diff --git a/ruby/ql/lib/codeql/ruby/security/MassAssignmentQuery.qll b/ruby/ql/lib/codeql/ruby/security/MassAssignmentQuery.qll
index 9a6346800716..5cfb28deca32 100644
--- a/ruby/ql/lib/codeql/ruby/security/MassAssignmentQuery.qll
+++ b/ruby/ql/lib/codeql/ruby/security/MassAssignmentQuery.qll
@@ -43,6 +43,11 @@ private module Config implements DataFlow::StateConfigSig {
     state instanceof FlowState::Permitted
   }
 
+  predicate isBarrierIn(DataFlow::Node node, FlowState state) {
+    node instanceof MassAssignment::Source and
+    state instanceof FlowState::Unpermitted
+  }
+
   predicate isBarrier(DataFlow::Node node) { node instanceof MassAssignment::Sanitizer }
 
   predicate isAdditionalFlowStep(