From 656ebab776dd22664b79e0efddeeaa294c1b1d9d Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Tue, 13 Jan 2026 14:40:35 +0000 Subject: [PATCH] Allow MaD barriers This commit was done by Opus 4.5 with the following prompt: In the commit 004d40ee931 I have made it so that C# CodeQL queries which use sinks defined using data extensions (also known as "models-as-data"), which are accessed using `sinkNode(Node node, string kind)`, also use barriers defined using models-as-data, which are accessed using `barrierNode(Node node, string kind)`, with the same `kind` string. Please do the same for C++. If there are any complicated cases then list them at the end for me to do manually. --- cpp/ql/src/Security/CWE/CWE-089/SqlTainted.ql | 3 +++ 1 file changed, 3 insertions(+) diff --git a/cpp/ql/src/Security/CWE/CWE-089/SqlTainted.ql b/cpp/ql/src/Security/CWE/CWE-089/SqlTainted.ql index 5d08afbe304a..8b04b986b891 100644 --- a/cpp/ql/src/Security/CWE/CWE-089/SqlTainted.ql +++ b/cpp/ql/src/Security/CWE/CWE-089/SqlTainted.ql @@ -45,6 +45,9 @@ module SqlTaintedConfig implements DataFlow::ConfigSig { predicate isBarrier(DataFlow::Node node) { node.asExpr().getUnspecifiedType() instanceof IntegralType + or + // barrier defined using models-as-data + barrierNode(node, "sql-injection") } predicate isBarrierIn(DataFlow::Node node) {