From ccd07b8a6395836d4e15deeb55daef36c8f8b0ed Mon Sep 17 00:00:00 2001
From: Jeroen Ketema <jketema@github.com>
Date: Fri, 23 Jan 2026 09:03:48 +0100
Subject: [PATCH] C++: Simplify `cpp/sql-injection` barrier

SQL sanitizers will not likely also be sources, so using `isBarrierIn` here
does not make a lot of sense.

I ran with and without this change on MRVA and got identical results.
---
 cpp/ql/src/Security/CWE/CWE-089/SqlTainted.ql | 4 +---
 1 file changed, 1 insertion(+), 3 deletions(-)

diff --git a/cpp/ql/src/Security/CWE/CWE-089/SqlTainted.ql b/cpp/ql/src/Security/CWE/CWE-089/SqlTainted.ql
index 5d08afbe304a..8ce1f543c0f0 100644
--- a/cpp/ql/src/Security/CWE/CWE-089/SqlTainted.ql
+++ b/cpp/ql/src/Security/CWE/CWE-089/SqlTainted.ql
@@ -45,9 +45,7 @@ module SqlTaintedConfig implements DataFlow::ConfigSig {
 
   predicate isBarrier(DataFlow::Node node) {
     node.asExpr().getUnspecifiedType() instanceof IntegralType
-  }
-
-  predicate isBarrierIn(DataFlow::Node node) {
+    or
     exists(SqlBarrierFunction sql, int arg, FunctionInput input |
       node.asIndirectArgument() = sql.getACallToThisFunction().getArgument(arg) and
       input.isParameterDeref(arg) and