Merge pull request github#5393 from aschackmull/java/taint-not-value-step

Java: Remove value steps from taint steps.

Author: aschackmull

java/ql/src/semmle/code/java/dataflow/internal/TaintTrackingUtil.qll

@@ -46,7 +46,8 @@ predicate localAdditionalTaintStep(DataFlow::Node src, DataFlow::Node sink) {
   localAdditionalTaintUpdateStep(src.asExpr(),
     sink.(DataFlow::PostUpdateNode).getPreUpdateNode().asExpr())
   or
-  summaryStep(src, sink, "taint")
+  summaryStep(src, sink, "taint") and
+  not summaryStep(src, sink, "value")
   or
   exists(Argument arg |
     src.asExpr() = arg and