diff --git a/ql/src/semmle/go/dataflow/TaintTracking.qll b/ql/src/semmle/go/dataflow/TaintTracking.qll
index c725c655369..818a696c57d 100644
--- a/ql/src/semmle/go/dataflow/TaintTracking.qll
+++ b/ql/src/semmle/go/dataflow/TaintTracking.qll
@@ -111,7 +111,9 @@ module TaintTracking {
 
   /** Holds if taint flows from `pred` to `succ` via string concatenation. */
   predicate stringConcatStep(DataFlow::Node pred, DataFlow::Node succ) {
-    succ.asExpr().(AddExpr).getAnOperand() = pred.asExpr()
+    exists(DataFlow::BinaryOperationNode conc | conc.getOperator() = "+" |
+      succ = conc and conc.getAnOperand() = pred
+    )
   }
 
   /** Holds if taint flows from `pred` to `succ` via a slice operation. */
diff --git a/ql/test/library-tests/semmle/go/dataflow/FlowSteps/LocalTaintStep.expected b/ql/test/library-tests/semmle/go/dataflow/FlowSteps/LocalTaintStep.expected
index 7456fdd4ad0..5d8e6e5610e 100644
--- a/ql/test/library-tests/semmle/go/dataflow/FlowSteps/LocalTaintStep.expected
+++ b/ql/test/library-tests/semmle/go/dataflow/FlowSteps/LocalTaintStep.expected
@@ -1,5 +1,7 @@
 | main.go:10:22:10:22 | x | main.go:10:22:10:27 | ...+... |
 | main.go:10:24:10:27 | call to fn | main.go:10:22:10:27 | ...+... |
+| main.go:17:3:17:5 | acc | main.go:17:3:17:7 | rhs of increment statement |
+| main.go:17:3:17:7 | 1 | main.go:17:3:17:7 | rhs of increment statement |
 | main.go:26:11:26:17 | type assertion | main.go:26:2:26:17 | ... := ...[0] |
 | main.go:26:11:26:17 | type assertion | main.go:26:2:26:17 | ... := ...[1] |
 | strings.go:9:24:9:24 | s | strings.go:9:8:9:38 | call to Replace |