coverage.rst

Java framework & library support

Framework / library	Package	Flow sources	Taint & value steps	Sinks (total)	CWE‑022 Path injection	CWE‑036 Path traversal	CWE‑079 Cross-site scripting	CWE‑089 SQL injection	CWE‑090 LDAP injection	CWE‑094 Code injection	CWE‑319 Cleartext transmission
Android	android.*	52	424	108			3	67
Apache Commons Collections	org.apache.commons.collections, org.apache.commons.collections4		1600
Apache Commons IO	org.apache.commons.io		561	104	89						15
Apache Commons Lang	org.apache.commons.lang3		424
Apache Commons Text	org.apache.commons.text		272
Apache HttpComponents	org.apache.hc.core5.*, org.apache.http	5	136	28			3				25
Google Guava	com.google.common.*		728	39		6
JSON-java	org.json		236
Java Standard Library	java.*	3	577	130	28			7			10
Java extensions	javax.*, jakarta.*	63	609	32			4		1	1	2
Spring	org.springframework.*	29	476	101				19	14		29
Others	androidx.slice, cn.hutool.core.codec, com.esotericsoftware.kryo.io, com.esotericsoftware.kryo5.io, com.fasterxml.jackson.core, com.fasterxml.jackson.databind, com.opensymphony.xwork2.ognl, com.rabbitmq.client, com.unboundid.ldap.sdk, com.zaxxer.hikari, flexjson, groovy.lang, groovy.util, jodd.json, kotlin.jvm.internal, net.sf.saxon.s9api, ognl, okhttp3, org.apache.commons.codec, org.apache.commons.jexl2, org.apache.commons.jexl3, org.apache.commons.logging, org.apache.commons.ognl, org.apache.directory.ldap.client.api, org.apache.ibatis.jdbc, org.apache.log4j, org.apache.logging.log4j, org.apache.shiro.codec, org.apache.shiro.jndi, org.codehaus.groovy.control, org.dom4j, org.hibernate, org.jboss.logging, org.jdbi.v3.core, org.jooq, org.mvel2, org.scijava.log, org.slf4j, org.xml.sax, org.xmlpull.v1, play.mvc, ratpack.core.form, ratpack.core.handling, ratpack.core.http, ratpack.exec, ratpack.form, ratpack.func, ratpack.handling, ratpack.http, ratpack.util, retrofit2	65	395	932				14	18		3
Totals		217	6438	1474	117	6	10	107	33	1	84