From fac5296efca15fa78cb19a95d89af4aef606ed1d Mon Sep 17 00:00:00 2001
From: Owen Mansel-Chan <owen-mc@github.com>
Date: Tue, 14 Oct 2025 13:52:20 +0100
Subject: [PATCH] Avoid duplicate results using in-barriers

---
 go/ql/lib/semmle/go/security/BrokenCryptoAlgorithmQuery.qll | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/go/ql/lib/semmle/go/security/BrokenCryptoAlgorithmQuery.qll b/go/ql/lib/semmle/go/security/BrokenCryptoAlgorithmQuery.qll
index 2e400c76c85..ba24dcf5707 100644
--- a/go/ql/lib/semmle/go/security/BrokenCryptoAlgorithmQuery.qll
+++ b/go/ql/lib/semmle/go/security/BrokenCryptoAlgorithmQuery.qll
@@ -24,6 +24,8 @@ private module BrokenCryptoAlgorithmConfig implements DataFlow::ConfigSig {
 
   predicate isSink(DataFlow::Node sink) { sink instanceof Sink }
 
+  predicate isBarrierIn(DataFlow::Node node) { isSource(node) }
+
   predicate isBarrier(DataFlow::Node node) { node instanceof Sanitizer }
 
   predicate observeDiffInformedIncrementalMode() { any() }