C++: Reduce duplication by blocking flow into sources (since we'll already be considering flow starting at those sources) and out of sinks (since we'll already be alerting on this sink if it's relevant).

Author: MathiasVP

cpp/ql/src/Security/CWE/CWE-313/CleartextSqliteDatabase.ql

@@ -112,6 +112,10 @@ module FromSensitiveConfiguration implements DataFlow::ConfigSig {
     node.asExpr().getUnspecifiedType() instanceof IntegralType
   }
 
+  predicate isBarrierIn(DataFlow::Node node) { isSource(node) }
+
+  predicate isBarrierOut(DataFlow::Node node) { isSink(node) }
+
   predicate allowImplicitRead(DataFlow::Node node, DataFlow::ContentSet content) {
     // flow out from fields at the sink (only).
     // constrain `content` to a field inside the node.