From b38440490aa08908676522e16dd3683174f16de9 Mon Sep 17 00:00:00 2001
From: Owen Mansel-Chan <owen-mc@github.com>
Date: Sun, 31 May 2026 21:41:57 +0100
Subject: [PATCH] Address review comment

---
 .../python/dataflow/new/internal/TaintTrackingPrivate.qll   | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/python/ql/lib/semmle/python/dataflow/new/internal/TaintTrackingPrivate.qll b/python/ql/lib/semmle/python/dataflow/new/internal/TaintTrackingPrivate.qll
index 7f25d276c07..636e65dc088 100644
--- a/python/ql/lib/semmle/python/dataflow/new/internal/TaintTrackingPrivate.qll
+++ b/python/ql/lib/semmle/python/dataflow/new/internal/TaintTrackingPrivate.qll
@@ -190,7 +190,11 @@ predicate stringManipulation(DataFlow::CfgNode nodeFrom, DataFlow::CfgNode nodeT
 predicate containerStep(DataFlow::Node nodeFrom, DataFlow::Node nodeTo) {
   exists(DataFlow::ContentSet contentSet |
     DataFlowPrivate::readStep(nodeFrom, contentSet, nodeTo) and
-    defaultTaintReadContent(contentSet)
+    exists(DataFlow::Content c | c = contentSet.getAReadContent() |
+      c instanceof DataFlow::TupleElementContent or
+      c instanceof DataFlow::DictionaryElementContent or
+      c instanceof DataFlow::DictionaryElementAnyContent
+    )
   )
 }