Skip to content

C#: Add support for MaD barriers and barrier guards. #21132

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom
Merged
aschackmull merged 2 commits into from
Jan 13, 2026
Merged

C#: Add support for MaD barriers and barrier guards. #21132

aschackmull merged 2 commits into from
Jan 13, 2026

Conversation

@aschackmull
Copy link
Contributor

@aschackmull aschackmull commented Jan 9, 2026

What the title says. This adds the basic plumbing, but doesn't update any queries yet.

@github-actions github-actions bot added the C# label Jan 9, 2026
owen-mc
owen-mc reviewed Jan 9, 2026
View reviewed changes
@owen-mc owen-mc mentioned this pull request Jan 9, 2026
Merged
@aschackmull @owen-mc
Update csharp/ql/lib/semmle/code/csharp/dataflow/internal/ExternalFlo…
1151fc3 
…w.qll

Co-authored-by: Owen Mansel-Chan <62447351+owen-mc@users.noreply.github.com>
@aschackmull aschackmull marked this pull request as ready for review January 13, 2026 08:15
@aschackmull aschackmull requested a review from a team as a code owner January 13, 2026 08:15
Copilot AI review requested due to automatic review settings January 13, 2026 08:15
Copilot AI reviewed Jan 13, 2026
View reviewed changes
Copy link
Contributor

Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

This PR adds support for MaD (Models-as-Data) barriers and barrier guards in C#. This is foundational infrastructure that enables modeling of security barriers and barrier guards through external data models, though queries are not updated yet to use this functionality.

Changes:

  • Added ParameterizedBarrierGuard module for parameterized barrier guard support
  • Implemented barrierElement and barrierGuardModel predicates to interpret MaD barrier specifications
  • Extended model validation to cover barrier and barrier guard models
  • Added public API for barrier nodes

Reviewed changes

Copilot reviewed 4 out of 4 changed files in this pull request and generated no comments.

File Description
csharp/ql/lib/semmle/code/csharp/dataflow/internal/SsaImpl.qll Adds ParameterizedBarrierGuard module with signature support for parameterized guard checks
csharp/ql/lib/semmle/code/csharp/dataflow/internal/FlowSummaryImpl.qll Implements barrierElement and barrierGuardElement predicates to interpret barrier models from MaD specifications
csharp/ql/lib/semmle/code/csharp/dataflow/internal/ExternalFlow.qll Adds validation logic for barrier models, accepting value conversion, and cached barrier node predicates
csharp/ql/lib/semmle/code/csharp/dataflow/internal/DataFlowPublic.qll Exposes public API for ParameterizedBarrierGuard module with comprehensive documentation

💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.

@aschackmull aschackmull merged commit 8257475 into github:main Jan 13, 2026
28 of 29 checks passed
@aschackmull aschackmull deleted the csharp/mad-barriers branch January 13, 2026 10:00
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments

@owen-mc owen-mc owen-mc approved these changes

Assignees

No one assigned

Labels

C#

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

2 participants

@aschackmull @owen-mc