Mariana Trench – Security Focused Static Analysis Tool For Android And Java Applications
Mariana Trench is a security focused
The issue tells you that Mariana Trench found a remote code execution in MainActivity.onCreate where the data is coming from Activity.getIntent one call away, and flows into the constructor of ProcessBuilder 3 calls away. Click on “Traces” in the top right corner of the issue to see an example trace.
The trace surfaced by Mariana Trench consists of three parts.
The source trace represents where the data is coming from. In our example, the trace is very short: Activity.getIntent is called in MainActivity.onCreate directly.
The trace root represents where the source trace meets the sink trace. In our example this is the activitie’s onCreate method.
