diff --git a/cpp/ql/lib/ext/CStrBufT.model.yml b/cpp/ql/lib/ext/CStrBufT.model.yml
new file mode 100644
index 000000000000..a8abace32e60
--- /dev/null
+++ b/cpp/ql/lib/ext/CStrBufT.model.yml
@@ -0,0 +1,8 @@
+extensions:
+  - addsTo:
+      pack: codeql/cpp-all
+      extensible: summaryModel
+    data:
+      - ["", "CStrBufT", True, "CStrBufT", "", "", "Argument[*0]", "Argument[-1]", "value", "manual"]
+      - ["", "CStrBufT", True, "operator PCXSTR", "", "", "Argument[-1]", "ReturnValue[*]", "value", "manual"]
+      - ["", "CStrBufT", True, "operator PXSTR", "", "", "Argument[-1]", "ReturnValue[*]", "value", "manual"]
diff --git a/cpp/ql/lib/ext/CStringData.model.yml b/cpp/ql/lib/ext/CStringData.model.yml
new file mode 100644
index 000000000000..6cf0d610cb7a
--- /dev/null
+++ b/cpp/ql/lib/ext/CStringData.model.yml
@@ -0,0 +1,6 @@
+extensions:
+  - addsTo:
+      pack: codeql/cpp-all
+      extensible: summaryModel
+    data:
+      - ["", "CStringData", True, "data", "", "", "Argument[-1]", "ReturnValue[*]", "value", "manual"]
diff --git a/cpp/ql/test/library-tests/dataflow/external-models/flow.expected b/cpp/ql/test/library-tests/dataflow/external-models/flow.expected
index 4090e60b7695..c370e57bc13b 100644
--- a/cpp/ql/test/library-tests/dataflow/external-models/flow.expected
+++ b/cpp/ql/test/library-tests/dataflow/external-models/flow.expected
@@ -10,14 +10,14 @@ edges
 | asio_streams.cpp:100:44:100:62 | call to buffer | asio_streams.cpp:103:29:103:39 | *send_buffer | provenance | Sink:MaD:6 |
 | asio_streams.cpp:100:64:100:71 | *send_str | asio_streams.cpp:56:18:56:23 | [summary param] *0 in buffer | provenance |  |
 | asio_streams.cpp:100:64:100:71 | *send_str | asio_streams.cpp:100:44:100:62 | call to buffer | provenance | MaD:10 |
-| test.cpp:4:5:4:11 | [summary param] 0 in ymlStep | test.cpp:4:5:4:11 | [summary] to write: ReturnValue in ymlStep | provenance | MaD:950 |
-| test.cpp:7:10:7:18 | call to ymlSource | test.cpp:7:10:7:18 | call to ymlSource | provenance | Src:MaD:948  |
-| test.cpp:7:10:7:18 | call to ymlSource | test.cpp:11:10:11:10 | x | provenance | Sink:MaD:949 |
+| test.cpp:4:5:4:11 | [summary param] 0 in ymlStep | test.cpp:4:5:4:11 | [summary] to write: ReturnValue in ymlStep | provenance | MaD:954 |
+| test.cpp:7:10:7:18 | call to ymlSource | test.cpp:7:10:7:18 | call to ymlSource | provenance | Src:MaD:952  |
+| test.cpp:7:10:7:18 | call to ymlSource | test.cpp:11:10:11:10 | x | provenance | Sink:MaD:953 |
 | test.cpp:7:10:7:18 | call to ymlSource | test.cpp:13:18:13:18 | x | provenance |  |
 | test.cpp:13:10:13:16 | call to ymlStep | test.cpp:13:10:13:16 | call to ymlStep | provenance |  |
-| test.cpp:13:10:13:16 | call to ymlStep | test.cpp:15:10:15:10 | y | provenance | Sink:MaD:949 |
+| test.cpp:13:10:13:16 | call to ymlStep | test.cpp:15:10:15:10 | y | provenance | Sink:MaD:953 |
 | test.cpp:13:18:13:18 | x | test.cpp:4:5:4:11 | [summary param] 0 in ymlStep | provenance |  |
-| test.cpp:13:18:13:18 | x | test.cpp:13:10:13:16 | call to ymlStep | provenance | MaD:950 |
+| test.cpp:13:18:13:18 | x | test.cpp:13:10:13:16 | call to ymlStep | provenance | MaD:954 |
 nodes
 | asio_streams.cpp:56:18:56:23 | [summary param] *0 in buffer | semmle.label | [summary param] *0 in buffer |
 | asio_streams.cpp:56:18:56:23 | [summary] to write: ReturnValue in buffer | semmle.label | [summary] to write: ReturnValue in buffer |
diff --git a/cpp/ql/test/library-tests/dataflow/external-models/validatemodels.expected b/cpp/ql/test/library-tests/dataflow/external-models/validatemodels.expected
index 85793f40aee0..718cf020c4d0 100644
--- a/cpp/ql/test/library-tests/dataflow/external-models/validatemodels.expected
+++ b/cpp/ql/test/library-tests/dataflow/external-models/validatemodels.expected
@@ -5,6 +5,7 @@
 | Dubious member name "operator LPSTR" in summary model. |
 | Dubious member name "operator LPWSTR" in summary model. |
 | Dubious member name "operator PCXSTR" in summary model. |
+| Dubious member name "operator PXSTR" in summary model. |
 | Dubious member name "operator&" in summary model. |
 | Dubious member name "operator*" in summary model. |
 | Dubious member name "operator+" in summary model. |
diff --git a/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp b/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp
index ab85e39f5a74..29109ca7283f 100644
--- a/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp
+++ b/cpp/ql/test/library-tests/dataflow/taint-tests/atl.cpp
@@ -1217,7 +1217,7 @@ struct CStringData {
 
 void test_CStringData() {
   CStringData d = source<CStringData>();
-  sink(d.data()); // $ MISSING: ir
+  sink(d.data()); // $ ir
 }
 
 template<typename TCharType>
@@ -1237,6 +1237,6 @@ struct CStrBufT {
 void test_CStrBufT() {
   CStringT<char> s = source<CStringT<char>>();
   CStrBufT<char> b(s, 42, 0);
-  sink(static_cast<CStrBufT<char>::PCXSTR>(b)); // $ MISSING: ir
-  sink(static_cast<CStrBufT<char>::PXSTR>(b)); // $ MISSING: ir
+  sink(static_cast<CStrBufT<char>::PCXSTR>(b)); // $ ir
+  sink(static_cast<CStrBufT<char>::PXSTR>(b)); // $ ir
 }
\ No newline at end of file