt() = value + ) +} + +predicate assignedMonth(Struct s, MonthFieldAccess month, int value) { + exists(Operation monthAssignment | + s.getAField().getAnAccess() = month and + monthAssignment.getAnOperand() = month and + monthAssignment.getAnOperand().getValue().toInt() = value + ) +} + +predicate assignedDay(Struct s, DayFieldAccess day, int value) { + exists(Operation dayAssignment | + s.getAField().getAnAccess() = day and + dayAssignment.getAnOperand() = day and + dayAssignment.getAnOperand().getValue().toInt() = value + ) +} + +predicate badStructInitialization(Element target, string message) { + exists(StructLikeClass s, YearFieldAccess year, MonthFieldAccess month, DayFieldAccess day | + assignedYear(s, year, 1989) and + assignedMonth(s, month, 1) and + assignedDay(s, day, 8) and + target = year and + message = "A time struct that is initialized with exact Japanese calendar era start date." + ) +} + +predicate badCall(Element target, string message) { + exists(Call cc, int i | + cc.getArgument(i).getValue().toInt() = 1989 and + cc.getArgument(i + 1).getValue().toInt() = 1 and + cc.getArgument(i + 2).getValue().toInt() = 8 and + target = cc and + message = "Call that appears to have hard-coded Japanese era start date as parameter." + ) +} + +from Element target, string message +where + badStructInitialization(target, message) or + badCall(target, message) +select target, message From ed53aef4dd5fa92cf743777ee287129c8c2e11d8 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Thu, 29 Aug 2019 17:43:16 +0100 Subject: [PATCH 3/7] CPP: Deprecate the two old queries. --- .../JapaneseEra/ConstructorOrMethodWithExactEraDate.ql | 2 ++ cpp/ql/src/Likely Bugs/JapaneseEra/StructWithExactEraDate.ql | 2 ++ 2 files changed, 4 insertions(+) diff --git a/cpp/ql/src/Likely Bugs/JapaneseEra/ConstructorOrMethodWithExactEraDate.ql b/cpp/ql/src/Likely Bugs/JapaneseEra/ConstructorOrMethodWithExactEraDate.ql index a8b23e10e99f..dd99f709d6e6 100644 --- a/cpp/ql/src/Likely Bugs/JapaneseEra/ConstructorOrMethodWithExactEraDate.ql +++ b/cpp/ql/src/Likely Bugs/JapaneseEra/ConstructorOrMethodWithExactEraDate.ql @@ -7,6 +7,8 @@ * @precision medium * @tags reliability * japanese-era + * @deprecated This query is deprecated, use + * Best Practices/Magic Constants/JapaneseEraDate.ql instead. */ import cpp diff --git a/cpp/ql/src/Likely Bugs/JapaneseEra/StructWithExactEraDate.ql b/cpp/ql/src/Likely Bugs/JapaneseEra/StructWithExactEraDate.ql index 4b8dcc7fde2e..7c10fa29e64a 100644 --- a/cpp/ql/src/Likely Bugs/JapaneseEra/StructWithExactEraDate.ql +++ b/cpp/ql/src/Likely Bugs/JapaneseEra/StructWithExactEraDate.ql @@ -7,6 +7,8 @@ * @precision medium * @tags reliability * japanese-era + * @deprecated This query is deprecated, use + * Best Practices/Magic Constants/JapaneseEraDate.ql instead. */ import cpp From ed7586d829734f0dec3d4eec571363b494ef4720 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Thu, 29 Aug 2019 17:44:53 +0100 Subject: [PATCH 4/7] CPP: Add a combined test for the combined query. --- .../ConstructorOrMethodWithExactDate.cpp | 40 +++++++++++++ .../Japanese Era/JapaneseEraDate.expected | 5 ++ .../Japanese Era/JapaneseEraDate.qlref | 1 + .../Japanese Era/StructWithExactDate.cpp | 57 +++++++++++++++++++ 4 files changed, 103 insertions(+) create mode 100644 cpp/ql/test/query-tests/Best Practices/Magic Constants/Japanese Era/ConstructorOrMethodWithExactDate.cpp create mode 100644 cpp/ql/test/query-tests/Best Practices/Magic Constants/Japanese Era/JapaneseEraDate.expected create mode 100644 cpp/ql/test/query-tests/Best Practices/Magic Constants/Japanese Era/JapaneseEraDate.qlref create mode 100644 cpp/ql/test/query-tests/Best Practices/Magic Constants/Japanese Era/StructWithExactDate.cpp diff --git a/cpp/ql/test/query-tests/Best Practices/Magic Constants/Japanese Era/ConstructorOrMethodWithExactDate.cpp b/cpp/ql/test/query-tests/Best Practices/Magic Constants/Japanese Era/ConstructorOrMethodWithExactDate.cpp new file mode 100644 index 000000000000..a1eef2e3b905 --- /dev/null +++ b/cpp/ql/test/query-tests/Best Practices/Magic Constants/Japanese Era/ConstructorOrMethodWithExactDate.cpp @@ -0,0 +1,40 @@ +class EraInfo +{ +public: + EraInfo() { + + }; + + EraInfo(int year, int month, int day) { + + }; + + EraInfo(int Era, int foo, int year, int month, int day, const wchar_t * eraName) + { + + } + + static EraInfo * EraInfoFromDate(int Era, int foo, int year, int month, int day, wchar_t * eraName) + { + return new EraInfo(Era, foo, year, month, day, eraName); + } +}; + +int Main() +{ + + // BAD: constructor creating a EraInfo with exact Heisei era start date + EraInfo * pDateTimeUtil = new EraInfo(1989, 1, 8); + + // BAD: constructor creating a EraInfo with exact Heisei era start date + EraInfo * pDateTimeUtil1 = new EraInfo(1, 2, 1989, 1, 8, L"\u5e73\u6210"); + + // Good: constructor creating a EraInfo with another date + EraInfo * pDateTimeUtil2 = new EraInfo(1, 2, 1900, 1, 1, L"foo"); + + // BAD: method call passing exact Haisei era start date as parameters + EraInfo * pDateTimeUtil3 = EraInfo::EraInfoFromDate(1, 2, 1989, 1, 8, L"\u5e73\u6210"); + + // GOOD: method call with the same parameters in a different order (we only track year, month, day) + EraInfo * pDateTimeUtil4 = EraInfo::EraInfoFromDate(1, 2, 8, 1, 1989, L"\u5e73\u6210"); +} \ No newline at end of file diff --git a/cpp/ql/test/query-tests/Best Practices/Magic Constants/Japanese Era/JapaneseEraDate.expected b/cpp/ql/test/query-tests/Best Practices/Magic Constants/Japanese Era/JapaneseEraDate.expected new file mode 100644 index 000000000000..920b0ecd86cf --- /dev/null +++ b/cpp/ql/test/query-tests/Best Practices/Magic Constants/Japanese Era/JapaneseEraDate.expected @@ -0,0 +1,5 @@ +| ConstructorOrMethodWithExactDate.cpp:27:31:27:53 | call to EraInfo | Call that appears to have hard-coded Japanese era start date as parameter. | +| ConstructorOrMethodWithExactDate.cpp:30:32:30:77 | call to EraInfo | Call that appears to have hard-coded Japanese era start date as parameter. | +| ConstructorOrMethodWithExactDate.cpp:36:32:36:55 | call to EraInfoFromDate | Call that appears to have hard-coded Japanese era start date as parameter. | +| StructWithExactDate.cpp:31:13:31:19 | tm_year | A time struct that is initialized with exact Japanese calendar era start date. | +| StructWithExactDate.cpp:46:8:46:12 | wYear | A time struct that is initialized with exact Japanese calendar era start date. | diff --git a/cpp/ql/test/query-tests/Best Practices/Magic Constants/Japanese Era/JapaneseEraDate.qlref b/cpp/ql/test/query-tests/Best Practices/Magic Constants/Japanese Era/JapaneseEraDate.qlref new file mode 100644 index 000000000000..4240387a36ce --- /dev/null +++ b/cpp/ql/test/query-tests/Best Practices/Magic Constants/Japanese Era/JapaneseEraDate.qlref @@ -0,0 +1 @@ +Best Practices/Magic Constants/JapaneseEraDate.ql diff --git a/cpp/ql/test/query-tests/Best Practices/Magic Constants/Japanese Era/StructWithExactDate.cpp b/cpp/ql/test/query-tests/Best Practices/Magic Constants/Japanese Era/StructWithExactDate.cpp new file mode 100644 index 000000000000..9c2b9eb06403 --- /dev/null +++ b/cpp/ql/test/query-tests/Best Practices/Magic Constants/Japanese Era/StructWithExactDate.cpp @@ -0,0 +1,57 @@ +typedef unsigned short WORD; + +struct tm +{ + int tm_sec; // seconds after the minute - [0, 60] including leap second + int tm_min; // minutes after the hour - [0, 59] + int tm_hour; // hours since midnight - [0, 23] + int tm_mday; // day of the month - [1, 31] + int tm_mon; // months since January - [0, 11] + int tm_year; // years since 1900 + int tm_wday; // days since Sunday - [0, 6] + int tm_yday; // days since January 1 - [0, 365] + int tm_isdst; // daylight savings time flag +}; + +typedef struct _SYSTEMTIME { + WORD wYear; + WORD wMonth; + WORD wDayOfWeek; + WORD wDay; + WORD wHour; + WORD wMinute; + WORD wSecond; + WORD wMilliseconds; +} SYSTEMTIME, *PSYSTEMTIME, *LPSYSTEMTIME; + +int main() +{ + // BAD: Creation of tm stuct corresponding to the beginning of Heisei era + tm *timeTm = new tm(); + timeTm->tm_year = 1989; + timeTm->tm_mon = 1; + timeTm->tm_mday = 8; + + + // GOOD: Creation of tm stuct with different date + tm *timeTm1 = new tm(); + timeTm1->tm_year = 1988; + timeTm1->tm_mon = 1; + timeTm1->tm_mday = 1; + + // BAD: Creation of SYSTEMTIME stuct corresponding to the beginning of Heisei era + SYSTEMTIME st; + st.wDay = 8; + st.wMonth = 1; + st.wYear = 1989; + + + // GOOD: Creation of SYSTEMTIME stuct with a different date + SYSTEMTIME st1; + st1.wDay = 1; + st1.wMonth = 1; + st1.wYear = 1990; + + return 0; +} + From 2b1871fd2b02decb4eb2f295f81b231f4c5e5129 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Thu, 29 Aug 2019 17:46:50 +0100 Subject: [PATCH 5/7] CPP: Remove the old test. I don't think preserving a duplicate test of deprecated queries is helpful. --- .../ConstructorOrMethodWithExactDate.cpp | 40 ------------- ...nstructorOrMethodWithExactEraDate.expected | 3 - .../ConstructorOrMethodWithExactEraDate.qlref | 1 - .../Japanese Era/StructWithExactDate.cpp | 57 ------------------- .../StructWithExactEraDate.expected | 2 - .../Japanese Era/StructWithExactEraDate.qlref | 1 - 6 files changed, 104 deletions(-) delete mode 100644 cpp/ql/test/query-tests/Likely Bugs/Japanese Era/ConstructorOrMethodWithExactDate.cpp delete mode 100644 cpp/ql/test/query-tests/Likely Bugs/Japanese Era/ConstructorOrMethodWithExactEraDate.expected delete mode 100644 cpp/ql/test/query-tests/Likely Bugs/Japanese Era/ConstructorOrMethodWithExactEraDate.qlref delete mode 100644 cpp/ql/test/query-tests/Likely Bugs/Japanese Era/StructWithExactDate.cpp delete mode 100644 cpp/ql/test/query-tests/Likely Bugs/Japanese Era/StructWithExactEraDate.expected delete mode 100644 cpp/ql/test/query-tests/Likely Bugs/Japanese Era/StructWithExactEraDate.qlref diff --git a/cpp/ql/test/query-tests/Likely Bugs/Japanese Era/ConstructorOrMethodWithExactDate.cpp b/cpp/ql/test/query-tests/Likely Bugs/Japanese Era/ConstructorOrMethodWithExactDate.cpp deleted file mode 100644 index a1eef2e3b905..000000000000 --- a/cpp/ql/test/query-tests/Likely Bugs/Japanese Era/ConstructorOrMethodWithExactDate.cpp +++ /dev/null @@ -1,40 +0,0 @@ -class EraInfo -{ -public: - EraInfo() { - - }; - - EraInfo(int year, int month, int day) { - - }; - - EraInfo(int Era, int foo, int year, int month, int day, const wchar_t * eraName) - { - - } - - static EraInfo * EraInfoFromDate(int Era, int foo, int year, int month, int day, wchar_t * eraName) - { - return new EraInfo(Era, foo, year, month, day, eraName); - } -}; - -int Main() -{ - - // BAD: constructor creating a EraInfo with exact Heisei era start date - EraInfo * pDateTimeUtil = new EraInfo(1989, 1, 8); - - // BAD: constructor creating a EraInfo with exact Heisei era start date - EraInfo * pDateTimeUtil1 = new EraInfo(1, 2, 1989, 1, 8, L"\u5e73\u6210"); - - // Good: constructor creating a EraInfo with another date - EraInfo * pDateTimeUtil2 = new EraInfo(1, 2, 1900, 1, 1, L"foo"); - - // BAD: method call passing exact Haisei era start date as parameters - EraInfo * pDateTimeUtil3 = EraInfo::EraInfoFromDate(1, 2, 1989, 1, 8, L"\u5e73\u6210"); - - // GOOD: method call with the same parameters in a different order (we only track year, month, day) - EraInfo * pDateTimeUtil4 = EraInfo::EraInfoFromDate(1, 2, 8, 1, 1989, L"\u5e73\u6210"); -} \ No newline at end of file diff --git a/cpp/ql/test/query-tests/Likely Bugs/Japanese Era/ConstructorOrMethodWithExactEraDate.expected b/cpp/ql/test/query-tests/Likely Bugs/Japanese Era/ConstructorOrMethodWithExactEraDate.expected deleted file mode 100644 index 9b6c731ebd4c..000000000000 --- a/cpp/ql/test/query-tests/Likely Bugs/Japanese Era/ConstructorOrMethodWithExactEraDate.expected +++ /dev/null @@ -1,3 +0,0 @@ -| ConstructorOrMethodWithExactDate.cpp:27:31:27:53 | call to EraInfo | Call that appears to have hard-coded Japanese era start date as parameter. | -| ConstructorOrMethodWithExactDate.cpp:30:32:30:77 | call to EraInfo | Call that appears to have hard-coded Japanese era start date as parameter. | -| ConstructorOrMethodWithExactDate.cpp:36:32:36:55 | call to EraInfoFromDate | Call that appears to have hard-coded Japanese era start date as parameter. | diff --git a/cpp/ql/test/query-tests/Likely Bugs/Japanese Era/ConstructorOrMethodWithExactEraDate.qlref b/cpp/ql/test/query-tests/Likely Bugs/Japanese Era/ConstructorOrMethodWithExactEraDate.qlref deleted file mode 100644 index 2e5a8969872e..000000000000 --- a/cpp/ql/test/query-tests/Likely Bugs/Japanese Era/ConstructorOrMethodWithExactEraDate.qlref +++ /dev/null @@ -1 +0,0 @@ -Likely Bugs/JapaneseEra/ConstructorOrMethodWithExactEraDate.ql diff --git a/cpp/ql/test/query-tests/Likely Bugs/Japanese Era/StructWithExactDate.cpp b/cpp/ql/test/query-tests/Likely Bugs/Japanese Era/StructWithExactDate.cpp deleted file mode 100644 index 9c2b9eb06403..000000000000 --- a/cpp/ql/test/query-tests/Likely Bugs/Japanese Era/StructWithExactDate.cpp +++ /dev/null @@ -1,57 +0,0 @@ -typedef unsigned short WORD; - -struct tm -{ - int tm_sec; // seconds after the minute - [0, 60] including leap second - int tm_min; // minutes after the hour - [0, 59] - int tm_hour; // hours since midnight - [0, 23] - int tm_mday; // day of the month - [1, 31] - int tm_mon; // months since January - [0, 11] - int tm_year; // years since 1900 - int tm_wday; // days since Sunday - [0, 6] - int tm_yday; // days since January 1 - [0, 365] - int tm_isdst; // daylight savings time flag -}; - -typedef struct _SYSTEMTIME { - WORD wYear; - WORD wMonth; - WORD wDayOfWeek; - WORD wDay; - WORD wHour; - WORD wMinute; - WORD wSecond; - WORD wMilliseconds; -} SYSTEMTIME, *PSYSTEMTIME, *LPSYSTEMTIME; - -int main() -{ - // BAD: Creation of tm stuct corresponding to the beginning of Heisei era - tm *timeTm = new tm(); - timeTm->tm_year = 1989; - timeTm->tm_mon = 1; - timeTm->tm_mday = 8; - - - // GOOD: Creation of tm stuct with different date - tm *timeTm1 = new tm(); - timeTm1->tm_year = 1988; - timeTm1->tm_mon = 1; - timeTm1->tm_mday = 1; - - // BAD: Creation of SYSTEMTIME stuct corresponding to the beginning of Heisei era - SYSTEMTIME st; - st.wDay = 8; - st.wMonth = 1; - st.wYear = 1989; - - - // GOOD: Creation of SYSTEMTIME stuct with a different date - SYSTEMTIME st1; - st1.wDay = 1; - st1.wMonth = 1; - st1.wYear = 1990; - - return 0; -} - diff --git a/cpp/ql/test/query-tests/Likely Bugs/Japanese Era/StructWithExactEraDate.expected b/cpp/ql/test/query-tests/Likely Bugs/Japanese Era/StructWithExactEraDate.expected deleted file mode 100644 index c31c9cc4d7a5..000000000000 --- a/cpp/ql/test/query-tests/Likely Bugs/Japanese Era/StructWithExactEraDate.expected +++ /dev/null @@ -1,2 +0,0 @@ -| StructWithExactDate.cpp:31:13:31:19 | tm_year | A time struct that is initialized with exact Japanese calendar era start date. | -| StructWithExactDate.cpp:46:8:46:12 | wYear | A time struct that is initialized with exact Japanese calendar era start date. | diff --git a/cpp/ql/test/query-tests/Likely Bugs/Japanese Era/StructWithExactEraDate.qlref b/cpp/ql/test/query-tests/Likely Bugs/Japanese Era/StructWithExactEraDate.qlref deleted file mode 100644 index 443b15e6da3f..000000000000 --- a/cpp/ql/test/query-tests/Likely Bugs/Japanese Era/StructWithExactEraDate.qlref +++ /dev/null @@ -1 +0,0 @@ -Likely Bugs/JapaneseEra/StructWithExactEraDate.ql From b254e1f48e25f46c8c866c6d0066d879ac0bc1b3 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Thu, 29 Aug 2019 18:24:29 +0100 Subject: [PATCH 6/7] CPP: Change note. --- change-notes/1.23/analysis-cpp.md | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/change-notes/1.23/analysis-cpp.md b/change-notes/1.23/analysis-cpp.md index 8f236b6c2de9..8ff04591f5bf 100644 --- a/change-notes/1.23/analysis-cpp.md +++ b/change-notes/1.23/analysis-cpp.md @@ -8,13 +8,15 @@ The following changes in version 1.23 affect C/C++ analysis in all applications. | **Query** | **Tags** | **Purpose** | |-----------------------------|-----------|--------------------------------------------------------------------| -| Query name (`query id`) | tags | Message. | +| Hard-coded Japanese era start date (`cpp/japanese-era/exact-era-date`) | reliability, japanese-era | This query is a combination of two old queries that were identical in purpose but separate as an implementation detail. This new query replaces Hard-coded Japanese era start date in call (`cpp/japanese-era/constructor-or-method-with-exact-era-date`) and Hard-coded Japanese era start date in struct (`cpp/japanese-era/struct-with-exact-era-date`). | ## Changes to existing queries | **Query** | **Expected impact** | **Change** | |----------------------------|------------------------|------------------------------------------------------------------| | Query name (`query id`) | Expected impact | Message. | +| Hard-coded Japanese era start date in call (`cpp/japanese-era/constructor-or-method-with-exact-era-date`) | Deprecated | This query has been deprecated. Use the new combined query Hard-coded Japanese era start date (`cpp/japanese-era/exact-era-date`) instead. | +| Hard-coded Japanese era start date in struct (`cpp/japanese-era/struct-with-exact-era-date`) | Deprecated | This query has been deprecated. Use the new combined query Hard-coded Japanese era start date (`cpp/japanese-era/exact-era-date`) instead. | ## Changes to QL libraries From c4d74c39228d0c5070a4e5a769c87542e2271248 Mon Sep 17 00:00:00 2001 From: Geoffrey White <40627776+geoffw0@users.noreply.github.com> Date: Mon, 2 Sep 2019 12:36:36 +0100 Subject: [PATCH 7/7] CPP: Replace query paths with @name and @id. --- .../JapaneseEra/ConstructorOrMethodWithExactEraDate.ql | 3 ++- cpp/ql/src/Likely Bugs/JapaneseEra/StructWithExactEraDate.ql | 3 ++- .../Likely Bugs/Memory Management/PotentialBufferOverflow.ql | 5 +++-- cpp/ql/src/Likely Bugs/OO/NonVirtualDestructor.ql | 4 ++-- 4 files changed, 9 insertions(+), 6 deletions(-) diff --git a/cpp/ql/src/Likely Bugs/JapaneseEra/ConstructorOrMethodWithExactEraDate.ql b/cpp/ql/src/Likely Bugs/JapaneseEra/ConstructorOrMethodWithExactEraDate.ql index dd99f709d6e6..fa468c74218b 100644 --- a/cpp/ql/src/Likely Bugs/JapaneseEra/ConstructorOrMethodWithExactEraDate.ql +++ b/cpp/ql/src/Likely Bugs/JapaneseEra/ConstructorOrMethodWithExactEraDate.ql @@ -8,7 +8,8 @@ * @tags reliability * japanese-era * @deprecated This query is deprecated, use - * Best Practices/Magic Constants/JapaneseEraDate.ql instead. + * Hard-coded Japanese era start date (`cpp/japanese-era/exact-era-date`) + * instead. */ import cpp diff --git a/cpp/ql/src/Likely Bugs/JapaneseEra/StructWithExactEraDate.ql b/cpp/ql/src/Likely Bugs/JapaneseEra/StructWithExactEraDate.ql index 7c10fa29e64a..fe924954d99a 100644 --- a/cpp/ql/src/Likely Bugs/JapaneseEra/StructWithExactEraDate.ql +++ b/cpp/ql/src/Likely Bugs/JapaneseEra/StructWithExactEraDate.ql @@ -8,7 +8,8 @@ * @tags reliability * japanese-era * @deprecated This query is deprecated, use - * Best Practices/Magic Constants/JapaneseEraDate.ql instead. + * Hard-coded Japanese era start date (`cpp/japanese-era/exact-era-date`) + * instead. */ import cpp diff --git a/cpp/ql/src/Likely Bugs/Memory Management/PotentialBufferOverflow.ql b/cpp/ql/src/Likely Bugs/Memory Management/PotentialBufferOverflow.ql index 99e771d0fbfa..74d871823803 100644 --- a/cpp/ql/src/Likely Bugs/Memory Management/PotentialBufferOverflow.ql +++ b/cpp/ql/src/Likely Bugs/Memory Management/PotentialBufferOverflow.ql @@ -10,8 +10,9 @@ * security * external/cwe/cwe-676 * @deprecated This query is deprecated, use - * Security/CWE/CWE-120/OverrunWrite.ql and - * Security/CWE/CWE-120/OverrunWriteFloat.ql instead. + * Potentially overrunning write (`cpp/overrunning-write`) and + * Potentially overrunning write with float to string conversion + * (`cpp/overrunning-write-with-float) instead. */ import cpp import semmle.code.cpp.commons.Buffer diff --git a/cpp/ql/src/Likely Bugs/OO/NonVirtualDestructor.ql b/cpp/ql/src/Likely Bugs/OO/NonVirtualDestructor.ql index 2cb6d111c9bd..e4284bbd8044 100644 --- a/cpp/ql/src/Likely Bugs/OO/NonVirtualDestructor.ql +++ b/cpp/ql/src/Likely Bugs/OO/NonVirtualDestructor.ql @@ -8,8 +8,8 @@ * @problem.severity warning * @tags reliability * @deprecated This query is deprecated, and replaced by - * jsf/4.10 Classes/AV Rule 78.ql, which has far fewer false - * positives on typical code. + * No virtual destructor (`cpp/jsf/av-rule-78`), which has far + * fewer false positives on typical code. */ import cpp