diff --git a/java/ql/lib/semmle/code/java/dataflow/FlowSources.qll b/java/ql/lib/semmle/code/java/dataflow/FlowSources.qll
index 8c6ac60eb24f..e36f5b8659b8 100644
--- a/java/ql/lib/semmle/code/java/dataflow/FlowSources.qll
+++ b/java/ql/lib/semmle/code/java/dataflow/FlowSources.qll
@@ -30,6 +30,7 @@ import semmle.code.java.frameworks.Guice
 import semmle.code.java.frameworks.struts.StrutsActions
 import semmle.code.java.frameworks.Thrift
 import semmle.code.java.frameworks.javaee.jsf.JSFRenderer
+import semmle.code.java.security.FileReadWrite
 private import semmle.code.java.dataflow.ExternalFlow
 private import codeql.threatmodels.ThreatModels
 
@@ -248,7 +249,7 @@ private class StdinInput extends LocalUserInput {
 private class FileInput extends LocalUserInput {
   FileInput() {
     // Access to files.
-    sourceNode(this, "file")
+    sourceNode(this, "file") or this.asExpr() instanceof FileReadExpr
   }
 
   override string getThreatModel() { result = "file" }