hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2025-12-17 01:03:14 +01:00
Code Issues Packages Projects Releases Wiki Activity

Update java framework coverage reports

Browse Source
This commit is contained in:
Tamas Vajk
2021-06-10 10:26:34 +02:00
parent 3605b9f720
commit 74c00383d2
2 changed files with 52 additions and 47 deletions
Download Patch File Download Diff File Expand all files Collapse all files

86
java/documentation/library-coverage/flow-model-coverage.csv
View File

@@ -1,42 +1,44 @@
package,sink,source,summary,sink:bean-validation,sink:create-file,sink:header-splitting,sink:information-leak,sink:ldap,sink:open-url,sink:set-hostname-verifier,sink:url-open-stream,sink:xpath,sink:xss,source:remote,summary:taint,summary:value
android.util,,16,,,,,,,,,,,,16,,
android.webkit,3,2,,,,,,,,,,,3,2,,
com.esotericsoftware.kryo.io,,,1,,,,,,,,,,,,1,
com.esotericsoftware.kryo5.io,,,1,,,,,,,,,,,,1,
com.fasterxml.jackson.databind,,,2,,,,,,,,,,,,2,
com.google.common.base,,,28,,,,,,,,,,,,22,6
com.google.common.io,6,,69,,,,,,,,6,,,,68,1
com.unboundid.ldap.sdk,17,,,,,,,17,,,,,,,,
java.beans,,,1,,,,,,,,,,,,1,
java.io,3,,20,,3,,,,,,,,,,20,
java.lang,,,1,,,,,,,,,,,,1,
java.net,2,3,4,,,,,,2,,,,,3,4,
java.nio,10,,2,,10,,,,,,,,,,2,
java.util,,,13,,,,,,,,,,,,13,
javax.naming.directory,1,,,,,,,1,,,,,,,,
javax.net.ssl,2,,,,,,,,,2,,,,,,
javax.servlet,4,21,2,,,3,1,,,,,,,21,2,
javax.validation,1,1,,1,,,,,,,,,,1,,
javax.ws.rs.core,1,,,,,1,,,,,,,,,,
javax.xml.transform.sax,,,4,,,,,,,,,,,,4,
javax.xml.transform.stream,,,2,,,,,,,,,,,,2,
javax.xml.xpath,3,,,,,,,,,,,3,,,,
org.apache.commons.codec,,,2,,,,,,,,,,,,2,
org.apache.commons.io,,,22,,,,,,,,,,,,22,
org.apache.commons.lang3,,,313,,,,,,,,,,,,299,14
org.apache.commons.text,,,203,,,,,,,,,,,,203,
org.apache.directory.ldap.client.api,1,,,,,,,1,,,,,,,,
org.apache.hc.core5.function,,,1,,,,,,,,,,,,1,
org.apache.hc.core5.http,1,2,39,,,,,,,,,,1,2,39,
org.apache.hc.core5.net,,,2,,,,,,,,,,,,2,
org.apache.hc.core5.util,,,22,,,,,,,,,,,,18,4
org.apache.http,2,3,66,,,,,,,,,,2,3,59,7
org.dom4j,20,,,,,,,,,,,20,,,,
org.springframework.ldap.core,14,,,,,,,14,,,,,,,,
org.springframework.security.web.savedrequest,,6,,,,,,,,,,,,6,,
org.springframework.web.client,,3,,,,,,,,,,,,3,,
org.springframework.web.context.request,,8,,,,,,,,,,,,8,,
org.springframework.web.multipart,,12,,,,,,,,,,,,12,,
org.xml.sax,,,1,,,,,,,,,,,,1,
org.xmlpull.v1,,3,,,,,,,,,,,,3,,
play.mvc,,4,,,,,,,,,,,,4,,
package,sink,source,summary,sink:bean-validation,sink:create-file,sink:header-splitting,sink:information-leak,sink:jexl,sink:ldap,sink:open-url,sink:set-hostname-verifier,sink:url-open-stream,sink:xpath,sink:xss,source:remote,summary:taint,summary:value
android.util,,16,,,,,,,,,,,,,16,,
android.webkit,3,2,,,,,,,,,,,,3,2,,
com.esotericsoftware.kryo.io,,,1,,,,,,,,,,,,,1,
com.esotericsoftware.kryo5.io,,,1,,,,,,,,,,,,,1,
com.fasterxml.jackson.databind,,,3,,,,,,,,,,,,,3,
com.google.common.base,,,34,,,,,,,,,,,,,28,6
com.google.common.io,6,,73,,,,,,,,,6,,,,72,1
com.unboundid.ldap.sdk,17,,,,,,,,17,,,,,,,,
java.beans,,,1,,,,,,,,,,,,,1,
java.io,3,,20,,3,,,,,,,,,,,20,
java.lang,,,3,,,,,,,,,,,,,1,2
java.net,2,3,4,,,,,,,2,,,,,3,4,
java.nio,10,,2,,10,,,,,,,,,,,2,
java.util,,,283,,,,,,,,,,,,,15,268
javax.naming.directory,1,,,,,,,,1,,,,,,,,
javax.net.ssl,2,,,,,,,,,,2,,,,,,
javax.servlet,4,21,2,,,3,1,,,,,,,,21,2,
javax.validation,1,1,,1,,,,,,,,,,,1,,
javax.ws.rs.core,1,,,,,1,,,,,,,,,,,
javax.xml.transform.sax,,,4,,,,,,,,,,,,,4,
javax.xml.transform.stream,,,2,,,,,,,,,,,,,2,
javax.xml.xpath,3,,,,,,,,,,,,3,,,,
org.apache.commons.codec,,,2,,,,,,,,,,,,,2,
org.apache.commons.io,,,22,,,,,,,,,,,,,22,
org.apache.commons.jexl2,15,,,,,,,15,,,,,,,,,
org.apache.commons.jexl3,15,,,,,,,15,,,,,,,,,
org.apache.commons.lang3,,,370,,,,,,,,,,,,,324,46
org.apache.commons.text,,,272,,,,,,,,,,,,,220,52
org.apache.directory.ldap.client.api,1,,,,,,,,1,,,,,,,,
org.apache.hc.core5.function,,,1,,,,,,,,,,,,,1,
org.apache.hc.core5.http,1,2,39,,,,,,,,,,,1,2,39,
org.apache.hc.core5.net,,,2,,,,,,,,,,,,,2,
org.apache.hc.core5.util,,,24,,,,,,,,,,,,,18,6
org.apache.http,2,3,67,,,,,,,,,,,2,3,59,8
org.dom4j,20,,,,,,,,,,,,20,,,,
org.springframework.ldap.core,14,,,,,,,,14,,,,,,,,
org.springframework.security.web.savedrequest,,6,,,,,,,,,,,,,6,,
org.springframework.web.client,,3,,,,,,,,,,,,,3,,
org.springframework.web.context.request,,8,,,,,,,,,,,,,8,,
org.springframework.web.multipart,,12,,,,,,,,,,,,,12,,
org.xml.sax,,,1,,,,,,,,,,,,,1,
org.xmlpull.v1,,3,,,,,,,,,,,,,3,,
play.mvc,,4,,,,,,,,,,,,,4,,
1 package sink source summary sink:bean-validation sink:create-file sink:header-splitting sink:information-leak sink:jexl sink:ldap sink:open-url sink:set-hostname-verifier sink:url-open-stream sink:xpath sink:xss source:remote summary:taint summary:value
2 android.util 16 16
3 android.webkit 3 2 3 2
4 com.esotericsoftware.kryo.io 1 1
5 com.esotericsoftware.kryo5.io 1 1
6 com.fasterxml.jackson.databind 2 3 2 3
7 com.google.common.base 28 34 22 28 6
8 com.google.common.io 6 69 73 6 68 72 1
9 com.unboundid.ldap.sdk 17 17
10 java.beans 1 1
11 java.io 3 20 3 20
12 java.lang 1 3 1 2
13 java.net 2 3 4 2 3 4
14 java.nio 10 2 10 2
15 java.util 13 283 13 15 268
16 javax.naming.directory 1 1
17 javax.net.ssl 2 2
18 javax.servlet 4 21 2 3 1 21 2
19 javax.validation 1 1 1 1
20 javax.ws.rs.core 1 1
21 javax.xml.transform.sax 4 4
22 javax.xml.transform.stream 2 2
23 javax.xml.xpath 3 3
24 org.apache.commons.codec 2 2
25 org.apache.commons.io 22 22
26 org.apache.commons.lang3 org.apache.commons.jexl2 15 313 15 299 14
27 org.apache.commons.text org.apache.commons.jexl3 15 203 15 203
28 org.apache.directory.ldap.client.api org.apache.commons.lang3 1 370 1 324 46
29 org.apache.hc.core5.function org.apache.commons.text 1 272 1 220 52
30 org.apache.hc.core5.http org.apache.directory.ldap.client.api 1 2 39 1 1 2 39
31 org.apache.hc.core5.net org.apache.hc.core5.function 2 1 2 1
32 org.apache.hc.core5.util org.apache.hc.core5.http 1 2 22 39 1 2 18 39 4
33 org.apache.http org.apache.hc.core5.net 2 3 66 2 2 3 59 2 7
34 org.dom4j org.apache.hc.core5.util 20 24 20 18 6
35 org.springframework.ldap.core org.apache.http 14 2 3 67 14 2 3 59 8
36 org.springframework.security.web.savedrequest org.dom4j 20 6 20 6
37 org.springframework.web.client org.springframework.ldap.core 14 3 14 3
38 org.springframework.web.context.request org.springframework.security.web.savedrequest 8 6 8 6
39 org.springframework.web.multipart org.springframework.web.client 12 3 12 3
40 org.xml.sax org.springframework.web.context.request 8 1 8 1
41 org.xmlpull.v1 org.springframework.web.multipart 3 12 3 12
42 play.mvc org.xml.sax 4 1 4 1
43 org.xmlpull.v1 3 3
44 play.mvc 4 4

13
java/documentation/library-coverage/flow-model-coverage.rst
View File

@@ -8,12 +8,15 @@ Java framework & library support
Framework / library,Package,Remote flow sources,Taint & value steps,Sinks (total),`CWE022` :sub:`Path injection`,`CWE036` :sub:`Path traversal`,`CWE079` :sub:`Cross-site scripting`,`CWE089` :sub:`SQL injection`,`CWE090` :sub:`LDAP injection`,`CWE094` :sub:`Code injection`,`CWE319` :sub:`Cleartext transmission`
Android,``android.*``,18,,3,,,3,,,,
Apache,``org.apache.*``,5,648,4,,,3,,1,,
`Apache Commons IO <https://commons.apache.org/proper/commons-io/>`_,``org.apache.commons.io``,,22,,,,,,,,
Google,``com.google.common.*``,,97,6,,6,,,,,
Java Standard Library,``java.*``,3,41,15,13,,,,,,2
`Apache Commons Lang <https://commons.apache.org/proper/commons-lang/>`_,``org.apache.commons.lang3``,,370,,,,,,,,
`Apache Commons Text <https://commons.apache.org/proper/commons-text/>`_,``org.apache.commons.text``,,272,,,,,,,,
`Apache HttpComponents <https://hc.apache.org/>`_,``org.apache.hc.core5.*``,2,66,1,,,1,,,,
`Apache HttpComponents <https://hc.apache.org/>`_,``org.apache.http``,3,67,2,,,2,,,,
`Google Guava <https://guava.dev/>`_,``com.google.common.*``,,107,6,,6,,,,,
Java Standard Library,``java.*``,3,313,15,13,,,,,,2
Java extensions,``javax.*``,22,8,12,,,,,1,1,
`Spring <https://spring.io/>`_,``org.springframework.*``,29,,14,,,,,14,,
Others,"``com.esotericsoftware.kryo.io``, ``com.esotericsoftware.kryo5.io``, ``com.fasterxml.jackson.databind``, ``com.unboundid.ldap.sdk``, ``org.dom4j``, ``org.xml.sax``, ``org.xmlpull.v1``, ``play.mvc``",7,5,37,,,,,17,,
Totals,,84,821,91,13,6,6,,33,1,2
Others,"``com.esotericsoftware.kryo.io``, ``com.esotericsoftware.kryo5.io``, ``com.fasterxml.jackson.databind``, ``com.unboundid.ldap.sdk``, ``org.apache.commons.codec``, ``org.apache.commons.jexl2``, ``org.apache.commons.jexl3``, ``org.apache.directory.ldap.client.api``, ``org.dom4j``, ``org.xml.sax``, ``org.xmlpull.v1``, ``play.mvc``",7,8,68,,,,,18,,
Totals,,84,1233,121,13,6,6,,33,1,2