diff --git a/python/ql/lib/semmle/python/security/dataflow/PathInjectionCustomizations.qll b/python/ql/lib/semmle/python/security/dataflow/PathInjectionCustomizations.qll
index 023e0906002..c1e77b05e8c 100644
--- a/python/ql/lib/semmle/python/security/dataflow/PathInjectionCustomizations.qll
+++ b/python/ql/lib/semmle/python/security/dataflow/PathInjectionCustomizations.qll
@@ -118,11 +118,10 @@ module PathInjection {
   private class OsPathBasenameCall extends Sanitizer, DataFlow::CallCfgNode {
     OsPathBasenameCall() {
       exists(API::Node osPathModule |
-        (
-          osPathModule = API::moduleImport("os").getMember("path")
-          or
-          osPathModule = API::moduleImport(["posixpath", "ntpath", "genericpath"])
-        ) and
+        osPathModule = API::moduleImport("os").getMember("path")
+        or
+        osPathModule = API::moduleImport(["posixpath", "ntpath", "genericpath"])
+      |
         this = osPathModule.getMember("basename").getACall()
       )
     }