C++: Cleaner solution.

cpp/ql/src/Security/CWE/CWE-089/SqlTainted.ql

@@ -28,7 +28,9 @@ class Configuration extends TaintTrackingConfiguration {
     exists(SQLLikeFunction runSql | runSql.outermostWrapperFunctionCall(tainted, _))
   }
 
-  override predicate isAdditionalBarrier(Expr e) { e.getUnspecifiedType() instanceof IntegralType }
+  override predicate isBarrier(Expr e) {
+    super.isBarrier(e) or e.getUnspecifiedType() instanceof IntegralType
+  }
 }
 
 from

cpp/ql/src/semmle/code/cpp/ir/dataflow/DefaultTaintTracking.qll

@@ -545,8 +545,8 @@ module TaintedWithPath {
     /** Override this to specify which elements are sinks in this configuration. */
     abstract predicate isSink(Element e);
 
-    /** Override this to specify additional barriers in this configuration. */
-    predicate isAdditionalBarrier(Expr node) { none() }
+    /** Override this to specify which expressions are barriers in this configuration. */
+    predicate isBarrier(Expr e) { nodeIsBarrier(getNodeForExpr(e)) }
 
     /**
      * Override this predicate to `any()` to allow taint to flow through global
@@ -582,10 +582,8 @@ module TaintedWithPath {
     }
 
     override predicate isBarrier(DataFlow::Node node) {
-      nodeIsBarrier(node)
-      or
       exists(TaintTrackingConfiguration cfg, Expr e |
-        cfg.isAdditionalBarrier(e) and node = getNodeForExpr(e)
+        cfg.isBarrier(e) and node = getNodeForExpr(e)
       )
     }