From 04341c47bdb710c03d6514e886edfd74094ae125 Mon Sep 17 00:00:00 2001
From: Owen Mansel-Chan <owen-mc@github.com>
Date: Tue, 2 Jun 2026 21:52:46 +0100
Subject: [PATCH] Tweak model for str.join

---
 .../lib/semmle/python/frameworks/Stdlib.qll   | 24 ++++++++++++++-----
 1 file changed, 18 insertions(+), 6 deletions(-)

diff --git a/python/ql/lib/semmle/python/frameworks/Stdlib.qll b/python/ql/lib/semmle/python/frameworks/Stdlib.qll
index 05e7a629de6..30e27934a29 100644
--- a/python/ql/lib/semmle/python/frameworks/Stdlib.qll
+++ b/python/ql/lib/semmle/python/frameworks/Stdlib.qll
@@ -4277,9 +4277,14 @@ module StdlibPrivate {
         preservesValue = true
       )
       or
-      input = ["Argument[0]", "Argument[0].ListElement"] and
-      output = "ReturnValue" and
-      preservesValue = false
+      (
+        input = "Argument[0]" and
+        preservesValue = false
+        or
+        input = "Argument[0].ListElement" and
+        preservesValue = true
+      ) and
+      output = "ReturnValue"
     }
   }
 
@@ -4985,9 +4990,16 @@ module StdlibPrivate {
     }
 
     override predicate propagatesFlow(string input, string output, boolean preservesValue) {
-      input = ["Argument[0,iterable:]", "Argument[0,iterable:].ListElement"] and
-      output = "ReturnValue" and
-      preservesValue = false
+      (
+        // For code like `" ".join([name])`
+        input = "Argument[0,iterable:].ListElement" and
+        preservesValue = true
+        or
+        // For code like `" ".join(name)`
+        input = "Argument[0,iterable:]" and
+        preservesValue = false
+      ) and
+      output = "ReturnValue"
     }
   }