Skip to content

C++: Simplify cpp/sql-injection barrier #21209

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
jketema merged 1 commit into from
Jan 23, 2026
Merged

C++: Simplify cpp/sql-injection barrier #21209

jketema merged 1 commit into from
Jan 23, 2026
+1 −3

Conversation

@jketema
Copy link
Contributor

@jketema jketema commented Jan 23, 2026

SQL sanitizers will not likely also be sources, so using isBarrierIn here does not make a lot of sense.

I ran with and without this change on MRVA and got identical results.

@jketema
C++: Simplify cpp/sql-injection barrier
ccd07b8 
SQL sanitizers will not likely also be sources, so using `isBarrierIn` here
does not make a lot of sense.

I ran with and without this change on MRVA and got identical results.
@jketema jketema requested a review from a team as a code owner January 23, 2026 08:07
Copilot AI review requested due to automatic review settings January 23, 2026 08:07
@github-actions github-actions bot added the C++ label Jan 23, 2026
@jketema jketema added the no-change-note-required This PR does not need a change note label Jan 23, 2026
Copilot AI reviewed Jan 23, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR simplifies the SQL injection detection query by consolidating barrier predicates. The change removes the isBarrierIn predicate and merges its logic into the isBarrier predicate, based on the reasoning that SQL sanitizer inputs are unlikely to be data flow sources.

Changes:

  • Merged isBarrierIn barrier logic into isBarrier predicate in the SQL injection taint tracking configuration
  • Changed the disjunction syntax from separate predicate to using or operator

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

geoffw0
geoffw0 approved these changes Jan 23, 2026
View reviewed changes
Copy link
Contributor

@geoffw0 geoffw0 left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Sure.

@jketema
Copy link
Contributor Author

jketema commented Jan 23, 2026

DCA looks clean. Merging.

@jketema jketema merged commit 075041f into github:main Jan 23, 2026
25 of 26 checks passed
@jketema jketema deleted the jketema/sql branch January 23, 2026 12:33
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@geoffw0 geoffw0 geoffw0 approved these changes

Assignees

No one assigned

Labels

C++ no-change-note-required This PR does not need a change note

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@jketema @geoffw0