C++: Refactor of UncheckedLeapYearAfterModification#21292
Open
bdrodes wants to merge 23 commits intogithub:mainfrom
Open
C++: Refactor of UncheckedLeapYearAfterModification#21292bdrodes wants to merge 23 commits intogithub:mainfrom
bdrodes wants to merge 23 commits intogithub:mainfrom
Conversation
…cks (UncheckedLeapYearAfterYearModification). Switch to using 'postprocess' for unit tests.
…ion. Includes new logic for detecting leap year checks, new forms of leap year checks detected, and various heuristics to remove false postives. Move TimeConversionFunction into LeapYear.qll and refactored to separate conversion functions that are expected to be checked for failure from those that auto correct leap year dates if feb 29 is provided on a non-leap year. Increas the set of known TimeConversionFunctions.
…e negative remains.
…auto correct for leap year should be considered.
Contributor
There was a problem hiding this comment.
Pull request overview
Refactors the UncheckedLeapYearAfterYearModification CodeQL query to significantly reduce false positives by introducing more precise flow/guard modeling and expanded heuristics around conversions and “ignorable” operations.
Changes:
- Reworked
UncheckedLeapYearAfterYearModification.qlinto a path-problem with new taint/dataflow-based modeling and multiple false-positive suppression heuristics. - Centralized/expanded time conversion API modeling in
LeapYear.qlland updated related query/tests/expected outputs accordingly. - Extended date/time type support (e.g.,
TIME_FIELDS) and added release change notes.
Reviewed changes
Copilot reviewed 9 out of 9 changed files in this pull request and generated 6 comments.
Show a summary per file
| File | Description |
|---|---|
| cpp/ql/test/query-tests/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification/test.cpp | Adds many new positive/negative/edge test scenarios for the refactored query. |
| cpp/ql/test/query-tests/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification/UncheckedReturnValueForTimeFunctions.expected | Updates expected results to match new line numbers/coverage. |
| cpp/ql/test/query-tests/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification/UncheckedLeapYearAfterYearModification.qlref | Switches to inline-expectations postprocessing. |
| cpp/ql/test/query-tests/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification/UncheckedLeapYearAfterYearModification.expected | Updates expected results to reflect path-problem output and new test suite. |
| cpp/ql/src/Likely Bugs/Leap Year/UncheckedReturnValueForTimeFunctions.ql | Refines conversion-return checking to exclude auto-leap-year-correcting APIs. |
| cpp/ql/src/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification.ql | Full refactor: new flow configurations, guard recognition, and suppression heuristics. |
| cpp/ql/src/Likely Bugs/Leap Year/LeapYear.qll | Moves/expands TimeConversionFunction modeling and adds auto-correcting classification. |
| cpp/ql/lib/semmle/code/cpp/commons/DateTime.qll | Expands recognized unpacked time/date types and adds field-access classes for TIME_FIELDS. |
| cpp/ql/lib/change-notes/2026-02-06-UncheckedLeapYearAfterModification_Refactor | Adds changelog entry documenting the refactor and alert reduction. |
cpp/ql/test/query-tests/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification/test.cpp
Show resolved
Hide resolved
cpp/ql/test/query-tests/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification/test.cpp
Outdated
Show resolved
Hide resolved
cpp/ql/test/query-tests/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification/test.cpp
Outdated
Show resolved
Hide resolved
cpp/ql/src/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification.ql
Outdated
Show resolved
Hide resolved
cpp/ql/src/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification.ql
Outdated
Show resolved
Hide resolved
cpp/ql/test/query-tests/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification/test.cpp
Outdated
Show resolved
Hide resolved
![github-advanced-security[bot]](https://avatars.githubusercontent.com/in/57789?s=60&v=4){kind=small}
cpp/ql/src/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification.ql
Fixed
Show fixed
Hide fixed
cpp/ql/src/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification.ql
Fixed
Show fixed
Hide fixed
cpp/ql/src/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification.ql
Fixed
Show fixed
Hide fixed
cpp/ql/src/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification.ql
Fixed
Show fixed
Hide fixed
cpp/ql/src/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification.ql
Fixed
Show fixed
Hide fixed
cpp/ql/src/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification.ql
Fixed
Show fixed
Hide fixed
cpp/ql/src/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification.ql
Fixed
Show fixed
Hide fixed
cpp/ql/src/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification.ql
Fixed
Show fixed
Hide fixed
cpp/ql/src/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification.ql
Fixed
Show fixed
Hide fixed
cpp/ql/src/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification.ql
Fixed
Show fixed
Hide fixed
geoffw0
reviewed
Feb 11, 2026
Contributor
geoffw0
left a comment
geoffw0
left a comment
There was a problem hiding this comment.
Initial review - lots of small comments, though little in particular I have strong feelings about. I'm happy to see this query get an overhaul, I'm very happy to see lots of test cases, though there is more query code than I'd like from a readability perspective. It would be nice to have some kind of diagram of how all the flows to fit together to aid understanding.
If you make whichever improvements you feel are most valuable, then I expect to approve this. I do also want to briefly check:
- performance
- real world (MRVA) result changes
- CI
cpp/ql/test/query-tests/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification/test.cpp
Show resolved
Hide resolved
cpp/ql/test/query-tests/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification/test.cpp
Show resolved
Hide resolved
cpp/ql/test/query-tests/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification/test.cpp
Show resolved
Hide resolved
cpp/ql/src/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification.ql
Show resolved
Hide resolved
cpp/ql/src/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification.ql
Outdated
Show resolved
Hide resolved
cpp/ql/src/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification.ql
Show resolved
Hide resolved
cpp/ql/src/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification.ql
Show resolved
Hide resolved
cpp/ql/src/Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification.ql
Outdated
Show resolved
Hide resolved
cpp/ql/lib/change-notes/2026-02-06-UncheckedLeapYearAfterModification_Refactor.md
Outdated
Show resolved
Hide resolved
…ification.ql Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
…ication_Refactor.md Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
…w steps for two similar flows into a common additional step predicate.
https://github.com/microsoft/codeql into UncheckedLeaprYearAfterModification_Refactor_Upstream
…ification.ql Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
…ification.ql Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
Co-authored-by: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
https://github.com/microsoft/codeql into UncheckedLeaprYearAfterModification_Refactor_Upstream
Contributor
Author
I think I've addressed all the comments. Are you able to run the DCA run? I'm not sure I have access to do so anymore. |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
3 participants
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
This PR addresses excessive false positive alerting from
Likely Bugs/Leap Year/UncheckedLeapYearAfterYearModification.ql. In separate in-depth auditing, the number of alerts drops from 40,000 down to 2,000 with these changes, with a much higher rate of true positives, though still too high to be considered more than medium precision (~25% false positive rate remaining).This PR is a complete refactor of the original query to address the false positives observed on production code. Some of the lessons learned here could be extrapolated into the LeapYear.qll library, but leaving changes like this for future PRs.