False negative with taint propagated via class attribute

[draftyfrog]

Bug

Bug description
This might be the False Negative counterpart to the False Positive reported in #173.

Please consider the following code

public class MainActivity extends AppCompatActivity{
  public void onCreate(Bundle savedInstanceState){
    MyClass myInstance = new MyClass();
    String myString = myInstance.myField;
    myInstance.myField = "";
    sink(myString); // NOT reported as issue by Mariana Trench
  }

  public static String source(){ // Defined as source in MT config
    return "Secret";
  }

  public void sink(String param){} // Defined as sink in MT config
}

class MyClass{
  String myField = MainActivity.source();
}

As annotated in the code, Mariana Trench doesn't detect any issues, but actually the sink in MainActivity.onCreate should be reported.

I'm using mariana-trench Version: 1.0.6.

[arthaud]

Hi @draftyfrog, thanks for reaching out.

The problem here is that we don't handle static initializers (i.e String myField = MainActivity.source()) correctly. I believe we have plans to tackle this bug soon (maybe within the next 6 months).

This is not related to #173.