CPP: Fix false positives when member variable is released via capture inside lambda expression.

Author: geoffw0

cpp/ql/src/jsf/4.10 Classes/AV Rule 79.ql

@@ -184,7 +184,9 @@ predicate freedInSameMethod(Resource r, Expr acquire) {
   exists(Expr releaseExpr, string kind |
     r.acquisitionWithRequiredKind(acquire, kind) and
     releaseExpr = r.getAReleaseExpr(kind) and
-    releaseExpr.getEnclosingFunction() = acquire.getEnclosingFunction()
+    releaseExpr.getEnclosingFunction().getEnclosingAccessHolder*() = acquire.getEnclosingFunction()
+    	// here, `getEnclosingAccessHolder*` allows us to go from a nested function or lambda
+    	// expression to the class method enclosing it.
   )
 }
 

cpp/ql/test/query-tests/jsf/4.10 Classes/AV Rule 79/AV Rule 79.expected

@@ -11,7 +11,6 @@
 | DeleteThis.cpp:127:3:127:20 | ... = ... | Resource d is acquired by class MyClass9 but not released anywhere in this class. |
 | ExternalOwners.cpp:49:3:49:20 | ... = ... | Resource a is acquired by class MyScreen but not released anywhere in this class. |
 | Lambda.cpp:7:3:7:21 | ... = ... | Resource r1 is acquired by class testLambda but not released anywhere in this class. |
-| Lambda.cpp:12:3:12:21 | ... = ... | Resource r2 is acquired by class testLambda but not released anywhere in this class. |
 | Lambda.cpp:24:3:24:21 | ... = ... | Resource r4 is acquired by class testLambda but not released anywhere in this class. |
 | Lambda.cpp:26:3:26:21 | ... = ... | Resource r5 is acquired by class testLambda but not released anywhere in this class. |
 | Lambda.cpp:29:3:29:21 | ... = ... | Resource r6 is acquired by class testLambda but not released in the destructor. It is released from deleter_for_r6 on line 40, so this function may need to be called from the destructor. |

cpp/ql/test/query-tests/jsf/4.10 Classes/AV Rule 79/Lambda.cpp

@@ -9,7 +9,7 @@ class testLambda
 			delete [] r;
 		};
 
-		r2 = new char[4096]; // GOOD [FALSE POSITIVE]
+		r2 = new char[4096]; // GOOD
 		auto deleter2 = [this]() {
 			delete [] r2;
 		};