Adjust coverage report generator to allow multiple sink identifiers per CWE

Author: tamasvajk

csharp/documentation/library-coverage/coverage.csv

@@ -1,2 +1,2 @@
-package,sink,source,summary,sink:html,source:local,summary:taint
-System,4,3,6,4,3,6
+package,sink,source,summary,sink:html,sink:xss,source:local,summary:taint
+System,5,3,6,4,1,3,6

csharp/documentation/library-coverage/coverage.rst

@@ -7,6 +7,6 @@ C# framework & library support
    :widths: auto
 
    Framework / library,Package,Remote flow sources,Taint & value steps,Sinks (total),`CWE-079` :sub:`Cross-site scripting`
-   System,"``System.*``, ``System``",,6,4,4
-   Totals,,,6,4,4
+   System,"``System.*``, ``System``",,6,5,5
+   Totals,,,6,5,5
 

csharp/documentation/library-coverage/cwe-sink.csv

@@ -1,2 +1,2 @@
 CWE,Sink identifier,Label
-CWE-079,html,Cross-site scripting
+CWE-079,html xss,Cross-site scripting

misc/scripts/library-coverage/generate-report.py

@@ -52,8 +52,10 @@ def collect_package_stats(packages: pack.PackageCollection, cwes, filter):
             sinks += package.get_part_count("sink")
 
             for cwe in cwes:
-                sink = "sink:" + cwes[cwe]["sink"]
-                count = package.get_kind_count(sink)
+                count = 0
+                for sink in cwes[cwe]["sink"].split(" "):
+                    sink = "sink:" + sink
+                    count += package.get_kind_count(sink)
                 if count > 0:
                     if cwe not in framework_cwes:
                         framework_cwes[cwe] = 0