diff --git a/java/ql/src/semmle/code/java/dataflow/FlowSteps.qll b/java/ql/src/semmle/code/java/dataflow/FlowSteps.qll
index d30cca6afe6..c129f25e3ee 100644
--- a/java/ql/src/semmle/code/java/dataflow/FlowSteps.qll
+++ b/java/ql/src/semmle/code/java/dataflow/FlowSteps.qll
@@ -111,14 +111,14 @@ private class StringTaintPreservingMethod extends TaintPreservingCallable {
     this.hasName([
         "concat", "copyValueOf", "endsWith", "format", "formatted", "getBytes", "indent", "intern",
         "join", "repeat", "split", "strip", "stripIndent", "stripLeading", "stripTrailing",
-        "substring", "toCharArray", "toLowerCase", "toString", "toUpperCase", "trim"
+        "substring", "toCharArray", "toLowerCase", "toString", "toUpperCase", "trim", "valueOf"
       ])
   }
 
   override predicate returnsTaintFrom(int arg) {
     arg = -1 and not this.isStatic()
     or
-    this.hasName(["concat", "copyValueOf"]) and arg = 0
+    this.hasName(["concat", "copyValueOf", "valueOf"]) and arg = 0
     or
     this.hasName(["format", "formatted", "join"]) and arg = [0 .. getNumberOfParameters()]
   }
diff --git a/java/ql/test/library-tests/dataflow/taint/B.java b/java/ql/test/library-tests/dataflow/taint/B.java
index 81b007e6871..fa0094394c4 100644
--- a/java/ql/test/library-tests/dataflow/taint/B.java
+++ b/java/ql/test/library-tests/dataflow/taint/B.java
@@ -34,6 +34,9 @@ public class B {
     // tainted - data preserving constructors
     String constructed = new String(complex);
     sink(constructed);
+    // tainted - data preserving method
+    String valueOf = String.valueOf(complex.toCharArray());
+    sink(valueOf);
     // tainted - unsafe escape
     String badEscape = constructed.replaceAll("(<script>)", "");
     sink(badEscape);
diff --git a/java/ql/test/library-tests/dataflow/taint/test.expected b/java/ql/test/library-tests/dataflow/taint/test.expected
index 0953353f363..5502b0ee411 100644
--- a/java/ql/test/library-tests/dataflow/taint/test.expected
+++ b/java/ql/test/library-tests/dataflow/taint/test.expected
@@ -10,31 +10,32 @@
 | B.java:15:21:15:27 | taint(...) | B.java:30:10:30:15 | method |
 | B.java:15:21:15:27 | taint(...) | B.java:33:10:33:16 | complex |
 | B.java:15:21:15:27 | taint(...) | B.java:36:10:36:20 | constructed |
-| B.java:15:21:15:27 | taint(...) | B.java:39:10:39:18 | badEscape |
-| B.java:15:21:15:27 | taint(...) | B.java:42:10:42:14 | token |
-| B.java:15:21:15:27 | taint(...) | B.java:55:10:55:13 | cond |
-| B.java:15:21:15:27 | taint(...) | B.java:58:10:58:14 | logic |
-| B.java:15:21:15:27 | taint(...) | B.java:60:10:60:39 | endsWith(...) |
-| B.java:15:21:15:27 | taint(...) | B.java:63:10:63:14 | logic |
+| B.java:15:21:15:27 | taint(...) | B.java:39:10:39:16 | valueOf |
+| B.java:15:21:15:27 | taint(...) | B.java:42:10:42:18 | badEscape |
+| B.java:15:21:15:27 | taint(...) | B.java:45:10:45:14 | token |
+| B.java:15:21:15:27 | taint(...) | B.java:58:10:58:13 | cond |
+| B.java:15:21:15:27 | taint(...) | B.java:61:10:61:14 | logic |
+| B.java:15:21:15:27 | taint(...) | B.java:63:10:63:39 | endsWith(...) |
 | B.java:15:21:15:27 | taint(...) | B.java:66:10:66:14 | logic |
-| B.java:15:21:15:27 | taint(...) | B.java:74:10:74:16 | trimmed |
-| B.java:15:21:15:27 | taint(...) | B.java:76:10:76:14 | split |
-| B.java:15:21:15:27 | taint(...) | B.java:78:10:78:14 | lower |
-| B.java:15:21:15:27 | taint(...) | B.java:80:10:80:14 | upper |
-| B.java:15:21:15:27 | taint(...) | B.java:82:10:82:14 | bytes |
-| B.java:15:21:15:27 | taint(...) | B.java:84:10:84:17 | toString |
-| B.java:15:21:15:27 | taint(...) | B.java:86:10:86:13 | subs |
-| B.java:15:21:15:27 | taint(...) | B.java:88:10:88:13 | repl |
-| B.java:15:21:15:27 | taint(...) | B.java:90:10:90:16 | replAll |
-| B.java:15:21:15:27 | taint(...) | B.java:92:10:92:18 | replFirst |
-| B.java:15:21:15:27 | taint(...) | B.java:105:12:105:25 | serializedData |
-| B.java:15:21:15:27 | taint(...) | B.java:117:12:117:27 | deserializedData |
-| B.java:15:21:15:27 | taint(...) | B.java:126:10:126:21 | taintedArray |
-| B.java:15:21:15:27 | taint(...) | B.java:128:10:128:22 | taintedArray2 |
-| B.java:15:21:15:27 | taint(...) | B.java:130:10:130:22 | taintedArray3 |
-| B.java:15:21:15:27 | taint(...) | B.java:133:10:133:44 | toURL(...) |
-| B.java:15:21:15:27 | taint(...) | B.java:136:10:136:37 | toPath(...) |
-| B.java:15:21:15:27 | taint(...) | B.java:139:10:139:46 | toFile(...) |
+| B.java:15:21:15:27 | taint(...) | B.java:69:10:69:14 | logic |
+| B.java:15:21:15:27 | taint(...) | B.java:77:10:77:16 | trimmed |
+| B.java:15:21:15:27 | taint(...) | B.java:79:10:79:14 | split |
+| B.java:15:21:15:27 | taint(...) | B.java:81:10:81:14 | lower |
+| B.java:15:21:15:27 | taint(...) | B.java:83:10:83:14 | upper |
+| B.java:15:21:15:27 | taint(...) | B.java:85:10:85:14 | bytes |
+| B.java:15:21:15:27 | taint(...) | B.java:87:10:87:17 | toString |
+| B.java:15:21:15:27 | taint(...) | B.java:89:10:89:13 | subs |
+| B.java:15:21:15:27 | taint(...) | B.java:91:10:91:13 | repl |
+| B.java:15:21:15:27 | taint(...) | B.java:93:10:93:16 | replAll |
+| B.java:15:21:15:27 | taint(...) | B.java:95:10:95:18 | replFirst |
+| B.java:15:21:15:27 | taint(...) | B.java:108:12:108:25 | serializedData |
+| B.java:15:21:15:27 | taint(...) | B.java:120:12:120:27 | deserializedData |
+| B.java:15:21:15:27 | taint(...) | B.java:129:10:129:21 | taintedArray |
+| B.java:15:21:15:27 | taint(...) | B.java:131:10:131:22 | taintedArray2 |
+| B.java:15:21:15:27 | taint(...) | B.java:133:10:133:22 | taintedArray3 |
+| B.java:15:21:15:27 | taint(...) | B.java:136:10:136:44 | toURL(...) |
+| B.java:15:21:15:27 | taint(...) | B.java:139:10:139:37 | toPath(...) |
+| B.java:15:21:15:27 | taint(...) | B.java:142:10:142:46 | toFile(...) |
 | MethodFlow.java:7:22:7:28 | taint(...) | MethodFlow.java:8:10:8:16 | tainted |
 | MethodFlow.java:9:31:9:37 | taint(...) | MethodFlow.java:10:10:10:17 | tainted2 |
 | MethodFlow.java:11:35:11:41 | taint(...) | MethodFlow.java:12:10:12:17 | tainted3 |
