Taint cannot flow into AsyncTask

[wangzery]

I set the source and sink as shown in the code below, but Mariana-trench found 0, it looks like doInBackground is not in the flow. Can Mariana-trench deal with scenarios where taint flowed into AsyncTask? Or how can i write config for this?

public void foo(Source source) {
    String txt = source.getText(); // Source here
    MyAsyncTask myTask = new MyAsyncTask(txt);
    myTask.execute(1000);
}

public class MyAsyncTask extends AsyncTask<Integer, Integer, Void> {

    private String txt;
    public MyAsyncTask(String txt)

    {
        super();
        this.txt = txt;
    }
    @Override
    protected Void doInBackground(Integer... params) {
        Intent intent = new Intent();
        intent.putExtra("txt",this.txt); // Sink here
        sendBroadcast(intent);
        return null;
    }
    @Override
    protected void onPreExecute() {
        Log.i("test","onPreExecute");
    }

}

[arthaud]

Hi @wangzery, Most likely, Mariana Trench doesn't have the source for AsyncTask.execute so it has no way to know that it calls doInBackground. Even if it had the code, I'm assuming it uses the system API to call it asynchronously, so Mariana Trench wouldn't see a direct call to it. That's why we are very likely to miss that flow.