| Framework / library | Package | Flow sources | Taint & value steps | Sinks (total) | CWE‑022 Path injection | CWE‑036 Path traversal | CWE‑079 Cross-site scripting | CWE‑089 SQL injection | CWE‑090 LDAP injection | CWE‑094 Code injection | CWE‑319 Cleartext transmission |
|---|---|---|---|---|---|---|---|---|---|---|---|
| Android | android.* |
18 | 34 | 70 | 3 | 67 | |||||
| Apache Commons Collections | org.apache.commons.collections, org.apache.commons.collections4 |
788 | |||||||||
| Apache Commons IO | org.apache.commons.io |
22 | |||||||||
| Apache Commons Lang | org.apache.commons.lang3 |
423 | |||||||||
| Apache Commons Text | org.apache.commons.text |
272 | |||||||||
| Apache HttpComponents | org.apache.hc.core5.*, org.apache.http |
5 | 136 | 28 | 3 | 25 | |||||
| Google Guava | com.google.common.* |
175 | 6 | 6 | |||||||
| JSON-java | org.json |
236 | |||||||||
| Java Standard Library | java.* |
3 | 421 | 30 | 13 | 7 | 10 | ||||
| Java extensions | javax.*, jakarta.* |
40 | 552 | 27 | 1 | 1 | 2 | ||||
| Spring | org.springframework.* |
29 | 469 | 91 | 19 | 14 | 29 | ||||
| Others | com.esotericsoftware.kryo.io, com.esotericsoftware.kryo5.io, com.fasterxml.jackson.core, com.fasterxml.jackson.databind, com.opensymphony.xwork2.ognl, com.unboundid.ldap.sdk, groovy.lang, groovy.util, jodd.json, ognl, org.apache.commons.codec, org.apache.commons.jexl2, org.apache.commons.jexl3, org.apache.commons.ognl, org.apache.directory.ldap.client.api, org.apache.ibatis.jdbc, org.apache.shiro.jndi, org.codehaus.groovy.control, org.dom4j, org.hibernate, org.jooq, org.mvel2, org.xml.sax, org.xmlpull.v1, play.mvc |
7 | 25 | 146 | 14 | 18 | |||||
| Totals | 102 | 3553 | 398 | 13 | 6 | 6 | 107 | 33 | 1 | 66 |