Adding LeapYear.qll and Adding365DaysPerYear ql and help.

bdrodes · bdrodes · commit 7eee4f2ea51b · 2025-01-15T12:25:41.000-05:00
diff --git a/cpp/ql/src/Microsoft/Leap Year/Adding365DaysPerYear.qhelp b/cpp/ql/src/Microsoft/Leap Year/Adding365DaysPerYear.qhelp
@@ -0,0 +1,22 @@
+<!DOCTYPE qhelp PUBLIC
+  "-//Semmle//qhelp//EN"
+  "qhelp.dtd">
+<qhelp>
+<overview>
+  <include src="LeapYear.inc.qhelp" />
+
+<p>When performing arithmetic operations on a variable that represents a date, leap years must be taken into account.
+It is not safe to assume that a year is 365 days long.</p>
+</overview>
+
+<recommendation>
+<p>Determine whether the time span in question contains a leap day, then perform the calculation using the correct number
+of days. Alternatively, use an established library routine that already contains correct leap year logic.</p>
+</recommendation>
+
+<references>
+  <li>NASA / Goddard Space Flight Center - <a href="https://eclipse.gsfc.nasa.gov/SEhelp/calendars.html">Calendars</a></li>
+  <li>Wikipedia - <a href="https://en.wikipedia.org/wiki/Leap_year_bug"> Leap year bug</a> </li>
+  <li>Microsoft Azure blog - <a href="https://azure.microsoft.com/en-us/blog/is-your-code-ready-for-the-leap-year/"> Is your code ready for the leap year?</a> </li>
+</references>
+</qhelp>
diff --git a/cpp/ql/src/Microsoft/Leap Year/Adding365DaysPerYear.ql b/cpp/ql/src/Microsoft/Leap Year/Adding365DaysPerYear.ql
@@ -0,0 +1,26 @@
+/**
+ * @name Arithmetic operation assumes 365 days per year
+ * @description When an arithmetic operation modifies a date by a constant
+ *              value of 365, it may be a sign that leap years are not taken
+ *              into account.
+ * @kind problem
+ * @problem.severity error
+ * @id cpp/leap-year/adding-365-days-per-year
+ * @precision medium
+ * @tags leap-year
+ *       correctness
+ *       security
+ */
+
+import cpp
+import LeapYear
+import semmle.code.cpp.dataflow.new.DataFlow
+
+from Expr source, Expr sink
+where
+  PossibleYearArithmeticOperationCheckFlow::flow(DataFlow::exprNode(source),
+    DataFlow::exprNode(sink))
+select sink,
+  "$@: This arithmetic operation $@ uses a constant value of 365 ends up modifying the date/time located at $@, without considering leap year scenarios.",
+  sink.getEnclosingFunction(), sink.getEnclosingFunction().toString(), source, source.toString(),
+  sink, sink.toString()
diff --git a/cpp/ql/src/Microsoft/Leap Year/LeapYear.qll b/cpp/ql/src/Microsoft/Leap Year/LeapYear.qll
