From 1a5246d0b80de60ed19b69540469d1a104ddc4a9 Mon Sep 17 00:00:00 2001
From: Eric StJohn <ericstj@microsoft.com>
Date: Wed, 28 Feb 2024 14:58:51 -0800
Subject: [PATCH 1/2] Adding suppressions for
 cs/leap-year/unsafe-date-construction-from-two-elements

---
 .../src/System/Management/ManagementDateTime.cs                 | 2 +-
 src/libraries/System.Private.CoreLib/src/System/DateTime.cs     | 1 +
 .../src/System/Globalization/GregorianCalendarHelper.cs         | 1 +
 .../System.Private.Xml/src/System/Xml/Schema/XsdDateTime.cs     | 1 +
 4 files changed, 4 insertions(+), 1 deletion(-)

diff --git a/src/libraries/System.Management/src/System/Management/ManagementDateTime.cs b/src/libraries/System.Management/src/System/Management/ManagementDateTime.cs
index 34860c2ff7e2bb..41c0165d573b12 100644
--- a/src/libraries/System.Management/src/System/Management/ManagementDateTime.cs
+++ b/src/libraries/System.Management/src/System/Management/ManagementDateTime.cs
@@ -193,7 +193,7 @@ public static DateTime ToDateTime(string dmtfDate)
                 throw new ArgumentOutOfRangeException(nameof(dmtfDate));
             }
 
-
+            // codeql[cs/leap-year/unsafe-date-construction-from-two-elements] - DateTime not constructed from multiple elements - it's parsed from a string.
             var datetime = new DateTime(year, month, day, hour, minute, second, 0, DateTimeKind.Local);
             // Then add the ticks calculated from the microseconds
             datetime = datetime.AddTicks(ticks);
diff --git a/src/libraries/System.Private.CoreLib/src/System/DateTime.cs b/src/libraries/System.Private.CoreLib/src/System/DateTime.cs
index efcf7155c0f1cb..fad29e2853e5f4 100644
--- a/src/libraries/System.Private.CoreLib/src/System/DateTime.cs
+++ b/src/libraries/System.Private.CoreLib/src/System/DateTime.cs
@@ -332,6 +332,7 @@ public DateTime(int year, int month, int day, int hour, int minute, int second)
             else
             {
                 // if we have a leap second, then we adjust it to 59 so that DateTime will consider it the last in the specified minute.
+                // codeql[cs/leap-year/unsafe-date-construction-from-two-elements] - DateTime is constructed using the user specifed values, not a combination of different sources.
                 this = new DateTime(year, month, day, hour, minute, 59);
                 ValidateLeapSecond();
             }
diff --git a/src/libraries/System.Private.CoreLib/src/System/Globalization/GregorianCalendarHelper.cs b/src/libraries/System.Private.CoreLib/src/System/Globalization/GregorianCalendarHelper.cs
index b100b633e9ac06..64ebcdf5b8ad1a 100644
--- a/src/libraries/System.Private.CoreLib/src/System/Globalization/GregorianCalendarHelper.cs
+++ b/src/libraries/System.Private.CoreLib/src/System/Globalization/GregorianCalendarHelper.cs
@@ -35,6 +35,7 @@ internal EraInfo(int era, int startYear, int startMonth, int startDay, int yearO
             this.yearOffset = yearOffset;
             this.minEraYear = minEraYear;
             this.maxEraYear = maxEraYear;
+            // codeql[cs/leap-year/unsafe-date-construction-from-two-elements] - DateTime is constructed using the user specifed values, not a combination of different sources.
             this.ticks = new DateTime(startYear, startMonth, startDay).Ticks;
             this.eraName = eraName;
             this.abbrevEraName = abbrevEraName;
diff --git a/src/libraries/System.Private.Xml/src/System/Xml/Schema/XsdDateTime.cs b/src/libraries/System.Private.Xml/src/System/Xml/Schema/XsdDateTime.cs
index 10b78d608233ee..d9a533bb12788a 100644
--- a/src/libraries/System.Private.Xml/src/System/Xml/Schema/XsdDateTime.cs
+++ b/src/libraries/System.Private.Xml/src/System/Xml/Schema/XsdDateTime.cs
@@ -396,6 +396,7 @@ public static implicit operator DateTime(XsdDateTime xdt)
             {
                 case DateTimeTypeCode.GMonth:
                 case DateTimeTypeCode.GDay:
+                    // codeql[cs/leap-year/unsafe-date-construction-from-two-elements] - DateTime not constructed from multiple elements - it's converted from an XsdDateTime.
                     result = new DateTime(DateTime.Now.Year, xdt.Month, xdt.Day);
                     break;
                 case DateTimeTypeCode.Time:

From 35ee506f5cfd78253625fa31f1201cd1fbb40f00 Mon Sep 17 00:00:00 2001
From: Eric StJohn <ericstj@microsoft.com>
Date: Wed, 28 Feb 2024 15:22:40 -0800
Subject: [PATCH 2/2] Apply suggestions from code review

Co-authored-by: Tarek Mahmoud Sayed <tarekms@microsoft.com>
---
 .../src/System/Management/ManagementDateTime.cs                 | 2 +-
 src/libraries/System.Private.CoreLib/src/System/DateTime.cs     | 2 +-
 .../src/System/Globalization/GregorianCalendarHelper.cs         | 2 +-
 .../System.Private.Xml/src/System/Xml/Schema/XsdDateTime.cs     | 2 +-
 4 files changed, 4 insertions(+), 4 deletions(-)

diff --git a/src/libraries/System.Management/src/System/Management/ManagementDateTime.cs b/src/libraries/System.Management/src/System/Management/ManagementDateTime.cs
index 41c0165d573b12..2ba36e619f186b 100644
--- a/src/libraries/System.Management/src/System/Management/ManagementDateTime.cs
+++ b/src/libraries/System.Management/src/System/Management/ManagementDateTime.cs
@@ -193,7 +193,7 @@ public static DateTime ToDateTime(string dmtfDate)
                 throw new ArgumentOutOfRangeException(nameof(dmtfDate));
             }
 
-            // codeql[cs/leap-year/unsafe-date-construction-from-two-elements] - DateTime not constructed from multiple elements - it's parsed from a string.
+            // codeql[cs/leap-year/unsafe-date-construction-from-two-elements] - DateTime not constructed from multiple elements - it's parsed from a string with defaults that are stable DateTime.MinValue.  It would be intentional to throw if an invalid combination occurred.
             var datetime = new DateTime(year, month, day, hour, minute, second, 0, DateTimeKind.Local);
             // Then add the ticks calculated from the microseconds
             datetime = datetime.AddTicks(ticks);
diff --git a/src/libraries/System.Private.CoreLib/src/System/DateTime.cs b/src/libraries/System.Private.CoreLib/src/System/DateTime.cs
index fad29e2853e5f4..3eeaaabbd358a4 100644
--- a/src/libraries/System.Private.CoreLib/src/System/DateTime.cs
+++ b/src/libraries/System.Private.CoreLib/src/System/DateTime.cs
@@ -332,7 +332,7 @@ public DateTime(int year, int month, int day, int hour, int minute, int second)
             else
             {
                 // if we have a leap second, then we adjust it to 59 so that DateTime will consider it the last in the specified minute.
-                // codeql[cs/leap-year/unsafe-date-construction-from-two-elements] - DateTime is constructed using the user specifed values, not a combination of different sources.
+                // codeql[cs/leap-year/unsafe-date-construction-from-two-elements] - DateTime is constructed using the user specified values, not a combination of different sources.  It would be intentional to throw if an invalid combination occurred.
                 this = new DateTime(year, month, day, hour, minute, 59);
                 ValidateLeapSecond();
             }
diff --git a/src/libraries/System.Private.CoreLib/src/System/Globalization/GregorianCalendarHelper.cs b/src/libraries/System.Private.CoreLib/src/System/Globalization/GregorianCalendarHelper.cs
index 64ebcdf5b8ad1a..04298c12e7f6f7 100644
--- a/src/libraries/System.Private.CoreLib/src/System/Globalization/GregorianCalendarHelper.cs
+++ b/src/libraries/System.Private.CoreLib/src/System/Globalization/GregorianCalendarHelper.cs
@@ -35,7 +35,7 @@ internal EraInfo(int era, int startYear, int startMonth, int startDay, int yearO
             this.yearOffset = yearOffset;
             this.minEraYear = minEraYear;
             this.maxEraYear = maxEraYear;
-            // codeql[cs/leap-year/unsafe-date-construction-from-two-elements] - DateTime is constructed using the user specifed values, not a combination of different sources.
+            // codeql[cs/leap-year/unsafe-date-construction-from-two-elements] - A DateTime object is created using values obtained from the machine configuration.
             this.ticks = new DateTime(startYear, startMonth, startDay).Ticks;
             this.eraName = eraName;
             this.abbrevEraName = abbrevEraName;
diff --git a/src/libraries/System.Private.Xml/src/System/Xml/Schema/XsdDateTime.cs b/src/libraries/System.Private.Xml/src/System/Xml/Schema/XsdDateTime.cs
index d9a533bb12788a..7e75cc55afada2 100644
--- a/src/libraries/System.Private.Xml/src/System/Xml/Schema/XsdDateTime.cs
+++ b/src/libraries/System.Private.Xml/src/System/Xml/Schema/XsdDateTime.cs
@@ -396,7 +396,7 @@ public static implicit operator DateTime(XsdDateTime xdt)
             {
                 case DateTimeTypeCode.GMonth:
                 case DateTimeTypeCode.GDay:
-                    // codeql[cs/leap-year/unsafe-date-construction-from-two-elements] - DateTime not constructed from multiple elements - it's converted from an XsdDateTime.
+                    // codeql[cs/leap-year/unsafe-date-construction-from-two-elements] - The XML specification does not explicitly define this behavior for parsing in a non-leap year. We intentionally throw here. Altering this behavior to be more resilient, producing dates like 2/28 or 3/1, could introduce unintended consequences and may not be desirable for user.
                     result = new DateTime(DateTime.Now.Year, xdt.Month, xdt.Day);
                     break;
                 case DateTimeTypeCode.Time: