Use access path for str.join model

Author: owen-mc

python/ql/lib/semmle/python/dataflow/new/internal/TaintTrackingPrivate.qll

@@ -150,11 +150,6 @@ predicate stringManipulation(DataFlow::CfgNode nodeFrom, DataFlow::CfgNode nodeT
     nodeFrom.getNode() = object and
     method_name in ["partition", "rpartition", "rsplit", "split", "splitlines"]
     or
-    // Iterable[str] -> str
-    // TODO: check if these should be handled differently in regards to content
-    method_name = "join" and
-    nodeFrom.getNode() = call.getArg(0)
-    or
     // Mapping[str, Any] -> str
     method_name = "format_map" and
     nodeFrom.getNode() = call.getArg(0)

python/ql/lib/semmle/python/frameworks/Stdlib.qll

@@ -4976,6 +4976,23 @@ module StdlibPrivate {
     }
   }
 
+  /** A flow summary for `str.join`. */
+  class StrJoinSummary extends SummarizedCallable::Range {
+    StrJoinSummary() { this = "str.join" }
+
+    override DataFlow::CallCfgNode getACall() { result.(DataFlow::MethodCallNode).calls(_, "join") }
+
+    override DataFlow::ArgumentNode getACallback() {
+      result.(DataFlow::AttrRead).getAttributeName() = "join"
+    }
+
+    override predicate propagatesFlow(string input, string output, boolean preservesValue) {
+      input = ["Argument[0,iterable:]", "Argument[0,iterable:].ListElement"] and
+      output = "ReturnValue" and
+      preservesValue = false
+    }
+  }
+
   // ---------------------------------------------------------------------------
   // asyncio
   // ---------------------------------------------------------------------------