Rust: Exclude results in macro invocations.

Author: geoffw0

rust/ql/src/queries/security/CWE-825/AccessAfterLifetime.ql

@@ -39,6 +39,8 @@ where
   // flow from a pointer or reference to the dereference
   AccessAfterLifetimeFlow::flowPath(sourceNode, sinkNode) and
   // check that the dereference is outside the lifetime of the target
-  AccessAfterLifetime::dereferenceAfterLifetime(sourceNode.getNode(), sinkNode.getNode(), target)
+  AccessAfterLifetime::dereferenceAfterLifetime(sourceNode.getNode(), sinkNode.getNode(), target) and
+  // exclude sinks in macros, since these results are difficult to interpret
+  not sinkNode.getNode().asExpr().getExpr().isFromMacroExpansion()
 select sinkNode.getNode(), sourceNode, sinkNode,
   "Access of a pointer to $@ after it's lifetime has ended.", target, target.toString()

rust/ql/test/query-tests/security/CWE-825/AccessAfterLifetime.expected

@@ -22,7 +22,6 @@
 | lifetime.rs:667:14:667:17 | ref1 | lifetime.rs:655:11:655:25 | &raw const str2 | lifetime.rs:667:14:667:17 | ref1 | Access of a pointer to $@ after it's lifetime has ended. | lifetime.rs:651:7:651:10 | str2 | str2 |
 | lifetime.rs:692:13:692:14 | r1 | lifetime.rs:682:4:682:12 | &... | lifetime.rs:692:13:692:14 | r1 | Access of a pointer to $@ after it's lifetime has ended. | lifetime.rs:681:8:681:9 | v1 | v1 |
 | lifetime.rs:693:13:693:14 | r2 | lifetime.rs:686:5:686:13 | &... | lifetime.rs:693:13:693:14 | r2 | Access of a pointer to $@ after it's lifetime has ended. | lifetime.rs:685:8:685:9 | v2 | v2 |
-| lifetime.rs:725:2:725:12 | ptr | lifetime.rs:724:2:724:12 | &val | lifetime.rs:725:2:725:12 | ptr | Access of a pointer to $@ after it's lifetime has ended. | lifetime.rs:724:2:724:12 | val | val |
 | lifetime.rs:743:10:743:12 | ptr | lifetime.rs:733:9:733:12 | &val | lifetime.rs:743:10:743:12 | ptr | Access of a pointer to $@ after it's lifetime has ended. | lifetime.rs:731:6:731:8 | val | val |
 edges
 | deallocation.rs:148:6:148:7 | p1 | deallocation.rs:151:14:151:15 | p1 | provenance |  |

rust/ql/test/query-tests/security/CWE-825/lifetime.rs

@@ -721,8 +721,8 @@ macro_rules! my_macro {
 }
 
 pub fn test_macros() {
-	my_macro!(); // $ SPURIOUS: Source[rust/access-after-lifetime-ended]
-	my_macro!(); // $ SPURIOUS: Alert[rust/access-after-lifetime-ended]
+	my_macro!();
+	my_macro!();
 }
 
 // --- examples from qhelp ---