-
Notifications
You must be signed in to change notification settings - Fork 1.6k
/
Copy pathSuspiciousDateFormat.qhelp
42 lines (36 loc) · 1.34 KB
/
SuspiciousDateFormat.qhelp
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
<!DOCTYPE qhelp PUBLIC
"-//Semmle//qhelp//EN"
"qhelp.dtd">
<qhelp>
<overview>
<p>
The Java <code>SimpleDateFormat</code> class provides many placeholders so that you can define
precisely the date format required. However, this also makes it easy to define a pattern that
doesn't behave exactly as you intended. The most common mistake is to use the <code>Y</code>
placeholder (which represents the ISO 8601 week year), rather than <code>y</code> (which
represents the actual year). In this case, the date reported will appear correct until the end
of the year, when the "week year" may differ from the actual year.
</p>
</overview>
<recommendation>
<p>
Ensure the format pattern's use of <code>Y</code> is correct, and if not replace it with <code>y</code>.
</p>
</recommendation>
<example>
<p>
The following example uses the date format <code>YYYY-MM-dd</code>.
On the 30th of December 2019, this code will output "2020-12-30", rather than the intended "2019-12-30".
</p>
<sample src="SuspiciousDateFormat.java" />
<p>
The correct pattern in this case would be <code>yyyy-MM-dd</code> instead of <code>YYYY-MM-dd</code>.
</p>
</example>
<references>
<li>
Java API Specification:
<a href="https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/text/SimpleDateFormat.html">SimpleDateFormat</a>.
</li>
</references>
</qhelp>