Merge pull request github#6164 from github/workflow/coverage/update

yo-h · web-flow · commit 2e8bd621bd70 · 2021-06-28T22:04:00.000-04:00
Update CSV framework coverage reports
diff --git a/java/documentation/library-coverage/coverage.csv b/java/documentation/library-coverage/coverage.csv
@@ -1,44 +1,50 @@
-package,sink,source,summary,sink:bean-validation,sink:create-file,sink:header-splitting,sink:information-leak,sink:jexl,sink:ldap,sink:open-url,sink:set-hostname-verifier,sink:url-open-stream,sink:xpath,sink:xss,source:remote,summary:taint,summary:value
-android.util,,16,,,,,,,,,,,,,16,,
-android.webkit,3,2,,,,,,,,,,,,3,2,,
-com.esotericsoftware.kryo.io,,,1,,,,,,,,,,,,,1,
-com.esotericsoftware.kryo5.io,,,1,,,,,,,,,,,,,1,
-com.fasterxml.jackson.databind,,,3,,,,,,,,,,,,,3,
-com.google.common.base,,,34,,,,,,,,,,,,,28,6
-com.google.common.io,6,,73,,,,,,,,,6,,,,72,1
-com.unboundid.ldap.sdk,17,,,,,,,,17,,,,,,,,
-java.beans,,,1,,,,,,,,,,,,,1,
-java.io,3,,20,,3,,,,,,,,,,,20,
-java.lang,,,3,,,,,,,,,,,,,1,2
-java.net,2,3,4,,,,,,,2,,,,,3,4,
-java.nio,10,,2,,10,,,,,,,,,,,2,
-java.util,,,283,,,,,,,,,,,,,15,268
-javax.naming.directory,1,,,,,,,,1,,,,,,,,
-javax.net.ssl,2,,,,,,,,,,2,,,,,,
-javax.servlet,4,21,2,,,3,1,,,,,,,,21,2,
-javax.validation,1,1,,1,,,,,,,,,,,1,,
-javax.ws.rs.core,1,,,,,1,,,,,,,,,,,
-javax.xml.transform.sax,,,4,,,,,,,,,,,,,4,
-javax.xml.transform.stream,,,2,,,,,,,,,,,,,2,
-javax.xml.xpath,3,,,,,,,,,,,,3,,,,
-org.apache.commons.codec,,,2,,,,,,,,,,,,,2,
-org.apache.commons.io,,,22,,,,,,,,,,,,,22,
-org.apache.commons.jexl2,15,,,,,,,15,,,,,,,,,
-org.apache.commons.jexl3,15,,,,,,,15,,,,,,,,,
-org.apache.commons.lang3,,,370,,,,,,,,,,,,,324,46
-org.apache.commons.text,,,272,,,,,,,,,,,,,220,52
-org.apache.directory.ldap.client.api,1,,,,,,,,1,,,,,,,,
-org.apache.hc.core5.function,,,1,,,,,,,,,,,,,1,
-org.apache.hc.core5.http,1,2,39,,,,,,,,,,,1,2,39,
-org.apache.hc.core5.net,,,2,,,,,,,,,,,,,2,
-org.apache.hc.core5.util,,,24,,,,,,,,,,,,,18,6
-org.apache.http,2,3,67,,,,,,,,,,,2,3,59,8
-org.dom4j,20,,,,,,,,,,,,20,,,,
-org.springframework.ldap.core,14,,,,,,,,14,,,,,,,,
-org.springframework.security.web.savedrequest,,6,,,,,,,,,,,,,6,,
-org.springframework.web.client,,3,,,,,,,,,,,,,3,,
-org.springframework.web.context.request,,8,,,,,,,,,,,,,8,,
-org.springframework.web.multipart,,12,,,,,,,,,,,,,12,,
-org.xml.sax,,,1,,,,,,,,,,,,,1,
-org.xmlpull.v1,,3,,,,,,,,,,,,,3,,
-play.mvc,,4,,,,,,,,,,,,,4,,
+package,sink,source,summary,sink:bean-validation,sink:create-file,sink:header-splitting,sink:information-leak,sink:jexl,sink:ldap,sink:open-url,sink:set-hostname-verifier,sink:url-open-stream,sink:url-redirect,sink:xpath,sink:xss,source:remote,summary:taint,summary:value
+android.util,,16,,,,,,,,,,,,,,16,,
+android.webkit,3,2,,,,,,,,,,,,,3,2,,
+com.esotericsoftware.kryo.io,,,1,,,,,,,,,,,,,,1,
+com.esotericsoftware.kryo5.io,,,1,,,,,,,,,,,,,,1,
+com.fasterxml.jackson.databind,,,3,,,,,,,,,,,,,,3,
+com.google.common.base,,,85,,,,,,,,,,,,,,62,23
+com.google.common.io,6,,73,,,,,,,,,6,,,,,72,1
+com.unboundid.ldap.sdk,17,,,,,,,,17,,,,,,,,,
+jakarta.ws.rs.client,1,,,,,,,,,1,,,,,,,,
+jakarta.ws.rs.core,2,,143,,,,,,,,,,2,,,,88,55
+java.beans,,,1,,,,,,,,,,,,,,1,
+java.io,3,,20,,3,,,,,,,,,,,,20,
+java.lang,,,3,,,,,,,,,,,,,,1,2
+java.net,4,3,6,,,,,,,4,,,,,,3,6,
+java.nio,10,,2,,10,,,,,,,,,,,,2,
+java.util,,,295,,,,,,,,,,,,,,15,280
+javax.naming.directory,1,,,,,,,,1,,,,,,,,,
+javax.net.ssl,2,,,,,,,,,,2,,,,,,,
+javax.servlet,4,21,2,,,3,1,,,,,,,,,21,2,
+javax.validation,1,1,,1,,,,,,,,,,,,1,,
+javax.ws.rs.client,1,,,,,,,,,1,,,,,,,,
+javax.ws.rs.core,3,,143,,,1,,,,,,,2,,,,88,55
+javax.xml.transform.sax,,,4,,,,,,,,,,,,,,4,
+javax.xml.transform.stream,,,2,,,,,,,,,,,,,,2,
+javax.xml.xpath,3,,,,,,,,,,,,,3,,,,
+org.apache.commons.codec,,,2,,,,,,,,,,,,,,2,
+org.apache.commons.collections,,,99,,,,,,,,,,,,,,4,95
+org.apache.commons.collections4,,,99,,,,,,,,,,,,,,4,95
+org.apache.commons.io,,,22,,,,,,,,,,,,,,22,
+org.apache.commons.jexl2,15,,,,,,,15,,,,,,,,,,
+org.apache.commons.jexl3,15,,,,,,,15,,,,,,,,,,
+org.apache.commons.lang3,,,420,,,,,,,,,,,,,,292,128
+org.apache.commons.text,,,272,,,,,,,,,,,,,,220,52
+org.apache.directory.ldap.client.api,1,,,,,,,,1,,,,,,,,,
+org.apache.hc.core5.function,,,1,,,,,,,,,,,,,,1,
+org.apache.hc.core5.http,1,2,39,,,,,,,,,,,,1,2,39,
+org.apache.hc.core5.net,,,2,,,,,,,,,,,,,,2,
+org.apache.hc.core5.util,,,24,,,,,,,,,,,,,,18,6
+org.apache.http,27,3,70,,,,,,,25,,,,,2,3,62,8
+org.dom4j,20,,,,,,,,,,,,,20,,,,
+org.springframework.http,14,,,,,,,,,14,,,,,,,,
+org.springframework.ldap.core,14,,,,,,,,14,,,,,,,,,
+org.springframework.security.web.savedrequest,,6,,,,,,,,,,,,,,6,,
+org.springframework.web.client,13,3,,,,,,,,13,,,,,,3,,
+org.springframework.web.context.request,,8,,,,,,,,,,,,,,8,,
+org.springframework.web.multipart,,12,,,,,,,,,,,,,,12,,
+org.xml.sax,,,1,,,,,,,,,,,,,,1,
+org.xmlpull.v1,,3,,,,,,,,,,,,,,3,,
+play.mvc,,4,,,,,,,,,,,,,,4,,
diff --git a/java/documentation/library-coverage/coverage.rst b/java/documentation/library-coverage/coverage.rst
@@ -8,14 +8,15 @@ Java framework & library support
 
    Framework / library,Package,Remote flow sources,Taint & value steps,Sinks (total),`CWE‑022` :sub:`Path injection`,`CWE‑036` :sub:`Path traversal`,`CWE‑079` :sub:`Cross-site scripting`,`CWE‑089` :sub:`SQL injection`,`CWE‑090` :sub:`LDAP injection`,`CWE‑094` :sub:`Code injection`,`CWE‑319` :sub:`Cleartext transmission`
    Android,``android.*``,18,,3,,,3,,,,
+   `Apache Commons Collections <https://commons.apache.org/proper/commons-collections/>`_,"``org.apache.commons.collections``, ``org.apache.commons.collections4``",,198,,,,,,,,
    `Apache Commons IO <https://commons.apache.org/proper/commons-io/>`_,``org.apache.commons.io``,,22,,,,,,,,
-   `Apache Commons Lang <https://commons.apache.org/proper/commons-lang/>`_,``org.apache.commons.lang3``,,370,,,,,,,,
+   `Apache Commons Lang <https://commons.apache.org/proper/commons-lang/>`_,``org.apache.commons.lang3``,,420,,,,,,,,
    `Apache Commons Text <https://commons.apache.org/proper/commons-text/>`_,``org.apache.commons.text``,,272,,,,,,,,
-   `Apache HttpComponents <https://hc.apache.org/>`_,"``org.apache.hc.core5.*``, ``org.apache.http``",5,133,3,,,3,,,,
-   `Google Guava <https://guava.dev/>`_,``com.google.common.*``,,107,6,,6,,,,,
-   Java Standard Library,``java.*``,3,313,15,13,,,,,,2
-   Java extensions,``javax.*``,22,8,12,,,,,1,1,
-   `Spring <https://spring.io/>`_,``org.springframework.*``,29,,14,,,,,14,,
-   Others,"``com.esotericsoftware.kryo.io``, ``com.esotericsoftware.kryo5.io``, ``com.fasterxml.jackson.databind``, ``com.unboundid.ldap.sdk``, ``org.apache.commons.codec``, ``org.apache.commons.jexl2``, ``org.apache.commons.jexl3``, ``org.apache.directory.ldap.client.api``, ``org.dom4j``, ``org.xml.sax``, ``org.xmlpull.v1``, ``play.mvc``",7,8,68,,,,,18,,
-   Totals,,84,1233,121,13,6,6,,33,1,2
+   `Apache HttpComponents <https://hc.apache.org/>`_,"``org.apache.hc.core5.*``, ``org.apache.http``",5,136,28,,,3,,,,25
+   `Google Guava <https://guava.dev/>`_,``com.google.common.*``,,158,6,,6,,,,,
+   Java Standard Library,``java.*``,3,327,17,13,,,,,,4
+   Java extensions,``javax.*``,22,151,15,,,,,1,1,1
+   `Spring <https://spring.io/>`_,``org.springframework.*``,29,,41,,,,,14,,27
+   Others,"``com.esotericsoftware.kryo.io``, ``com.esotericsoftware.kryo5.io``, ``com.fasterxml.jackson.databind``, ``com.unboundid.ldap.sdk``, ``jakarta.ws.rs.client``, ``jakarta.ws.rs.core``, ``org.apache.commons.codec``, ``org.apache.commons.jexl2``, ``org.apache.commons.jexl3``, ``org.apache.directory.ldap.client.api``, ``org.dom4j``, ``org.xml.sax``, ``org.xmlpull.v1``, ``play.mvc``",7,151,71,,,,,18,,1
+   Totals,,84,1835,181,13,6,6,,33,1,58
 
