diff --git a/infer/src/quandary/ClangTrace.ml b/infer/src/quandary/ClangTrace.ml
index 51f1b8508..cd2ea37a1 100644
--- a/infer/src/quandary/ClangTrace.ml
+++ b/infer/src/quandary/ClangTrace.ml
@@ -76,8 +76,7 @@ module SourceKind = struct
             Some (ReadFile, Some 1)
         | _ ->
             get_external_source qualified_pname )
-    | Typ.Procname.C _
-      when Config.developer_mode && Typ.Procname.equal pname BuiltinDecl.__global_access
+    | Typ.Procname.C _ when Typ.Procname.equal pname BuiltinDecl.__global_access
       -> (
         (* is this var a command line flag created by the popular C++ gflags library for creating
            command-line flags (https://github.com/gflags/gflags)? *)
@@ -438,7 +437,7 @@ include Trace.Make (struct
         Option.some_if
           (is_injection_possible ~typ Sanitizer.EscapeShell sanitizers)
           IssueType.untrusted_file
-    | (Endpoint (_, typ) | CommandLineFlag (_, typ)), CreateFile ->
+    | Endpoint (_, typ), CreateFile ->
         Option.some_if
           (is_injection_possible ~typ Sanitizer.EscapeShell sanitizers)
           IssueType.untrusted_file_risk
@@ -446,11 +445,11 @@ include Trace.Make (struct
         Option.some_if
           (is_injection_possible ~typ Sanitizer.EscapeURL sanitizers)
           IssueType.untrusted_url
-    | (Endpoint (_, typ) | CommandLineFlag (_, typ)), URL ->
+    | Endpoint (_, typ), URL ->
         Option.some_if
           (is_injection_possible ~typ Sanitizer.EscapeURL sanitizers)
           IssueType.untrusted_url_risk
-    | (EnvironmentVariable | ReadFile), URL ->
+    | (CommandLineFlag _ | EnvironmentVariable | ReadFile), URL ->
         None
     | (UserControlledEndpoint (_, typ) | CommandLineFlag (_, typ)), SQL ->
         if is_injection_possible ~typ Sanitizer.EscapeSQL sanitizers then
@@ -508,7 +507,7 @@ include Trace.Make (struct
         (* untrusted data of any kind flowing to stack buffer allocation. trying to allocate a stack
            buffer that's too large will cause a stack overflow. *)
         Some IssueType.untrusted_variable_length_array
-    | (EnvironmentVariable | ReadFile), CreateFile ->
+    | (CommandLineFlag _ | EnvironmentVariable | ReadFile), CreateFile ->
         None
     | Other, _ ->
         (* Other matches everything *)
diff --git a/infer/tests/codetoanalyze/cpp/quandary/endpoints.cpp b/infer/tests/codetoanalyze/cpp/quandary/endpoints.cpp
index 06eee2708..bff180e78 100644
--- a/infer/tests/codetoanalyze/cpp/quandary/endpoints.cpp
+++ b/infer/tests/codetoanalyze/cpp/quandary/endpoints.cpp
@@ -9,6 +9,7 @@
 
 #include <fcntl.h>
 #include <fstream>
+#include <iostream>
 #include <string>
 
 extern void __infer_sql_sink(std::string);
diff --git a/infer/tests/codetoanalyze/cpp/quandary/files.cpp b/infer/tests/codetoanalyze/cpp/quandary/files.cpp
index 250d7c357..804d23a4b 100644
--- a/infer/tests/codetoanalyze/cpp/quandary/files.cpp
+++ b/infer/tests/codetoanalyze/cpp/quandary/files.cpp
@@ -10,8 +10,12 @@
 #include <fstream>
 #include <unistd.h>
 
+extern void __infer_url_sink(char*);
+
 namespace files {
 
+extern char* FLAGS_cli_string;
+
 void read_file_call_exec_bad1(int length) {
   std::ifstream is("test.txt", std::ifstream::binary);
   if (is) {
@@ -62,4 +66,10 @@ void read_file_call_exec_bad5(std::iostream is, int length) {
   }
 }
 
+void read_file_from_flag_ok(int length) {
+  std::ofstream file1(FLAGS_cli_string, std::ifstream::binary);
+}
+
+void url_from_flag_ok() { __infer_url_sink(FLAGS_cli_string); }
+
 }