From 93c656065d20428fffe43d7c79850f5dca41fa4e Mon Sep 17 00:00:00 2001
From: Owen Mansel-Chan <owen-mc@github.com>
Date: Mon, 16 Mar 2026 22:16:01 +0000
Subject: [PATCH] Add test for MaD barriers

---
 .../dataflow/barrier/inline-flow.expected     | 21 -------------------
 .../dataflow/barrier/inline-flow.ext.yml      |  6 ++++++
 .../dataflow/barrier/inline-flow.ql           | 13 +++++++++++-
 .../library-tests/dataflow/barrier/main.rs    |  2 +-
 4 files changed, 19 insertions(+), 23 deletions(-)
 create mode 100644 rust/ql/test/library-tests/dataflow/barrier/inline-flow.ext.yml

diff --git a/rust/ql/test/library-tests/dataflow/barrier/inline-flow.expected b/rust/ql/test/library-tests/dataflow/barrier/inline-flow.expected
index 68da00c4312..0514da67333 100644
--- a/rust/ql/test/library-tests/dataflow/barrier/inline-flow.expected
+++ b/rust/ql/test/library-tests/dataflow/barrier/inline-flow.expected
@@ -1,41 +1,20 @@
 models
 edges
-| main.rs:9:13:9:19 | ...: ... | main.rs:10:11:10:11 | s | provenance |  |
-| main.rs:10:11:10:11 | s | main.rs:12:9:12:9 | s | provenance |  |
-| main.rs:12:9:12:9 | s | main.rs:9:30:14:1 | { ... } | provenance |  |
 | main.rs:21:9:21:9 | s | main.rs:22:10:22:10 | s | provenance |  |
 | main.rs:21:13:21:21 | source(...) | main.rs:21:9:21:9 | s | provenance |  |
-| main.rs:26:9:26:9 | s | main.rs:27:22:27:22 | s | provenance |  |
-| main.rs:26:13:26:21 | source(...) | main.rs:26:9:26:9 | s | provenance |  |
-| main.rs:27:9:27:9 | s | main.rs:28:10:28:10 | s | provenance |  |
-| main.rs:27:13:27:23 | sanitize(...) | main.rs:27:9:27:9 | s | provenance |  |
-| main.rs:27:22:27:22 | s | main.rs:9:13:9:19 | ...: ... | provenance |  |
-| main.rs:27:22:27:22 | s | main.rs:27:13:27:23 | sanitize(...) | provenance |  |
 | main.rs:32:9:32:9 | s | main.rs:33:10:33:10 | s | provenance |  |
 | main.rs:32:13:32:21 | source(...) | main.rs:32:9:32:9 | s | provenance |  |
 nodes
-| main.rs:9:13:9:19 | ...: ... | semmle.label | ...: ... |
-| main.rs:9:30:14:1 | { ... } | semmle.label | { ... } |
-| main.rs:10:11:10:11 | s | semmle.label | s |
-| main.rs:12:9:12:9 | s | semmle.label | s |
 | main.rs:17:10:17:18 | source(...) | semmle.label | source(...) |
 | main.rs:21:9:21:9 | s | semmle.label | s |
 | main.rs:21:13:21:21 | source(...) | semmle.label | source(...) |
 | main.rs:22:10:22:10 | s | semmle.label | s |
-| main.rs:26:9:26:9 | s | semmle.label | s |
-| main.rs:26:13:26:21 | source(...) | semmle.label | source(...) |
-| main.rs:27:9:27:9 | s | semmle.label | s |
-| main.rs:27:13:27:23 | sanitize(...) | semmle.label | sanitize(...) |
-| main.rs:27:22:27:22 | s | semmle.label | s |
-| main.rs:28:10:28:10 | s | semmle.label | s |
 | main.rs:32:9:32:9 | s | semmle.label | s |
 | main.rs:32:13:32:21 | source(...) | semmle.label | source(...) |
 | main.rs:33:10:33:10 | s | semmle.label | s |
 subpaths
-| main.rs:27:22:27:22 | s | main.rs:9:13:9:19 | ...: ... | main.rs:9:30:14:1 | { ... } | main.rs:27:13:27:23 | sanitize(...) |
 testFailures
 #select
 | main.rs:17:10:17:18 | source(...) | main.rs:17:10:17:18 | source(...) | main.rs:17:10:17:18 | source(...) | $@ | main.rs:17:10:17:18 | source(...) | source(...) |
 | main.rs:22:10:22:10 | s | main.rs:21:13:21:21 | source(...) | main.rs:22:10:22:10 | s | $@ | main.rs:21:13:21:21 | source(...) | source(...) |
-| main.rs:28:10:28:10 | s | main.rs:26:13:26:21 | source(...) | main.rs:28:10:28:10 | s | $@ | main.rs:26:13:26:21 | source(...) | source(...) |
 | main.rs:33:10:33:10 | s | main.rs:32:13:32:21 | source(...) | main.rs:33:10:33:10 | s | $@ | main.rs:32:13:32:21 | source(...) | source(...) |
diff --git a/rust/ql/test/library-tests/dataflow/barrier/inline-flow.ext.yml b/rust/ql/test/library-tests/dataflow/barrier/inline-flow.ext.yml
new file mode 100644
index 00000000000..98c62dd0758
--- /dev/null
+++ b/rust/ql/test/library-tests/dataflow/barrier/inline-flow.ext.yml
@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: codeql/rust-all
+      extensible: barrierModel
+    data:
+      - ["main::sanitize", "ReturnValue", "test-barrier", "manual"]
diff --git a/rust/ql/test/library-tests/dataflow/barrier/inline-flow.ql b/rust/ql/test/library-tests/dataflow/barrier/inline-flow.ql
index 5dcb7ee70a9..7cc30bf6350 100644
--- a/rust/ql/test/library-tests/dataflow/barrier/inline-flow.ql
+++ b/rust/ql/test/library-tests/dataflow/barrier/inline-flow.ql
@@ -3,8 +3,19 @@
  */
 
 import rust
+import codeql.rust.dataflow.DataFlow
+import codeql.rust.dataflow.FlowBarrier
 import utils.test.InlineFlowTest
-import DefaultFlowTest
+
+module CustomConfig implements DataFlow::ConfigSig {
+  predicate isSource = DefaultFlowConfig::isSource/1;
+
+  predicate isSink = DefaultFlowConfig::isSink/1;
+
+  predicate isBarrier(DataFlow::Node n) { barrierNode(n, "test-barrier") }
+}
+
+import FlowTest<CustomConfig, CustomConfig>
 import TaintFlow::PathGraph
 
 from TaintFlow::PathNode source, TaintFlow::PathNode sink
diff --git a/rust/ql/test/library-tests/dataflow/barrier/main.rs b/rust/ql/test/library-tests/dataflow/barrier/main.rs
index 14935f0f328..0791c56f240 100644
--- a/rust/ql/test/library-tests/dataflow/barrier/main.rs
+++ b/rust/ql/test/library-tests/dataflow/barrier/main.rs
@@ -25,7 +25,7 @@ fn through_variable() {
 fn with_barrier() {
     let s = source(1);
     let s = sanitize(s);
-    sink(s); // $ SPURIOUS: hasValueFlow=1
+    sink(s);
 }
 
 fn main() {