Rust: Add test for rust/access-after-lifetime-ended FP involving generic calls.

Author: geoffw0

rust/ql/test/query-tests/security/CWE-825/AccessAfterLifetime.expected

@@ -22,6 +22,7 @@
 | lifetime.rs:667:14:667:17 | ref1 | lifetime.rs:655:11:655:25 | &raw const str2 | lifetime.rs:667:14:667:17 | ref1 | Access of a pointer to $@ after its lifetime has ended. | lifetime.rs:651:7:651:10 | str2 | str2 |
 | lifetime.rs:789:12:789:13 | p1 | lifetime.rs:781:9:781:19 | &my_local10 | lifetime.rs:789:12:789:13 | p1 | Access of a pointer to $@ after its lifetime has ended. | lifetime.rs:779:6:779:15 | my_local10 | my_local10 |
 | lifetime.rs:808:23:808:25 | ptr | lifetime.rs:798:9:798:12 | &val | lifetime.rs:808:23:808:25 | ptr | Access of a pointer to $@ after its lifetime has ended. | lifetime.rs:796:6:796:8 | val | val |
+| lifetime.rs:843:12:843:14 | ptr | lifetime.rs:851:12:851:23 | &local_value | lifetime.rs:843:12:843:14 | ptr | Access of a pointer to $@ after its lifetime has ended. | lifetime.rs:850:6:850:16 | local_value | local_value |
 | main.rs:64:23:64:24 | p2 | main.rs:44:26:44:28 | &b2 | main.rs:64:23:64:24 | p2 | Access of a pointer to $@ after its lifetime has ended. | main.rs:43:13:43:14 | b2 | b2 |
 edges
 | deallocation.rs:242:6:242:7 | p1 | deallocation.rs:245:14:245:15 | p1 | provenance |  |
@@ -194,6 +195,10 @@ edges
 | lifetime.rs:798:9:798:12 | &val | lifetime.rs:798:2:798:12 | return ... | provenance |  |
 | lifetime.rs:802:6:802:8 | ptr | lifetime.rs:808:23:808:25 | ptr | provenance |  |
 | lifetime.rs:802:12:802:24 | get_pointer(...) | lifetime.rs:802:6:802:8 | ptr | provenance |  |
+| lifetime.rs:841:13:841:27 | ...: ... | lifetime.rs:843:12:843:14 | ptr | provenance |  |
+| lifetime.rs:851:6:851:8 | ptr | lifetime.rs:853:20:853:22 | ptr | provenance |  |
+| lifetime.rs:851:12:851:23 | &local_value | lifetime.rs:851:6:851:8 | ptr | provenance |  |
+| lifetime.rs:853:20:853:22 | ptr | lifetime.rs:841:13:841:27 | ...: ... | provenance |  |
 | main.rs:18:9:18:10 | p1 [&ref] | main.rs:21:19:21:20 | p1 | provenance |  |
 | main.rs:18:9:18:10 | p1 [&ref] | main.rs:29:19:29:20 | p1 | provenance |  |
 | main.rs:18:14:18:29 | ...::as_ptr(...) [&ref] | main.rs:18:9:18:10 | p1 [&ref] | provenance |  |
@@ -409,6 +414,11 @@ nodes
 | lifetime.rs:802:6:802:8 | ptr | semmle.label | ptr |
 | lifetime.rs:802:12:802:24 | get_pointer(...) | semmle.label | get_pointer(...) |
 | lifetime.rs:808:23:808:25 | ptr | semmle.label | ptr |
+| lifetime.rs:841:13:841:27 | ...: ... | semmle.label | ...: ... |
+| lifetime.rs:843:12:843:14 | ptr | semmle.label | ptr |
+| lifetime.rs:851:6:851:8 | ptr | semmle.label | ptr |
+| lifetime.rs:851:12:851:23 | &local_value | semmle.label | &local_value |
+| lifetime.rs:853:20:853:22 | ptr | semmle.label | ptr |
 | main.rs:18:9:18:10 | p1 [&ref] | semmle.label | p1 [&ref] |
 | main.rs:18:14:18:29 | ...::as_ptr(...) [&ref] | semmle.label | ...::as_ptr(...) [&ref] |
 | main.rs:18:26:18:28 | &b1 | semmle.label | &b1 |

rust/ql/test/query-tests/security/CWE-825/lifetime.rs

@@ -827,3 +827,33 @@ pub fn test_lifetimes_example_good() {
 
 	println!("	val = {dereferenced_ptr}");
 }
+
+// --- generic calls ---
+
+trait Processor {
+	fn process(ptr: *const i64) -> i64;
+}
+
+struct MyProcessor {
+}
+
+impl Processor for MyProcessor {
+	fn process(ptr: *const i64) -> i64 {
+		unsafe {
+			return *ptr; // $ SPURIOUS: Alert[rust/access-after-lifetime-ended]=local_value
+		}
+	}
+}
+
+fn generic_caller<T: Processor>() -> i64
+{
+	let local_value: i64 = 10;
+	let ptr = &local_value as *const i64; // $ Source[rust/access-after-lifetime-ended]=local_value
+
+	return T::process(ptr);
+}
+
+pub fn test_generic() {
+	let result = generic_caller::<MyProcessor>();
+	println!("	result = {result}");
+}

rust/ql/test/query-tests/security/CWE-825/main.rs

@@ -209,4 +209,7 @@ fn main() {
 
     println!("test_lifetimes_example_good:");
     test_lifetimes_example_good();
+
+    println!("test_generic:");
+    test_generic();
 }