From b5bcbd303ea4e3312da9c00f4bf427c4bc56beed Mon Sep 17 00:00:00 2001
From: Geoffrey White <40627776+geoffw0@users.noreply.github.com>
Date: Wed, 6 Jan 2021 18:22:31 +0000
Subject: [PATCH] C++: Cleaner solution.

---
 cpp/ql/src/Security/CWE/CWE-089/SqlTainted.ql             | 4 +++-
 .../semmle/code/cpp/ir/dataflow/DefaultTaintTracking.qll  | 8 +++-----
 2 files changed, 6 insertions(+), 6 deletions(-)

diff --git a/cpp/ql/src/Security/CWE/CWE-089/SqlTainted.ql b/cpp/ql/src/Security/CWE/CWE-089/SqlTainted.ql
index 29db32a6b87..5ed84f45250 100644
--- a/cpp/ql/src/Security/CWE/CWE-089/SqlTainted.ql
+++ b/cpp/ql/src/Security/CWE/CWE-089/SqlTainted.ql
@@ -28,7 +28,9 @@ class Configuration extends TaintTrackingConfiguration {
     exists(SQLLikeFunction runSql | runSql.outermostWrapperFunctionCall(tainted, _))
   }
 
-  override predicate isAdditionalBarrier(Expr e) { e.getUnspecifiedType() instanceof IntegralType }
+  override predicate isBarrier(Expr e) {
+    super.isBarrier(e) or e.getUnspecifiedType() instanceof IntegralType
+  }
 }
 
 from
diff --git a/cpp/ql/src/semmle/code/cpp/ir/dataflow/DefaultTaintTracking.qll b/cpp/ql/src/semmle/code/cpp/ir/dataflow/DefaultTaintTracking.qll
index 907cb628a85..23161bc4b89 100644
--- a/cpp/ql/src/semmle/code/cpp/ir/dataflow/DefaultTaintTracking.qll
+++ b/cpp/ql/src/semmle/code/cpp/ir/dataflow/DefaultTaintTracking.qll
@@ -545,8 +545,8 @@ module TaintedWithPath {
     /** Override this to specify which elements are sinks in this configuration. */
     abstract predicate isSink(Element e);
 
-    /** Override this to specify additional barriers in this configuration. */
-    predicate isAdditionalBarrier(Expr node) { none() }
+    /** Override this to specify which expressions are barriers in this configuration. */
+    predicate isBarrier(Expr e) { nodeIsBarrier(getNodeForExpr(e)) }
 
     /**
      * Override this predicate to `any()` to allow taint to flow through global
@@ -582,10 +582,8 @@ module TaintedWithPath {
     }
 
     override predicate isBarrier(DataFlow::Node node) {
-      nodeIsBarrier(node)
-      or
       exists(TaintTrackingConfiguration cfg, Expr e |
-        cfg.isAdditionalBarrier(e) and node = getNodeForExpr(e)
+        cfg.isBarrier(e) and node = getNodeForExpr(e)
       )
     }