Skip to content

C++: Allow MaD barriers #21162

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Open
owen-mc wants to merge 1 commit into
base: main
Choose a base branch
from
Open

C++: Allow MaD barriers #21162

owen-mc wants to merge 1 commit into from
+3 −0

Conversation

@owen-mc
Copy link
Contributor

@owen-mc owen-mc commented Jan 13, 2026
edited
Loading

The first commit was done by Opus 4.5. I then rebased it after C++: Support models-as-data barriers and barrier guards was merged and deleted most of its work.

@owen-mc owen-mc added the no-change-note-required This PR does not need a change note label Jan 13, 2026
@github-actions github-actions bot added C++ and removed no-change-note-required This PR does not need a change note labels Jan 13, 2026
@owen-mc
Allow MaD barriers
656ebab 
This commit was done by Opus 4.5 with the following prompt:

In the commit 004d40e I have made it so that C# CodeQL queries which use sinks defined using data extensions (also known as "models-as-data"), which are accessed using `sinkNode(Node node, string kind)`, also use barriers defined using models-as-data, which are accessed using `barrierNode(Node node, string kind)`, with the same `kind` string. Please do the same for C++. If there are any complicated cases then list them at the end for me to do manually.
@owen-mc owen-mc added the no-change-note-required This PR does not need a change note label Jan 21, 2026
@owen-mc owen-mc marked this pull request as ready for review January 21, 2026 16:26
@owen-mc owen-mc requested a review from a team as a code owner January 21, 2026 16:26
Copilot AI review requested due to automatic review settings January 21, 2026 16:26
@owen-mc owen-mc changed the title C: Allow MaD barriers C++: Allow MaD barriers Jan 21, 2026
Copilot AI reviewed Jan 21, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR enables Models-as-Data (MaD) barriers for SQL injection detection in C/C++ code. The change allows SQL injection barriers to be defined using the extensible Models-as-Data framework, complementing the existing hardcoded barrier for integral types.

Changes:

  • Added MaD barrier support to the SQL injection query's isBarrier predicate

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@jketema
Copy link
Contributor

jketema commented Jan 21, 2026

It seems this might also need a test?

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

At least 1 approving review is required to merge this pull request.

Assignees

No one assigned

Labels

C++ no-change-note-required This PR does not need a change note

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@owen-mc @jketema