Rust: Add test showing yet another spurious result.

Author: geoffw0

rust/ql/test/query-tests/security/CWE-825/AccessAfterLifetime.expected

@@ -20,7 +20,8 @@
 | lifetime.rs:659:15:659:18 | ref1 | lifetime.rs:654:31:654:35 | &str1 | lifetime.rs:659:15:659:18 | ref1 | Access of a pointer to $@ after it's lifetime has ended. | lifetime.rs:653:8:653:11 | str1 | str1 |
 | lifetime.rs:667:14:667:17 | ref1 | lifetime.rs:654:31:654:35 | &str1 | lifetime.rs:667:14:667:17 | ref1 | Access of a pointer to $@ after it's lifetime has ended. | lifetime.rs:653:8:653:11 | str1 | str1 |
 | lifetime.rs:667:14:667:17 | ref1 | lifetime.rs:655:11:655:25 | &raw const str2 | lifetime.rs:667:14:667:17 | ref1 | Access of a pointer to $@ after it's lifetime has ended. | lifetime.rs:651:7:651:10 | str2 | str2 |
-| lifetime.rs:743:10:743:12 | ptr | lifetime.rs:733:9:733:12 | &val | lifetime.rs:743:10:743:12 | ptr | Access of a pointer to $@ after it's lifetime has ended. | lifetime.rs:731:6:731:8 | val | val |
+| lifetime.rs:734:12:734:13 | r1 | lifetime.rs:719:26:719:34 | &... | lifetime.rs:734:12:734:13 | r1 | Access of a pointer to $@ after it's lifetime has ended. | lifetime.rs:719:19:719:20 | v2 | v2 |
+| lifetime.rs:775:10:775:12 | ptr | lifetime.rs:765:9:765:12 | &val | lifetime.rs:775:10:775:12 | ptr | Access of a pointer to $@ after it's lifetime has ended. | lifetime.rs:763:6:763:8 | val | val |
 edges
 | deallocation.rs:148:6:148:7 | p1 | deallocation.rs:151:14:151:15 | p1 | provenance |  |
 | deallocation.rs:148:6:148:7 | p1 | deallocation.rs:158:14:158:15 | p1 | provenance |  |
@@ -183,12 +184,17 @@ edges
 | lifetime.rs:686:4:687:16 | TupleExpr [tuple.1] | lifetime.rs:684:7:684:14 | TuplePat [tuple.1] | provenance |  |
 | lifetime.rs:686:5:686:13 | &... | lifetime.rs:686:4:687:16 | TupleExpr [tuple.0] | provenance |  |
 | lifetime.rs:687:5:687:15 | &... | lifetime.rs:686:4:687:16 | TupleExpr [tuple.1] | provenance |  |
-| lifetime.rs:724:2:724:12 | &val | lifetime.rs:724:2:724:12 | ptr | provenance |  |
-| lifetime.rs:724:2:724:12 | ptr | lifetime.rs:725:2:725:12 | ptr | provenance |  |
-| lifetime.rs:733:2:733:12 | return ... | lifetime.rs:737:12:737:24 | get_pointer(...) | provenance |  |
-| lifetime.rs:733:9:733:12 | &val | lifetime.rs:733:2:733:12 | return ... | provenance |  |
-| lifetime.rs:737:6:737:8 | ptr | lifetime.rs:743:10:743:12 | ptr | provenance |  |
-| lifetime.rs:737:12:737:24 | get_pointer(...) | lifetime.rs:737:6:737:8 | ptr | provenance |  |
+| lifetime.rs:717:35:723:2 | { ... } | lifetime.rs:730:11:730:25 | e1.test_match() | provenance |  |
+| lifetime.rs:718:7:718:8 | r1 | lifetime.rs:717:35:723:2 | { ... } | provenance |  |
+| lifetime.rs:719:26:719:34 | &... | lifetime.rs:718:7:718:8 | r1 | provenance |  |
+| lifetime.rs:730:6:730:7 | r1 | lifetime.rs:734:12:734:13 | r1 | provenance |  |
+| lifetime.rs:730:11:730:25 | e1.test_match() | lifetime.rs:730:6:730:7 | r1 | provenance |  |
+| lifetime.rs:756:2:756:12 | &val | lifetime.rs:756:2:756:12 | ptr | provenance |  |
+| lifetime.rs:756:2:756:12 | ptr | lifetime.rs:757:2:757:12 | ptr | provenance |  |
+| lifetime.rs:765:2:765:12 | return ... | lifetime.rs:769:12:769:24 | get_pointer(...) | provenance |  |
+| lifetime.rs:765:9:765:12 | &val | lifetime.rs:765:2:765:12 | return ... | provenance |  |
+| lifetime.rs:769:6:769:8 | ptr | lifetime.rs:775:10:775:12 | ptr | provenance |  |
+| lifetime.rs:769:12:769:24 | get_pointer(...) | lifetime.rs:769:6:769:8 | ptr | provenance |  |
 models
 | 1 | Summary: lang:core; crate::ptr::from_ref; Argument[0]; ReturnValue; value |
 nodes
@@ -382,12 +388,18 @@ nodes
 | lifetime.rs:692:13:692:14 | r1 | semmle.label | r1 |
 | lifetime.rs:693:13:693:14 | r2 | semmle.label | r2 |
 | lifetime.rs:694:13:694:14 | r3 | semmle.label | r3 |
-| lifetime.rs:724:2:724:12 | &val | semmle.label | &val |
-| lifetime.rs:724:2:724:12 | ptr | semmle.label | ptr |
-| lifetime.rs:725:2:725:12 | ptr | semmle.label | ptr |
-| lifetime.rs:733:2:733:12 | return ... | semmle.label | return ... |
-| lifetime.rs:733:9:733:12 | &val | semmle.label | &val |
-| lifetime.rs:737:6:737:8 | ptr | semmle.label | ptr |
-| lifetime.rs:737:12:737:24 | get_pointer(...) | semmle.label | get_pointer(...) |
-| lifetime.rs:743:10:743:12 | ptr | semmle.label | ptr |
+| lifetime.rs:717:35:723:2 | { ... } | semmle.label | { ... } |
+| lifetime.rs:718:7:718:8 | r1 | semmle.label | r1 |
+| lifetime.rs:719:26:719:34 | &... | semmle.label | &... |
+| lifetime.rs:730:6:730:7 | r1 | semmle.label | r1 |
+| lifetime.rs:730:11:730:25 | e1.test_match() | semmle.label | e1.test_match() |
+| lifetime.rs:734:12:734:13 | r1 | semmle.label | r1 |
+| lifetime.rs:756:2:756:12 | &val | semmle.label | &val |
+| lifetime.rs:756:2:756:12 | ptr | semmle.label | ptr |
+| lifetime.rs:757:2:757:12 | ptr | semmle.label | ptr |
+| lifetime.rs:765:2:765:12 | return ... | semmle.label | return ... |
+| lifetime.rs:765:9:765:12 | &val | semmle.label | &val |
+| lifetime.rs:769:6:769:8 | ptr | semmle.label | ptr |
+| lifetime.rs:769:12:769:24 | get_pointer(...) | semmle.label | get_pointer(...) |
+| lifetime.rs:775:10:775:12 | ptr | semmle.label | ptr |
 subpaths

rust/ql/test/query-tests/security/CWE-825/lifetime.rs

@@ -703,6 +703,38 @@ pub fn test_members() {
 	mt.test();
 }
 
+// --- enum members ---
+
+struct MyValue2 {
+	value: i64
+}
+
+enum MyEnum3 {
+	Value(MyValue2),
+}
+
+impl MyEnum3 {
+	pub fn test_match(&self) -> &i64 {
+		let r1 = match self {
+			MyEnum3::Value(v2) => &v2.value, // $ SPURIOUS: Source[rust/access-after-lifetime-ended]=v2_value
+		};
+
+		r1
+	}
+}
+
+pub fn test_enum_members() {
+	let v1 = MyValue2 { value: 1 };
+	let e1 = MyEnum3::Value(v1);
+
+	let r1 = e1.test_match();
+
+	use_the_stack();
+
+	let v3 = *r1; // $ SPURIOUS: Alert[rust/access-after-lifetime-ended]=v2_value
+	println!("	v3 = {v3}");
+}
+
 // --- macros ---
 
 macro_rules! my_macro {

rust/ql/test/query-tests/security/CWE-825/main.rs

@@ -184,6 +184,9 @@ fn main() {
 	println!("test_members:");
 	test_members();
 
+	println!("test_enum_members:");
+	test_enum_members();
+
 	println!("test_macros:");
 	test_macros();