Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Suppress instances of cs/leap-year/unsafe-date-construction-from-two-elements #99086

Merged
merged 2 commits into from
Feb 29, 2024
Merged

Suppress instances of cs/leap-year/unsafe-date-construction-from-two-elements #99086

merged 2 commits into from
Feb 29, 2024

Conversation

ericstj
Copy link
Member

@ericstj ericstj commented Feb 28, 2024

No description provided.

ericstj and others added 2 commits February 28, 2024 15:00
@ericstj
Adding suppressions for cs/leap-year/unsafe-date-construction-from-tw…
1a5246d 
…o-elements
@ericstj @tarekgh
Apply suggestions from code review
35ee506 
Co-authored-by: Tarek Mahmoud Sayed <tarekms@microsoft.com>
@ericstj ericstj requested a review from tarekgh February 28, 2024 23:25
@ghost ghost assigned ericstj Feb 28, 2024
@ghost
Copy link

ghost commented Feb 28, 2024

Tagging subscribers to this area: @dotnet/area-system-datetime
See info in area-owners.md if you want to be subscribed.

Issue Details

null

Author: ericstj
Assignees: ericstj
Labels:

area-System.DateTime
Milestone: -

@ericstj ericstj mentioned this pull request Feb 29, 2024
Closed
@ericstj ericstj merged commit 7d5a80a into dotnet:main Feb 29, 2024
176 of 178 checks passed
KalleOlaviNiemitalo
KalleOlaviNiemitalo reviewed Feb 29, 2024
View reviewed changes
src/libraries/System.Private.Xml/src/System/Xml/Schema/XsdDateTime.cs
Comment on lines 397 to 400
case DateTimeTypeCode.GMonth:
case DateTimeTypeCode.GDay:
// codeql[cs/leap-year/unsafe-date-construction-from-two-elements] - The XML specification does not explicitly define this behavior for parsing in a non-leap year. We intentionally throw here. Altering this behavior to be more resilient, producing dates like 2/28 or 3/1, could introduce unintended consequences and may not be desirable for user.
result = new DateTime(DateTime.Now.Year, xdt.Month, xdt.Day);
Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Can this really throw? It looks like DateTimeTypeCode.GMonth always has xdt.Day == 1, and DateTimeTypeCode.GDay always has xdt.Month == 1, so xdt can never have the February 29 combination that would cause an exception when DateTime.Now.Year is not a leap year.

runtime/src/libraries/System.Private.Xml/src/System/Xml/Schema/XsdDateTime.cs

Lines 862 to 865 in 35ee506

year = leapYear;
day = firstDay;
typeCode = DateTimeTypeCode.GMonth;
return true;

runtime/src/libraries/System.Private.Xml/src/System/Xml/Schema/XsdDateTime.cs

Lines 881 to 884 in 35ee506

year = leapYear;
month = firstMonth;
typeCode = DateTimeTypeCode.GDay;
return true;

I mean the code seems to be ok but the "We intentionally throw here" comment looks misleading.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It can throw, the parsing code is just use leap year during the parsing which will make 2/29 valid parsing.

result = new DateTime(DateTime.Now.Year, xdt.Month, xdt.Day);

Is using DateTime.Now.Year which is possible to be non-leap year. This will throw .

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

By the way, we have the same behavior in the XmlConverter.

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

If xdt.InternalTypeCode is DateTimeTypeCode.GMonthDay, then xdt can be February 29 (and xdt.Year is always 1904 for GMonthDay). But when I search for places where the parser sets DateTimeTypeCode.GMonth or DateTimeTypeCode.GDay, it seems either xdt.Month or xdt.Day is always 1, so February 29 is just not possible.

Copy link
Member Author

@ericstj ericstj Feb 29, 2024
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

But it's not passing xdt.Year it's passing DateTime.Now.Year
I see @KalleOlaviNiemitalo is mentioning that only Day or Month will be valid when it's using DateTime.Now.Year, but not both (and they default to 1). We have a separate code, GMonthDay that's used when both are valid and that hits the default case returning the internal representation that uses 1904 for year. I agree - we can remove the comment here about intentionally throwing.

Copy link
Member

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

I think you are right @KalleOlaviNiemitalo. We should fix the comment. Are you interested to submit a PR?

@github-actions github-actions bot locked and limited conversation to collaborators Mar 31, 2024
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@tarekgh tarekgh tarekgh approved these changes

@KalleOlaviNiemitalo KalleOlaviNiemitalo KalleOlaviNiemitalo left review comments

Assignees

@ericstj ericstj

Labels
area-System.DateTime
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@ericstj @tarekgh @KalleOlaviNiemitalo