[Javasrc2cpg]When a line of code uses string concatenation, the taint analysis results of this line of code lose some details.

[wooyune1]

Describe the bug

s =  s.substring(0) + "a";

The above is a line of Java code, which evidently contains two method calls: string concatenation and the substring method.
However, in the paths obtained through taint analysis, there is only a single call recorded.

After debugging, it was discovered that the call for string concatenation was retained, while the call to the substring method was not included in the traced path.
I originally thought that Joern wouldn't handle cases where there are multiple function calls in a single line of code, but in reality, Joern is able to handle the following code correctly.

s =  s.substring(0).substring(0); // handled correctly

Then I tested the following code and found that Joern still loses some information, so I suspect this might be due to the string concatenation operation.

s =  s + "a" + "b"; // handled incorrectly

To Reproduce
A.java

public class A {
    public static void main(String[] args) {
        String s = source();
        s =  s.substring(0) + "a"; // this line
        sink(s);
    }
    public static String source() {
        return "abc";
    }
    public static String sink(String s) {
        String temp = s;
        return s;
    }
}

TaintAnalysis.scala

    val source = cpg.call.name("source")
    val sink = cpg.call.name("sink")
    val paths = sink.reachableByFlows(source)

Expected behavior
The line of code where the expected comments are added can find two method calls in the taint analysis.

Desktop (please complete the following information):

• Joern Version : v2.0.311
• Java version : 17