import java.io.ByteArrayInputStream; import java.io.ByteArrayOutputStream; import java.io.IOException; import java.io.ObjectInputStream; import java.io.ObjectOutput; import java.io.ObjectOutputStream; import java.util.StringTokenizer; public class B { public static String[] taint() { return new String[] { "tainted" }; } public static void sink(Object o) { } public static void maintest() throws java.io.UnsupportedEncodingException, java.net.MalformedURLException { String[] args = taint(); // tainted - access to main args String[] aaaargs = args; sink(aaaargs); // tainted - access to tainted array String s = args[0]; sink(s); // tainted - concatenation of tainted string String concat = "Look at me " + s + ", I'm tainted!"; sink(concat); // tainted - parenthesised String pars = (concat); sink(pars); // tainted method argument, implies tainted return value String method = tainty(pars); sink(method); // tainted - complex String complex = ("Look at me " + args[0]) + ", I'm tainted!"; sink(complex); // tainted - data preserving constructors String constructed = new String(complex); sink(constructed); // tainted - unsafe escape String badEscape = constructed.replaceAll("(