GLAS cannot properly detect taint flow propagation in lists in Java

When user input is added to a list and later queried by index to pass values into a sink, marking the entire list as tainted can lead to false positives. If the entire list is marked tainted, any value accessed from it and passed to a sink will be considered vulnerable, even if that specific value is not tainted.

public void doPost(HttpServletRequest request, HttpServletResponse response)
            throws ServletException, IOException {
        response.setContentType("text/html;charset=UTF-8");

        String param = request.getParameter("BenchmarkTest00619");

        String bar = "";
        if (param != null) {
            java.util.List<String> valuesList = new java.util.ArrayList<String>();
            valuesList.add("safe");
            valuesList.add(param);
            valuesList.add("moresafe");


            bar = valuesList.get(0);
        }

        java.io.File fileTarget =
                new java.io.File(
                        new java.io.File(org.owasp.benchmark.helpers.Utils.TESTFILES_DIR), bar);
        response.getWriter()
                .println(
                        "Access to file: '"
                                + org.owasp
                                        .esapi
                                        .ESAPI
                                        .encoder()
                                        .encodeForHTML(fileTarget.toString())
                                + "' created.");
        if (fileTarget.exists()) {
            response.getWriter().println(" And file already exists.");
        } else {
            response.getWriter().println(" But file doesn't exist yet.");
        }
    }

So in this case the line new java.io.File(org.owasp.benchmark.helpers.Utils.TESTFILES_DIR), bar); will get marked even the accessed value is not tainted.