diff --git a/csharp/ql/lib/semmle/code/csharp/dataflow/TaintTrackingStack.qll b/csharp/ql/lib/semmle/code/csharp/dataflow/TaintTrackingStack.qll
new file mode 100644
index 000000000000..e99deb958546
--- /dev/null
+++ b/csharp/ql/lib/semmle/code/csharp/dataflow/TaintTrackingStack.qll
@@ -0,0 +1,37 @@
+import csharp
+private import codeql.dataflow.DataFlow
+private import semmle.code.csharp.dataflow.internal.DataFlowImplSpecific
+private import semmle.code.csharp.dataflow.internal.TaintTrackingImplSpecific
+private import codeql.dataflowstack.TaintTrackingStack as TTS
+private import TTS::TaintTrackingStackMake<Location, CsharpDataFlow, CsharpTaintTracking> as TaintTrackingStackFactory
+
+private module TaintTrackingStackInput<TaintTrackingStackFactory::DataFlow::ConfigSig Config>
+  implements TTS::TaintTrackingStackSig<Location, CsharpDataFlow, CsharpTaintTracking, Config>
+{
+  private module Flow = TaintTracking::Global<Config>;
+
+  CsharpDataFlow::Node getNode(Flow::PathNode n) { result = n.getNode() }
+
+  predicate isSource(Flow::PathNode n) { n.isSource() }
+
+  Flow::PathNode getASuccessor(Flow::PathNode n) { result = n.getASuccessor() }
+
+  CsharpDataFlow::DataFlowCallable getARuntimeTarget(CsharpDataFlow::DataFlowCall call) {
+    result = call.getARuntimeTarget()
+  }
+
+  CsharpDataFlow::Node getAnArgumentNode(CsharpDataFlow::DataFlowCall call) {
+    result = call.getArgument(_)
+  }
+}
+
+module TaintTrackingStackMake<TaintTrackingStackFactory::DataFlow::ConfigSig Config> {
+  import TaintTrackingStackFactory::FlowStack<Config, TaintTrackingStackInput<Config>>
+}
+
+module BiStackAnalysisMake<
+  TaintTrackingStackFactory::DataFlow::ConfigSig ConfigA,
+  TaintTrackingStackFactory::DataFlow::ConfigSig ConfigB>
+{
+  import TaintTrackingStackFactory::BiStackAnalysis<ConfigA, TaintTrackingStackInput<ConfigA>, ConfigB, TaintTrackingStackInput<ConfigB>>
+}
\ No newline at end of file
diff --git a/java/ql/lib/semmle/code/java/dataflow/TaintTrackingStack.qll b/java/ql/lib/semmle/code/java/dataflow/TaintTrackingStack.qll
new file mode 100644
index 000000000000..3fdb962291a4
--- /dev/null
+++ b/java/ql/lib/semmle/code/java/dataflow/TaintTrackingStack.qll
@@ -0,0 +1,38 @@
+import java
+private import semmle.code.java.dataflow.DataFlow
+private import semmle.code.java.dataflow.TaintTracking
+private import semmle.code.java.dataflow.internal.DataFlowImplSpecific
+private import semmle.code.java.dataflow.internal.TaintTrackingImplSpecific
+private import codeql.dataflowstack.TaintTrackingStack as TTS
+private import TTS::TaintTrackingStackMake<Location, JavaDataFlow, JavaTaintTracking> as TaintTrackingStackFactory
+
+private module TaintTrackingStackInput<TaintTrackingStackFactory::DataFlow::ConfigSig Config>
+  implements TTS::TaintTrackingStackSig<Location, JavaDataFlow, JavaTaintTracking, Config>
+{
+  private module Flow = TaintTracking::Global<Config>;
+
+  JavaDataFlow::Node getNode(Flow::PathNode n) { result = n.getNode() }
+
+  predicate isSource(Flow::PathNode n) { n.isSource() }
+
+  Flow::PathNode getASuccessor(Flow::PathNode n) { result = n.getASuccessor() }
+
+  JavaDataFlow::DataFlowCallable getARuntimeTarget(JavaDataFlow::DataFlowCall call) {
+    result.asCallable() = call.asCall().getCallee()
+  }
+
+  JavaDataFlow::Node getAnArgumentNode(JavaDataFlow::DataFlowCall call) {
+    result = JavaDataFlow::exprNode(call.asCall().getAnArgument())
+  }
+}
+
+module DataFlowStackMake<TaintTrackingStackFactory::DataFlow::ConfigSig Config> {
+  import TaintTrackingStackFactory::FlowStack<Config, TaintTrackingStackInput<Config>>
+}
+
+module BiStackAnalysisMake<
+  TaintTrackingStackFactory::DataFlow::ConfigSig ConfigA,
+  TaintTrackingStackFactory::DataFlow::ConfigSig ConfigB>
+{
+  import TaintTrackingStackFactory::BiStackAnalysis<ConfigA, TaintTrackingStackInput<ConfigA>, ConfigB, TaintTrackingStackInput<ConfigB>>
+}
\ No newline at end of file