Merge pull request #5832 from tamasvajk/feature/csv-coverage-report

Java: github action for CSV coverage report

java/documentation/library-coverage/cwe-sink.csv

@@ -0,0 +1,8 @@
+CWE,Sink identifier,Label
+CWE‑089,sql,SQL injection
+CWE‑022,create-file,Path injection
+CWE‑036,url-open-stream,Path traversal
+CWE‑094,bean-validation,Code injection
+CWE‑319,open-url,Cleartext transmission
+CWE‑079,xss,Cross-site scripting
+CWE‑090,ldap,LDAP injection

java/documentation/library-coverage/flow-model-coverage.csv

@@ -0,0 +1,42 @@
+package,sink,source,summary,sink:bean-validation,sink:create-file,sink:header-splitting,sink:ldap,sink:open-url,sink:set-hostname-verifier,sink:url-open-stream,sink:xpath,sink:xss,source:remote,summary:taint,summary:value
+android.util,,16,,,,,,,,,,,16,,
+android.webkit,3,2,,,,,,,,,,3,2,,
+com.esotericsoftware.kryo.io,,,1,,,,,,,,,,,1,
+com.esotericsoftware.kryo5.io,,,1,,,,,,,,,,,1,
+com.fasterxml.jackson.databind,,,2,,,,,,,,,,,2,
+com.google.common.base,,,28,,,,,,,,,,,22,6
+com.google.common.io,6,,69,,,,,,,6,,,,68,1
+com.unboundid.ldap.sdk,17,,,,,,17,,,,,,,,
+java.beans,,,1,,,,,,,,,,,1,
+java.io,3,,20,,3,,,,,,,,,20,
+java.lang,,,1,,,,,,,,,,,1,
+java.net,2,3,4,,,,,2,,,,,3,4,
+java.nio,10,,2,,10,,,,,,,,,2,
+java.util,,,13,,,,,,,,,,,13,
+javax.naming.directory,1,,,,,,1,,,,,,,,
+javax.net.ssl,2,,,,,,,,2,,,,,,
+javax.servlet,4,21,2,,,3,,,,,,1,21,2,
+javax.validation,1,1,,1,,,,,,,,,1,,
+javax.ws.rs.core,1,,,,,1,,,,,,,,,
+javax.xml.transform.sax,,,4,,,,,,,,,,,4,
+javax.xml.transform.stream,,,2,,,,,,,,,,,2,
+javax.xml.xpath,3,,,,,,,,,,3,,,,
+org.apache.commons.codec,,,2,,,,,,,,,,,2,
+org.apache.commons.io,,,22,,,,,,,,,,,22,
+org.apache.commons.lang3,,,313,,,,,,,,,,,299,14
+org.apache.commons.text,,,203,,,,,,,,,,,203,
+org.apache.directory.ldap.client.api,1,,,,,,1,,,,,,,,
+org.apache.hc.core5.function,,,1,,,,,,,,,,,1,
+org.apache.hc.core5.http,1,2,39,,,,,,,,,1,2,39,
+org.apache.hc.core5.net,,,2,,,,,,,,,,,2,
+org.apache.hc.core5.util,,,22,,,,,,,,,,,18,4
+org.apache.http,2,3,66,,,,,,,,,2,3,59,7
+org.dom4j,20,,,,,,,,,,20,,,,
+org.springframework.ldap.core,14,,,,,,14,,,,,,,,
+org.springframework.security.web.savedrequest,,6,,,,,,,,,,,6,,
+org.springframework.web.client,,3,,,,,,,,,,,3,,
+org.springframework.web.context.request,,8,,,,,,,,,,,8,,
+org.springframework.web.multipart,,12,,,,,,,,,,,12,,
+org.xml.sax,,,1,,,,,,,,,,,1,
+org.xmlpull.v1,,3,,,,,,,,,,,3,,
+play.mvc,,4,,,,,,,,,,,4,,

java/documentation/library-coverage/flow-model-coverage.rst

@@ -0,0 +1,19 @@
+Java framework & library support
+================================
+
+.. csv-table::
+   :header-rows: 1
+   :class: fullWidthTable
+   :widths: auto
+
+   Framework / library,Package,Remote flow sources,Taint & value steps,Sinks (total),`CWE‑022` :sub:`Path injection`,`CWE‑036` :sub:`Path traversal`,`CWE‑079` :sub:`Cross-site scripting`,`CWE‑089` :sub:`SQL injection`,`CWE‑090` :sub:`LDAP injection`,`CWE‑094` :sub:`Code injection`,`CWE‑319` :sub:`Cleartext transmission`
+   Android,``android.*``,18,,3,,,3,,,,
+   Apache,``org.apache.*``,5,648,4,,,3,,1,,
+   `Apache Commons IO <https://commons.apache.org/proper/commons-io/>`_,``org.apache.commons.io``,,22,,,,,,,,
+   Google,``com.google.common.*``,,97,6,,6,,,,,
+   Java Standard Library,``java.*``,3,41,15,13,,,,,,2
+   Java extensions,``javax.*``,22,8,12,,,1,,1,1,
+   `Spring <https://spring.io/>`_,``org.springframework.*``,29,,14,,,,,14,,
+   Others,"``com.esotericsoftware.kryo.io``, ``com.esotericsoftware.kryo5.io``, ``com.fasterxml.jackson.databind``, ``com.unboundid.ldap.sdk``, ``org.dom4j``, ``org.xml.sax``, ``org.xmlpull.v1``, ``play.mvc``",7,5,37,,,,,17,,
+   Totals,,84,821,91,13,6,7,,33,1,2
+

java/documentation/library-coverage/frameworks.csv

@@ -0,0 +1,8 @@
+Framework name,URL,Package prefix
+Java Standard Library,,java.*
+Google,,com.google.common.*
+Apache,,org.apache.*
+Apache Commons IO,https://commons.apache.org/proper/commons-io/,org.apache.commons.io
+Android,,android.*
+Spring,https://spring.io/,org.springframework.*
+Java extensions,,javax.*