diff --git a/docs/en/taint-analysis.adoc b/docs/en/taint-analysis.adoc
index 26e290483..fb3eb1076 100644
--- a/docs/en/taint-analysis.adoc
+++ b/docs/en/taint-analysis.adoc
@@ -15,6 +15,7 @@ Taint analysis can be enabled in one of two ways, or both approaches together:
 
 * using the programmatic configuration provider.
 
+[[yaml-configuration-file]]
 === YAML Configuration File
 
 In Tai-e, taint analysis is designed and implemented as a plugin of pointer analysis framework.
@@ -513,3 +514,95 @@ then you can open the TFG with your web browser and examine it.
 NOTE: We plan to develop more user-friendly mechanisms for examining taint analysis results in the future.
 
 // TODO: == Troubleshooting
+
+== Pre-prepared Commonly Used Taint Configuration
+
+Manually collecting and writing taint analysis configurations for different vulnerability types can be time-consuming and challenging, especially for developers and security researchers with limited experience.
+To help users streamline this process and improve the efficiency and accuracy of vulnerability detection, we have curated _Commonly Used Taint Configuration_. 
+When creating or modifying your own taint analysis configuration, you can refer to this configuration for guidance in your process.
+
+Commonly Used Taint Configuration is a comprehensive collection of source, sink, and transfer rules tailored for various common vulnerability types.
+ Currently, this collection contains 327 source rules, 920 sink rules, and 138 transfer rules, enabling users to adapt and extend them to detect 13 types of vulnerabilities.
+
+To further enhance the user experience, we have also carefully organized the project structure by packages and vulnerability types to ensure clarity and ease of understanding of the rules, allowing users to quickly locate and apply the relevant rules.
+
+
+=== Organizational structure
+
+The structure of this project is as follows:
+
+[source]
+----
+Tai-e/src/main/resources/commonly-used-taint-config
+├── sink
+│   ├── infoleak              # contains 141 sinks
+│   │   └── java-io
+│   └── injection             # contains 779 sinks
+│       ├── android
+│       │   └── sql-injection
+│       ├── java
+│       │   ├── crlf
+│       │   ├── path-traversal
+│       │   ├── rce
+│       │   └── ...
+│       └── ...
+├── source
+│   ├── infoleak              # contains 158 sources
+│   │   └── java
+│   └── injection             # contains 169 sources
+│       ├── apache-struts2
+│       ├── javax
+│       │   ├── javax-portlet
+│       │   ├── javax-servlet
+│       │   └── javax-swing
+│       └── ...
+└── transfer                  # contains 138 transfers about String
+----
+
+Specifically, this project firstly categorizes the configuration files into three main categories: sink, source, and transfer.
+
+* `sink` category: Contains sinks configurations files related to information leakage and injection vulnerabilities, further subdivided into two subdirectories:
+** `infoleak`: Categorized by package name.
+** `injection`: Categorized by vulnerability type.
+
+* `source` category: Contains sources configurations related to information leakage and injection vulnerabilities, further subdivided into two subdirectories:
+** `infoleak`: Categorized by package name.
+** `injection`: Categorized by package name.
+
+* `transfer` category: Contains transfers.
+
+Additionally, each subdirectory contains a corresponding `README` file that provides a brief overview of the relevant vulnerability types.
+
+=== How to Use it? (An Example)
+
+Users can directly integrate the configuration files from this collection into the <<yaml-configuration-file,Configuration File for the Tai-e taint analysis>>,
+or modify and extend them as needed to better meet specific analysis requirements.
+
+Here is an example of how to use the configuration files from this collection.
+If the user needs to detect an RCE (Remote Code Execution) injection vulnerability in a Java project using the *Jetty software library*, the following steps can be taken to modify the taint configuration file:
+
+1. Add the source rules related to the *Jetty software library* from the file `source/injection/jetty/jetty-http/jetty-http.yml`.
+2. Add the sink rules related to the *RCE type injection vulnerability* from the file `sink/injection/java/rce/command.yml`.
+3. Add the transfer rules related to *String type* from the file `transfer/string-transfers.yml`.
+
+After these steps, the taint configuration file will be as follows:
+
+```YAML
+source:
+  - { kind: call, method: "<org.eclipse.jetty.http.HttpCookie: java.lang.String getName()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<org.eclipse.jetty.http.HttpCookie: java.lang.String getValue()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<org.eclipse.jetty.http.HttpCookie: java.lang.String asString()>", index: result, type: "java.lang.String" }
+#...
+
+sinks:
+  - { method: "<java.lang.Runtime: java.lang.Process exec(java.lang.String)>", index: 0 }
+  - { method: "<java.lang.Runtime: java.lang.Process exec(java.lang.String[])>", index: 0 }
+  - { method: "<java.lang.Runtime: java.lang.Process exec(java.lang.String, java.lang.String[])>", index: 0 }
+#...
+
+transfer:
+  - { method: "<java.lang.String: java.lang.String substring(int)>", from: base, to: result }
+  - { method: "<java.lang.String: java.lang.String substring(int,int)>", from: base, to: result }
+#...
+```
+
diff --git a/src/main/resources/commonly-used-taint-config/sink/infoleak/java-io/README.adoc b/src/main/resources/commonly-used-taint-config/sink/infoleak/java-io/README.adoc
new file mode 100644
index 000000000..b208f0ef8
--- /dev/null
+++ b/src/main/resources/commonly-used-taint-config/sink/infoleak/java-io/README.adoc
@@ -0,0 +1,10 @@
+= Description
+
+- **Overview**: 
+    The sinks in this directory are composed of output-related APIs from the Java standard library's `io` package, primarily including the `write` functions in various output component classes.
+
+- **Common Use Cases**:
+    These APIs are commonly used to output data carried by parameters to specified locations, such as files or command lines.
+
+- **Security Risks**:
+    Information Disclosure: Attackers can use these APIs to output sensitive information to a specified location, allowing them to exploit the acquired data for illegal activities such as extortion.
\ No newline at end of file
diff --git a/src/main/resources/commonly-used-taint-config/sink/infoleak/java-io/java-io.yml b/src/main/resources/commonly-used-taint-config/sink/infoleak/java-io/java-io.yml
new file mode 100644
index 000000000..c762ad10d
--- /dev/null
+++ b/src/main/resources/commonly-used-taint-config/sink/infoleak/java-io/java-io.yml
@@ -0,0 +1,172 @@
+sinks:
+  - { method: "<java.io.BufferedOutputStream: void write(byte[],int,int)>", index: 0 }
+  - { method: "<java.io.BufferedOutputStream: void write(int)>", index: 0 }
+
+  - { method: "<java.io.BufferedWriter: void write(char[],int,int)>", index: 0 }
+  - { method: "<java.io.BufferedWriter: void write(int)>", index: 0 }
+  - { method: "<java.io.BufferedWriter: void write(java.lang.String,int,int)>", index: 0 }
+
+  - { method: "<java.io.ByteArrayOutputStream: void write(byte[],int,int)>", index: 0 }
+  - { method: "<java.io.ByteArrayOutputStream: void write(int)>", index: 0 }
+  - { method: "<java.io.ByteArrayOutputStream: void writeTo(java.io.OutputStream)>", index: 0 }
+
+  - { method: "<java.io.CharArrayWriter: void write(char[],int,int)>", index: 0 }
+  - { method: "<java.io.CharArrayWriter: void write(int)>", index: 0 }
+  - { method: "<java.io.CharArrayWriter: void write(java.lang.String,int,int)>", index: 0 }
+  - { method: "<java.io.CharArrayWriter: void writeTo(java.io.Writer)>", index: 0 }
+  - { method: "<java.io.CharArrayWriter: java.lang.CharSequence append(java.lang.CharSequence)>", index: 0 }
+  - { method: "<java.io.CharArrayWriter: java.lang.CharSequence append(java.lang.CharSequence,int,int)>", index: 0 }
+  - { method: "<java.io.CharArrayWriter: java.lang.CharSequence append(char)>", index: 0 }
+
+
+  - { method: "<java.io.DataOutputStream: void write(int)>", index: 0 }
+  - { method: "<java.io.DataOutputStream: void write(byte[],int,int)>", index: 0 }
+  - { method: "<java.io.DataOutputStream: void writeBoolean(boolean)>", index: 0 }
+  - { method: "<java.io.DataOutputStream: void writeByte(int)>", index: 0 }
+  - { method: "<java.io.DataOutputStream: void writeBytes(java.lang.String)>", index: 0 }
+  - { method: "<java.io.DataOutputStream: void writeChar(int)>", index: 0 }
+  - { method: "<java.io.DataOutputStream: void writeChars(java.lang.String)>", index: 0 }
+  - { method: "<java.io.DataOutputStream: void writeDouble(double)>", index: 0 }
+  - { method: "<java.io.DataOutputStream: void writeFloat(float)>", index: 0 }
+  - { method: "<java.io.DataOutputStream: void writeInt(int)>", index: 0 }
+  - { method: "<java.io.DataOutputStream: void writeLong(long)>", index: 0 }
+  - { method: "<java.io.DataOutputStream: void writeShort(int)>", index: 0 }
+  - { method: "<java.io.DataOutputStream: void writeUTF(java.lang.String)>", index: 0 }
+
+  - { method: "<java.io.FileOutputStream: void write(byte[],int,int)>", index: 0 }
+  - { method: "<java.io.FileOutputStream: void write(int)>", index: 0 }
+  - { method: "<java.io.FileOutputStream: void write(byte[])>", index: 0 }
+
+  - { method: "<java.io.FilterOutputStream: void write(byte[])>", index: 0 }
+  - { method: "<java.io.FilterOutputStream: void write(byte[],int,int)>", index: 0 }
+  - { method: "<java.io.FilterOutputStream: void write(int)>", index: 0 }
+
+  - { method: "<java.io.ObjectOutputStream: void write(int)>", index: 0 }
+  - { method: "<java.io.ObjectOutputStream: void write(byte[])>", index: 0 }
+  - { method: "<java.io.ObjectOutputStream: void write(byte[],int,int)>", index: 0 }
+  - { method: "<java.io.ObjectOutputStream: void writeBoolean(boolean)>", index: 0 }
+  - { method: "<java.io.ObjectOutputStream: void writeByte(int)>", index: 0 }
+  - { method: "<java.io.ObjectOutputStream: void writeBytes(java.lang.String)>", index: 0 }
+  - { method: "<java.io.ObjectOutputStream: void writeChar(int)>", index: 0 }
+  - { method: "<java.io.ObjectOutputStream: void writeChars(java.lang.String)>", index: 0 }
+  - { method: "<java.io.ObjectOutputStream: void writeDouble(double)>", index: 0 }
+  - { method: "<java.io.ObjectOutputStream: void writeFloat(float)>", index: 0 }
+  - { method: "<java.io.ObjectOutputStream: void writeInt(int)>", index: 0 }
+  - { method: "<java.io.ObjectOutputStream: void writeLong(long)>", index: 0 }
+  - { method: "<java.io.ObjectOutputStream: void writeObject(java.lang.Object)>", index: 0 }
+  - { method: "<java.io.ObjectOutputStream: void writeShort(int)>", index: 0 }
+  - { method: "<java.io.ObjectOutputStream: void writeUTF(java.lang.String)>", index: 0 }
+  - { method: "<java.io.ObjectOutputStream: void defaultWriteObject()>", index: 0 }
+  - { method: "<java.io.ObjectOutputStream: void writeUnshared(java.lang.Object)>", index: 0 }
+
+  - { method: "<java.io.ObjectOutputStream.PutFiled: void put(java.lang.String,boolean)>", index: 0 }
+  - { method: "<java.io.ObjectOutputStream.PutFiled: void put(java.lang.String,byte)>", index: 0 }
+  - { method: "<java.io.ObjectOutputStream.PutFiled: void put(java.lang.String,char)>", index: 0 }
+  - { method: "<java.io.ObjectOutputStream.PutFiled: void put(java.lang.String,short)>", index: 0 }
+  - { method: "<java.io.ObjectOutputStream.PutFiled: void put(java.lang.String,int)>", index: 0 }
+  - { method: "<java.io.ObjectOutputStream.PutFiled: void put(java.lang.String,long)>", index: 0 }
+  - { method: "<java.io.ObjectOutputStream.PutFiled: void put(java.lang.String,float)>", index: 0 }
+  - { method: "<java.io.ObjectOutputStream.PutFiled: void put(java.lang.String,double)>", index: 0 }
+  - { method: "<java.io.ObjectOutputStream.PutFiled: void put(java.lang.String,java.lang.Object)>", index: 0 }
+  - { method: "<java.io.ObjectOutputStream.PutFiled: void write(java.io.ObjectOutput)>", index: 0 }
+
+  - { method: "<java.io.RandomAccessFile: void write(byte[],int,int)>", index: 0 }
+  - { method: "<java.io.RandomAccessFile: void write(int)>", index: 0 }
+  - { method: "<java.io.RandomAccessFile: void write(byte[])>", index: 0 }
+
+  - { method: "<java.io.OutputStream: void write(byte[],int,int)>", index: 0 }
+  - { method: "<java.io.OutputStream: void write(byte[])>", index: 0 }
+  - { method: "<java.io.OutputStream: void write(int)>", index: 0 }
+
+  - { method: "<java.io.OutputStreamWriter: void write(java.lang.String,int,int)>", index: 0 }
+  - { method: "<java.io.OutputStreamWriter: void write(char[],int,int)>", index: 0 }
+  - { method: "<java.io.OutputStreamWriter: void write(int)>", index: 0 }
+
+  - { method: "<java.io.PipedOutputStream: void write(byte[],int,int)>", index: 0 }
+  - { method: "<java.io.PipedOutputStream: void write(int)>", index: 0 }
+
+  - { method: "<java.io.PipedWriter: void write(char[],int,int)>", index: 0 }
+  - { method: "<java.io.PipedWriter: void write(int)>", index: 0 }
+
+  - { method: "<java.io.PrintStream: void print(boolean)>", index: 0 }
+  - { method: "<java.io.PrintStream: void print(char)>", index: 0 }
+  - { method: "<java.io.PrintStream: void print(int)>", index: 0 }
+  - { method: "<java.io.PrintStream: void print(long)>", index: 0 }
+  - { method: "<java.io.PrintStream: void print(float)>", index: 0 }
+  - { method: "<java.io.PrintStream: void print(double)>", index: 0 }
+  - { method: "<java.io.PrintStream: void print(char[])>", index: 0 }
+  - { method: "<java.io.PrintStream: void print(java.lang.String)>", index: 0 }
+  - { method: "<java.io.PrintStream: void print(java.lang.Object)>", index: 0 }
+
+  - { method: "<java.io.PrintStream: void println(boolean)>", index: 0 }
+  - { method: "<java.io.PrintStream: void println(char)>", index: 0 }
+  - { method: "<java.io.PrintStream: void println(int)>", index: 0 }
+  - { method: "<java.io.PrintStream: void println(long)>", index: 0 }
+  - { method: "<java.io.PrintStream: void println(float)>", index: 0 }
+  - { method: "<java.io.PrintStream: void println(double)>", index: 0 }
+  - { method: "<java.io.PrintStream: void println(char[])>", index: 0 }
+  - { method: "<java.io.PrintStream: void println(java.lang.String)>", index: 0 }
+  - { method: "<java.io.PrintStream: void println(java.lang.Object)>", index: 0 }
+
+  - { method: "<java.io.PrintStream: java.io.PrintStream printf(java.util.Locale,java.lang.String,java.lang.Object[])>", index: 2 }
+  - { method: "<java.io.PrintStream: java.io.PrintStream printf(java.lang.String,java.lang.Object[])>", index: 1 }
+
+  - { method: "<java.io.PrintStream: java.io.PrintStream append(java.lang.CharSequence)>", index: 0 }
+  - { method: "<java.io.PrintStream: java.io.PrintStream append(java.lang.CharSequence,int,int)>", index: 0 }
+  - { method: "<java.io.PrintStream: java.io.PrintStream append(char)>", index: 0 }
+
+  - { method: "<java.io.PrintStream: java.io.PrintStream format(java.lang.String,java.lang.Object[])>", index: 1 }
+  - { method: "<java.io.PrintStream: java.io.PrintStream format(java.util.Locale,java.lang.String,java.lang.Object[])>", index: 2 }
+
+  - { method: "<java.io.PrintStream: void write(int)>", index: 0 }
+  - { method: "<java.io.PrintStream: void write(byte[],int,int)>", index: 0 }
+
+
+  - { method: "<java.io.PrintWriter: void print(boolean)>", index: 0 }
+  - { method: "<java.io.PrintWriter: void print(char)>", index: 0 }
+  - { method: "<java.io.PrintWriter: void print(int)>", index: 0 }
+  - { method: "<java.io.PrintWriter: void print(long)>", index: 0 }
+  - { method: "<java.io.PrintWriter: void print(float)>", index: 0}
+
+  - { method: "<java.io.PrintWriter: void write(char[],int,int)>", index: 0 }
+  - { method: "<java.io.PrintWriter: void write(int)>", index: 0 }
+  - { method: "<java.io.PrintWriter: void write(java.lang.String,int,int)>", index: 0 }
+  - { method: "<java.io.PrintWriter: void write(java.lang.String)>", index: 0 }
+  - { method: "<java.io.PrintWriter: void write(char[])>", index: 0 }
+
+  - { method: "<java.io.PrintWriter: void println(boolean)>", index: 0 }
+  - { method: "<java.io.PrintWriter: void println(char)>", index: 0 }
+  - { method: "<java.io.PrintWriter: void println(char[])>", index: 0 }
+  - { method: "<java.io.PrintWriter: void println(double)>", index: 0 }
+  - { method: "<java.io.PrintWriter: void println(float)>", index: 0 }
+  - { method: "<java.io.PrintWriter: void println(int)>", index: 0 }
+  - { method: "<java.io.PrintWriter: void println(long)>", index: 0 }
+  - { method: "<java.io.PrintWriter: void println(java.lang.Object)>", index: 0 }
+  - { method: "<java.io.PrintWriter: void println(java.lang.String)>", index: 0 }
+
+  - { method: "<java.io.PrintWriter: java.io.PrintWriter append(java.lang.CharSequence)>", index: 0 }
+  - { method: "<java.io.PrintWriter: java.io.PrintWriter append(java.lang.CharSequence,int,int)>", index: 0 }
+  - { method: "<java.io.PrintWriter: java.io.PrintWriter append(char)>", index: 0 }
+
+  - { method: "<java.io.PrintWrite: java.io.PrintWrite printf(java.util.Locale,java.lang.String,java.lang.Object[])>", index: 2 }
+  - { method: "<java.io.PrintWrite: java.io.PrintWrite printf(java.lang.String,java.lang.Object[])>", index: 1 }
+
+  - { method: "<java.io.StringWriter: java.io.StringWriter append(java.lang.CharSequence)>", index: 0 }
+  - { method: "<java.io.StringWriter: java.io.StringWriter append(java.lang.CharSequence,int,int)>", index: 0 }
+  - { method: "<java.io.StringWriter: java.io.StringWriter append(char)>", index: 0 }
+
+  - { method: "<java.io.StringWriter: void write(char[],int,int)>", index: 0 }
+  - { method: "<java.io.StringWriter: void write(int)>", index: 0 }
+  - { method: "<java.io.StringWriter: void write(java.lang.String,int,int)>", index: 0 }
+  - { method: "<java.io.StringWriter: void write(java.lang.String)>", index: 0 }
+  - { method: "<java.io.StringWriter: void write(char[])>", index: 0 }
+
+  - { method: "<java.io.Writer: java.io.Writer append(java.lang.CharSequence)>", index: 0 }
+  - { method: "<java.io.Writer: java.io.Writer append(java.lang.CharSequence,int,int)>", index: 0 }
+  - { method: "<java.io.Writer: java.io.Writer append(char)>", index: 0 }
+
+  - { method: "<java.io.Writer: void write(char[],int,int)>", index: 0 }
+  - { method: "<java.io.Writer: void write(int)>", index: 0 }
+  - { method: "<java.io.Writer: void write(java.lang.String,int,int)>", index: 0 }
+  - { method: "<java.io.Writer: void write(java.lang.String)>", index: 0 }
+  - { method: "<java.io.Writer: void write(char[])>", index: 0 }
diff --git a/src/main/resources/commonly-used-taint-config/sink/injection/android/sql-injection/ContentProvider.yml b/src/main/resources/commonly-used-taint-config/sink/injection/android/sql-injection/ContentProvider.yml
new file mode 100644
index 000000000..351c9845f
--- /dev/null
+++ b/src/main/resources/commonly-used-taint-config/sink/injection/android/sql-injection/ContentProvider.yml
@@ -0,0 +1,5 @@
+sinks:
+  - { method: "<android.content.ContentProvider: android.database.Cursor query(android.net.Uri,java.lang.String[],java.lang.String[],java.lang.String,java.lang.String)>", index: 2 }
+  - { method: "<android.content.ContentProvider: android.database.Cursor query(android.net.Uri,java.lang.String[],java.lang.String[],java.lang.String,java.lang.String,android.os.CancellationSignal)>", index: 3 }
+  - { method: "<android.content.ContentProvider: int delete(android.net.Uri,java.lang.String,java.lang.String[])>", index: 1 }
+  - { method: "<android.content.ContentProvider: int update(android.net.Uri,android.content.ContentValues,java.lang.String,java.lang.String[])>", index: 1 }
diff --git a/src/main/resources/commonly-used-taint-config/sink/injection/android/sql-injection/DatabaseUtils.yml b/src/main/resources/commonly-used-taint-config/sink/injection/android/sql-injection/DatabaseUtils.yml
new file mode 100644
index 000000000..3e4ead79a
--- /dev/null
+++ b/src/main/resources/commonly-used-taint-config/sink/injection/android/sql-injection/DatabaseUtils.yml
@@ -0,0 +1,6 @@
+sinks:
+  - { method: "<android.database.DatabaseUtils: long longForQuery(android.database.sqlite.SQLiteDatabase,java.lang.String,java.lang.String[])>", index: 1 }
+  - { method: "<android.database.DatabaseUtils: java.lang.String stringForQuery(android.database.sqlite.SQLiteDatabase,java.lang.String,java.lang.String[])>", index: 1 }
+  - { method: "<android.database.DatabaseUtils: android.os.ParcelFileDescriptor blobFileDescriptorForQuery(android.database.sqlite.SQLiteDatabase,java.lang.String,java.lang.String[])>", index: 1 }
+  - { method: "<android.database.DatabaseUtils: void createDbFromSqlStatements(android.content.Context,java.lang.String,int,java.lang.String)>", index: 0 }
+
diff --git a/src/main/resources/commonly-used-taint-config/sink/injection/android/sql-injection/README.adoc b/src/main/resources/commonly-used-taint-config/sink/injection/android/sql-injection/README.adoc
new file mode 100644
index 000000000..2edb66c65
--- /dev/null
+++ b/src/main/resources/commonly-used-taint-config/sink/injection/android/sql-injection/README.adoc
@@ -0,0 +1,10 @@
+= Description
+
+- **Overview**: 
+    The sinks in this directory consist of Android database SQL-related APIs, including but not limited to `query`, `update`, `delete`, and other methods. Their main functionality is to perform database queries and update operations.
+
+- **Common Use Cases**:
+    These APIs are commonly used for handling user-inputted data for queries, data insertion, data updates, data deletion, and SQL statement execution. Users typically have some level of control over the parameters.
+
+- **Security Risks**:
+    SQL Injection: Attackers can exploit these APIs by constructing malicious input to inject SQL commands, thereby gaining control over the database.
\ No newline at end of file
diff --git a/src/main/resources/commonly-used-taint-config/sink/injection/android/sql-injection/SQLiteDatabase.yml b/src/main/resources/commonly-used-taint-config/sink/injection/android/sql-injection/SQLiteDatabase.yml
new file mode 100644
index 000000000..49d80f38a
--- /dev/null
+++ b/src/main/resources/commonly-used-taint-config/sink/injection/android/sql-injection/SQLiteDatabase.yml
@@ -0,0 +1,58 @@
+sinks:
+  - { method: "<android.database.sqlite.SQLiteDatabase: android.database.sqlite.SQLiteStatement compileStatement(java.lang.String)>", index: 0 }
+
+  - { method: "<android.database.sqlite.SQLiteDatabase: android.database.Cursor query(boolean,java.lang.String,java.lang.String[],java.lang.String,java.lang.String[],java.lang.String,java.lang.String,java.lang.String,java.lang.String)>", index: 0 }
+  - { method: "<android.database.sqlite.SQLiteDatabase: android.database.Cursor query(boolean,java.lang.String,java.lang.String[],java.lang.String,java.lang.String[],java.lang.String,java.lang.String,java.lang.String,java.lang.String)>", index: 1 }
+  - { method: "<android.database.sqlite.SQLiteDatabase: android.database.Cursor query(boolean,java.lang.String,java.lang.String[],java.lang.String,java.lang.String[],java.lang.String,java.lang.String,java.lang.String,java.lang.String)>", index: 2 }
+  - { method: "<android.database.sqlite.SQLiteDatabase: android.database.Cursor query(boolean,java.lang.String,java.lang.String[],java.lang.String,java.lang.String[],java.lang.String,java.lang.String,java.lang.String,java.lang.String)>", index: 3 }
+  - { method: "<android.database.sqlite.SQLiteDatabase: android.database.Cursor query(boolean,java.lang.String,java.lang.String[],java.lang.String,java.lang.String[],java.lang.String,java.lang.String,java.lang.String,java.lang.String)>", index: 5 }
+  - { method: "<android.database.sqlite.SQLiteDatabase: android.database.Cursor query(boolean,java.lang.String,java.lang.String[],java.lang.String,java.lang.String[],java.lang.String,java.lang.String,java.lang.String,java.lang.String)>", index: 7 }
+  - { method: "<android.database.sqlite.SQLiteDatabase: android.database.Cursor query(boolean,java.lang.String,java.lang.String[],java.lang.String,java.lang.String[],java.lang.String,java.lang.String,java.lang.String,java.lang.String,android.os.CancellationSignal)>", index: 1 }
+  - { method: "<android.database.sqlite.SQLiteDatabase: android.database.Cursor query(boolean,java.lang.String,java.lang.String[],java.lang.String,java.lang.String[],java.lang.String,java.lang.String,java.lang.String,java.lang.String,android.os.CancellationSignal)>", index: 2 }
+  - { method: "<android.database.sqlite.SQLiteDatabase: android.database.Cursor query(boolean,java.lang.String,java.lang.String[],java.lang.String,java.lang.String[],java.lang.String,java.lang.String,java.lang.String,java.lang.String,android.os.CancellationSignal)>", index: 3 }
+  - { method: "<android.database.sqlite.SQLiteDatabase: android.database.Cursor query(boolean,java.lang.String,java.lang.String[],java.lang.String,java.lang.String[],java.lang.String,java.lang.String,java.lang.String,java.lang.String,android.os.CancellationSignal)>", index: 4 }
+  - { method: "<android.database.sqlite.SQLiteDatabase: android.database.Cursor query(boolean,java.lang.String,java.lang.String[],java.lang.String,java.lang.String[],java.lang.String,java.lang.String,java.lang.String,java.lang.String,android.os.CancellationSignal)>", index: 6 }
+  - { method: "<android.database.sqlite.SQLiteDatabase: android.database.Cursor query(boolean,java.lang.String,java.lang.String[],java.lang.String,java.lang.String[],java.lang.String,java.lang.String,java.lang.String,java.lang.String,android.os.CancellationSignal)>", index: 8 }
+
+  - { method: "<android.database.sqlite.SQLiteDatabase: android.database.Cursor queryWithFactory(android.database.sqlite.SQLiteDatabase$CursorFactory,boolean,java.lang.String,java.lang.String[],java.lang.String,java.lang.String[],java.lang.String,java.lang.String,java.lang.String,java.lang.String)>", index: 0 }
+  - { method: "<android.database.sqlite.SQLiteDatabase: android.database.Cursor queryWithFactory(android.database.sqlite.SQLiteDatabase$CursorFactory,boolean,java.lang.String,java.lang.String[],java.lang.String,java.lang.String[],java.lang.String,java.lang.String,java.lang.String,java.lang.String)>", index: 1 }
+  - { method: "<android.database.sqlite.SQLiteDatabase: android.database.Cursor queryWithFactory(android.database.sqlite.SQLiteDatabase$CursorFactory,boolean,java.lang.String,java.lang.String[],java.lang.String,java.lang.String[],java.lang.String,java.lang.String,java.lang.String,java.lang.String)>", index: 2 }
+  - { method: "<android.database.sqlite.SQLiteDatabase: android.database.Cursor queryWithFactory(android.database.sqlite.SQLiteDatabase$CursorFactory,boolean,java.lang.String,java.lang.String[],java.lang.String,java.lang.String[],java.lang.String,java.lang.String,java.lang.String,java.lang.String)>", index: 3 }
+  - { method: "<android.database.sqlite.SQLiteDatabase: android.database.Cursor queryWithFactory(android.database.sqlite.SQLiteDatabase$CursorFactory,boolean,java.lang.String,java.lang.String[],java.lang.String,java.lang.String[],java.lang.String,java.lang.String,java.lang.String,java.lang.String)>", index: 5 }
+  - { method: "<android.database.sqlite.SQLiteDatabase: android.database.Cursor queryWithFactory(android.database.sqlite.SQLiteDatabase$CursorFactory,boolean,java.lang.String,java.lang.String[],java.lang.String,java.lang.String[],java.lang.String,java.lang.String,java.lang.String,java.lang.String)>", index: 7 }
+  - { method: "<android.database.sqlite.SQLiteDatabase: android.database.Cursor queryWithFactory(android.database.sqlite.SQLiteDatabase$CursorFactory,boolean,java.lang.String,java.lang.String[],java.lang.String,java.lang.String[],java.lang.String,java.lang.String,java.lang.String,java.lang.String,android.os.CancellationSignal)>", index: 1 }
+  - { method: "<android.database.sqlite.SQLiteDatabase: android.database.Cursor queryWithFactory(android.database.sqlite.SQLiteDatabase$CursorFactory,boolean,java.lang.String,java.lang.String[],java.lang.String,java.lang.String[],java.lang.String,java.lang.String,java.lang.String,java.lang.String,android.os.CancellationSignal)>", index: 2 }
+  - { method: "<android.database.sqlite.SQLiteDatabase: android.database.Cursor queryWithFactory(android.database.sqlite.SQLiteDatabase$CursorFactory,boolean,java.lang.String,java.lang.String[],java.lang.String,java.lang.String[],java.lang.String,java.lang.String,java.lang.String,java.lang.String,android.os.CancellationSignal)>", index: 3 }
+  - { method: "<android.database.sqlite.SQLiteDatabase: android.database.Cursor queryWithFactory(android.database.sqlite.SQLiteDatabase$CursorFactory,boolean,java.lang.String,java.lang.String[],java.lang.String,java.lang.String[],java.lang.String,java.lang.String,java.lang.String,java.lang.String,android.os.CancellationSignal)>", index: 4 }
+  - { method: "<android.database.sqlite.SQLiteDatabase: android.database.Cursor queryWithFactory(android.database.sqlite.SQLiteDatabase$CursorFactory,boolean,java.lang.String,java.lang.String[],java.lang.String,java.lang.String[],java.lang.String,java.lang.String,java.lang.String,java.lang.String,android.os.CancellationSignal)>", index: 6 }
+  - { method: "<android.database.sqlite.SQLiteDatabase: android.database.Cursor queryWithFactory(android.database.sqlite.SQLiteDatabase$CursorFactory,boolean,java.lang.String,java.lang.String[],java.lang.String,java.lang.String[],java.lang.String,java.lang.String,java.lang.String,java.lang.String,android.os.CancellationSignal)>", index: 8 }
+
+  - { method: "<android.database.sqlite.SQLiteDatabase: android.database.Cursor query(java.lang.String,java.lang.String[],java.lang.String,java.lang.String[],java.lang.String,java.lang.String,java.lang.String)>", index: 0 }
+  - { method: "<android.database.sqlite.SQLiteDatabase: android.database.Cursor query(java.lang.String,java.lang.String[],java.lang.String,java.lang.String[],java.lang.String,java.lang.String,java.lang.String)>", index: 1 }
+  - { method: "<android.database.sqlite.SQLiteDatabase: android.database.Cursor query(java.lang.String,java.lang.String[],java.lang.String,java.lang.String[],java.lang.String,java.lang.String,java.lang.String)>", index: 2 }
+  - { method: "<android.database.sqlite.SQLiteDatabase: android.database.Cursor query(java.lang.String,java.lang.String[],java.lang.String,java.lang.String[],java.lang.String,java.lang.String,java.lang.String)>", index: 4 }
+  - { method: "<android.database.sqlite.SQLiteDatabase: android.database.Cursor query(java.lang.String,java.lang.String[],java.lang.String,java.lang.String[],java.lang.String,java.lang.String,java.lang.String)>", index: 6 }
+  - { method: "<android.database.sqlite.SQLiteDatabase: android.database.Cursor query(java.lang.String,java.lang.String[],java.lang.String,java.lang.String[],java.lang.String,java.lang.String,java.lang.String,java.lang.String)>", index: 0 }
+  - { method: "<android.database.sqlite.SQLiteDatabase: android.database.Cursor query(java.lang.String,java.lang.String[],java.lang.String,java.lang.String[],java.lang.String,java.lang.String,java.lang.String,java.lang.String)>", index: 1 }
+  - { method: "<android.database.sqlite.SQLiteDatabase: android.database.Cursor query(java.lang.String,java.lang.String[],java.lang.String,java.lang.String[],java.lang.String,java.lang.String,java.lang.String,java.lang.String)>", index: 2 }
+  - { method: "<android.database.sqlite.SQLiteDatabase: android.database.Cursor query(java.lang.String,java.lang.String[],java.lang.String,java.lang.String[],java.lang.String,java.lang.String,java.lang.String,java.lang.String)>", index: 3 }
+  - { method: "<android.database.sqlite.SQLiteDatabase: android.database.Cursor query(java.lang.String,java.lang.String[],java.lang.String,java.lang.String[],java.lang.String,java.lang.String,java.lang.String,java.lang.String)>", index: 5 }
+  - { method: "<android.database.sqlite.SQLiteDatabase: android.database.Cursor query(java.lang.String,java.lang.String[],java.lang.String,java.lang.String[],java.lang.String,java.lang.String,java.lang.String,java.lang.String)>", index: 7 }
+
+  - { method: "<android.database.sqlite.SQLiteDatabase: android.database.Cursor rawQuery(java.lang.String,java.lang.String[])>", index: 1 }
+  - { method: "<android.database.sqlite.SQLiteDatabase: android.database.Cursor rawQuery(java.lang.String,java.lang.String[],android.os.CancellationSignal)>", index: 2 }
+
+  - { method: "<android.database.sqlite.SQLiteDatabase: android.database.Cursor rawQueryWithFactory(android.database.sqlite.SQLiteDatabase$CursorFactory,java.lang.String,java.lang.String[],java.lang.String)>", index: 0 }
+  - { method: "<android.database.sqlite.SQLiteDatabase: android.database.Cursor rawQueryWithFactory(android.database.sqlite.SQLiteDatabase$CursorFactory,java.lang.String,java.lang.String[],java.lang.String)>", index: 2 }
+  - { method: "<android.database.sqlite.SQLiteDatabase: android.database.Cursor rawQueryWithFactory(android.database.sqlite.SQLiteDatabase$CursorFactory,java.lang.String,java.lang.String[],java.lang.String,android.os.CancellationSignal)>", index: 1 }
+  - { method: "<android.database.sqlite.SQLiteDatabase: android.database.Cursor rawQueryWithFactory(android.database.sqlite.SQLiteDatabase$CursorFactory,java.lang.String,java.lang.String[],java.lang.String,android.os.CancellationSignal)>", index: 3 }
+
+  - { method: "<android.database.sqlite.SQLiteDatabase: int delete(java.lang.String,java.lang.String,java.lang.String[])>", index: 1 }
+  - { method: "<android.database.sqlite.SQLiteDatabase: int delete(java.lang.String,java.lang.String,java.lang.String[])>", index: 2 }
+  - { method: "<android.database.sqlite.SQLiteDatabase: int update(java.lang.String,android.content.ContentValues,java.lang.String,java.lang.String[])>", index: 1 }
+  - { method: "<android.database.sqlite.SQLiteDatabase: int update(java.lang.String,android.content.ContentValues,java.lang.String,java.lang.String[])>", index: 3 }
+  - { method: "<android.database.sqlite.SQLiteDatabase: int updateWithOnConflict(java.lang.String,android.content.ContentValues,java.lang.String,java.lang.String[],int)>", index: 2 }
+  - { method: "<android.database.sqlite.SQLiteDatabase: int updateWithOnConflict(java.lang.String,android.content.ContentValues,java.lang.String,java.lang.String[],int)>", index: 4 }
+
+  - { method: "<android.database.sqlite.SQLiteDatabase: void execSQL(java.lang.String)>", index: 0 }
+  - { method: "<android.database.sqlite.SQLiteDatabase: void execSQL(java.lang.String,java.lang.Object[])>", index: 1 }
diff --git a/src/main/resources/commonly-used-taint-config/sink/injection/android/sql-injection/SQLiteQueryBuilder.yml b/src/main/resources/commonly-used-taint-config/sink/injection/android/sql-injection/SQLiteQueryBuilder.yml
new file mode 100644
index 000000000..103856665
--- /dev/null
+++ b/src/main/resources/commonly-used-taint-config/sink/injection/android/sql-injection/SQLiteQueryBuilder.yml
@@ -0,0 +1,45 @@
+sinks:
+  - { method: "<android.database.sqlite.SQLiteQueryBuilder: void appendWhere(java.lang.CharSequence)>", index: 0 }
+
+  - { method: "<android.database.sqlite.SQLiteQueryBuilder: java.lang.String buildQueryString(boolean,java.lang.String,java.lang.String[],java.lang.String,java.lang.String,java.lang.String,java.lang.String,java.lang.String)>", index: 0 }
+  - { method: "<android.database.sqlite.SQLiteQueryBuilder: java.lang.String buildQueryString(boolean,java.lang.String,java.lang.String[],java.lang.String,java.lang.String,java.lang.String,java.lang.String,java.lang.String)>", index: 1 }
+  - { method: "<android.database.sqlite.SQLiteQueryBuilder: java.lang.String buildQueryString(boolean,java.lang.String,java.lang.String[],java.lang.String,java.lang.String,java.lang.String,java.lang.String,java.lang.String)>", index: 2 }
+  - { method: "<android.database.sqlite.SQLiteQueryBuilder: java.lang.String buildQueryString(boolean,java.lang.String,java.lang.String[],java.lang.String,java.lang.String,java.lang.String,java.lang.String,java.lang.String)>", index: 3 }
+  - { method: "<android.database.sqlite.SQLiteQueryBuilder: java.lang.String buildQueryString(boolean,java.lang.String,java.lang.String[],java.lang.String,java.lang.String,java.lang.String,java.lang.String,java.lang.String)>", index: 4 }
+  - { method: "<android.database.sqlite.SQLiteQueryBuilder: java.lang.String buildQueryString(boolean,java.lang.String,java.lang.String[],java.lang.String,java.lang.String,java.lang.String,java.lang.String,java.lang.String)>", index: 6 }
+
+  - { method: "<android.database.sqlite.SQLiteQueryBuilder: android.database.Cursor query(android.database.sqlite.SQLiteDatabase,java.lang.String[],java.lang.String,java.lang.String[],java.lang.String,java.lang.String,java.lang.String)>", index: 0 }
+  - { method: "<android.database.sqlite.SQLiteQueryBuilder: android.database.Cursor query(android.database.sqlite.SQLiteDatabase,java.lang.String[],java.lang.String,java.lang.String[],java.lang.String,java.lang.String,java.lang.String)>", index: 1 }
+  - { method: "<android.database.sqlite.SQLiteQueryBuilder: android.database.Cursor query(android.database.sqlite.SQLiteDatabase,java.lang.String[],java.lang.String,java.lang.String[],java.lang.String,java.lang.String,java.lang.String)>", index: 2 }
+  - { method: "<android.database.sqlite.SQLiteQueryBuilder: android.database.Cursor query(android.database.sqlite.SQLiteDatabase,java.lang.String[],java.lang.String,java.lang.String[],java.lang.String,java.lang.String,java.lang.String)>", index: 4 }
+  - { method: "<android.database.sqlite.SQLiteQueryBuilder: android.database.Cursor query(android.database.sqlite.SQLiteDatabase,java.lang.String[],java.lang.String,java.lang.String[],java.lang.String,java.lang.String,java.lang.String,java.lang.String)>", index: 0 }
+  - { method: "<android.database.sqlite.SQLiteQueryBuilder: android.database.Cursor query(android.database.sqlite.SQLiteDatabase,java.lang.String[],java.lang.String,java.lang.String[],java.lang.String,java.lang.String,java.lang.String,java.lang.String)>", index: 1 }
+  - { method: "<android.database.sqlite.SQLiteQueryBuilder: android.database.Cursor query(android.database.sqlite.SQLiteDatabase,java.lang.String[],java.lang.String,java.lang.String[],java.lang.String,java.lang.String,java.lang.String,java.lang.String)>", index: 2 }
+  - { method: "<android.database.sqlite.SQLiteQueryBuilder: android.database.Cursor query(android.database.sqlite.SQLiteDatabase,java.lang.String[],java.lang.String,java.lang.String[],java.lang.String,java.lang.String,java.lang.String,java.lang.String)>", index: 3 }
+  - { method: "<android.database.sqlite.SQLiteQueryBuilder: android.database.Cursor query(android.database.sqlite.SQLiteDatabase,java.lang.String[],java.lang.String,java.lang.String[],java.lang.String,java.lang.String,java.lang.String,java.lang.String)>", index: 5 }
+  - { method: "<android.database.sqlite.SQLiteQueryBuilder: android.database.Cursor query(android.database.sqlite.SQLiteDatabase,java.lang.String[],java.lang.String,java.lang.String[],java.lang.String,java.lang.String,java.lang.String,java.lang.String,android.os.CancellationSignal)>", index: 1 }
+  - { method: "<android.database.sqlite.SQLiteQueryBuilder: android.database.Cursor query(android.database.sqlite.SQLiteDatabase,java.lang.String[],java.lang.String,java.lang.String[],java.lang.String,java.lang.String,java.lang.String,java.lang.String,android.os.CancellationSignal)>", index: 2 }
+  - { method: "<android.database.sqlite.SQLiteQueryBuilder: android.database.Cursor query(android.database.sqlite.SQLiteDatabase,java.lang.String[],java.lang.String,java.lang.String[],java.lang.String,java.lang.String,java.lang.String,java.lang.String,android.os.CancellationSignal)>", index: 3 }
+  - { method: "<android.database.sqlite.SQLiteQueryBuilder: android.database.Cursor query(android.database.sqlite.SQLiteDatabase,java.lang.String[],java.lang.String,java.lang.String[],java.lang.String,java.lang.String,java.lang.String,java.lang.String,android.os.CancellationSignal)>", index: 4 }
+  - { method: "<android.database.sqlite.SQLiteQueryBuilder: android.database.Cursor query(android.database.sqlite.SQLiteDatabase,java.lang.String[],java.lang.String,java.lang.String[],java.lang.String,java.lang.String,java.lang.String,java.lang.String,android.os.CancellationSignal)>", index: 6 }
+
+  - { method: "<android.database.sqlite.SQLiteQueryBuilder: java.lang.String buildQuery(java.lang.String[],java.lang.String,java.lang.String,java.lang.String,java.lang.String,java.lang.String)>", index: 0 }
+  - { method: "<android.database.sqlite.SQLiteQueryBuilder: java.lang.String buildQuery(java.lang.String[],java.lang.String,java.lang.String,java.lang.String,java.lang.String,java.lang.String)>", index: 1 }
+  - { method: "<android.database.sqlite.SQLiteQueryBuilder: java.lang.String buildQuery(java.lang.String[],java.lang.String,java.lang.String,java.lang.String,java.lang.String,java.lang.String)>", index: 2 }
+  - { method: "<android.database.sqlite.SQLiteQueryBuilder: java.lang.String buildQuery(java.lang.String[],java.lang.String,java.lang.String,java.lang.String,java.lang.String,java.lang.String)>", index: 3 }
+  - { method: "<android.database.sqlite.SQLiteQueryBuilder: java.lang.String buildQuery(java.lang.String[],java.lang.String,java.lang.String,java.lang.String,java.lang.String,java.lang.String)>", index: 4 }
+  - { method: "<android.database.sqlite.SQLiteQueryBuilder: java.lang.String buildQuery(java.lang.String[],java.lang.String,java.lang.String[],java.lang.String,java.lang.String,java.lang.String,java.lang.String)>", index: 0 }
+  - { method: "<android.database.sqlite.SQLiteQueryBuilder: java.lang.String buildQuery(java.lang.String[],java.lang.String,java.lang.String[],java.lang.String,java.lang.String,java.lang.String,java.lang.String)>", index: 1 }
+  - { method: "<android.database.sqlite.SQLiteQueryBuilder: java.lang.String buildQuery(java.lang.String[],java.lang.String,java.lang.String[],java.lang.String,java.lang.String,java.lang.String,java.lang.String)>", index: 2 }
+  - { method: "<android.database.sqlite.SQLiteQueryBuilder: java.lang.String buildQuery(java.lang.String[],java.lang.String,java.lang.String[],java.lang.String,java.lang.String,java.lang.String,java.lang.String)>", index: 3 }
+  - { method: "<android.database.sqlite.SQLiteQueryBuilder: java.lang.String buildQuery(java.lang.String[],java.lang.String,java.lang.String[],java.lang.String,java.lang.String,java.lang.String,java.lang.String)>", index: 5 }
+
+  - { method: "<android.database.sqlite.SQLiteQueryBuilder: java.lang.String buildUnionSubQuery(java.lang.String,java.lang.String[],java.util.Set,int,java.lang.String,java.lang.String,java.lang.String,java.lang.String)>", index: 0 }
+  - { method: "<android.database.sqlite.SQLiteQueryBuilder: java.lang.String buildUnionSubQuery(java.lang.String,java.lang.String[],java.util.Set,int,java.lang.String,java.lang.String,java.lang.String,java.lang.String)>", index: 1 }
+  - { method: "<android.database.sqlite.SQLiteQueryBuilder: java.lang.String buildUnionSubQuery(java.lang.String,java.lang.String[],java.util.Set,int,java.lang.String,java.lang.String,java.lang.String,java.lang.String)>", index: 2 }
+  - { method: "<android.database.sqlite.SQLiteQueryBuilder: java.lang.String buildUnionSubQuery(java.lang.String,java.lang.String[],java.util.Set,int,java.lang.String,java.lang.String,java.lang.String[],java.lang.String,java.lang.String)>", index: 0 }
+  - { method: "<android.database.sqlite.SQLiteQueryBuilder: java.lang.String buildUnionSubQuery(java.lang.String,java.lang.String[],java.util.Set,int,java.lang.String,java.lang.String,java.lang.String[],java.lang.String,java.lang.String)>", index: 1 }
+  - { method: "<android.database.sqlite.SQLiteQueryBuilder: java.lang.String buildUnionSubQuery(java.lang.String,java.lang.String[],java.util.Set,int,java.lang.String,java.lang.String,java.lang.String[],java.lang.String,java.lang.String)>", index: 3 }
+  - { method: "<android.database.sqlite.SQLiteQueryBuilder: java.lang.String buildUnionQuery(java.lang.String[],java.lang.String,java.lang.String)>", index: 0 }
+  - { method: "<android.database.sqlite.SQLiteQueryBuilder: java.lang.String buildUnionQuery(java.lang.String[],java.lang.String,java.lang.String)>", index: 1 }
+  - { method: "<android.database.sqlite.SQLiteQueryBuilder: java.lang.String buildUnionQuery(java.lang.String[],java.lang.String,java.lang.String)>", index: 2 }
\ No newline at end of file
diff --git a/src/main/resources/commonly-used-taint-config/sink/injection/apache-Xalan/xpath-injection/README.adoc b/src/main/resources/commonly-used-taint-config/sink/injection/apache-Xalan/xpath-injection/README.adoc
new file mode 100644
index 000000000..514a937bd
--- /dev/null
+++ b/src/main/resources/commonly-used-taint-config/sink/injection/apache-Xalan/xpath-injection/README.adoc
@@ -0,0 +1,10 @@
+= Description
+
+- **Overview**: 
+    Apache Xalan provides a set of methods for evaluating XPath expressions and selecting nodes within XML documents. These methods enable developers to easily locate, filter, and process specific nodes and data within XML documents.
+
+- **Common Use Cases**:
+    These APIs are commonly used to parse and execute XPath expressions, returning corresponding results based on the content of XML documents.
+
+- **Security Risks**:
+    XPath Injection: Similar to SQL injection attacks, attackers can craft malicious XPath expressions to reveal the structure of XML data or access data that would normally be restricted. If the XML data is used for user authentication, attackers could even escalate their privileges.
diff --git a/src/main/resources/commonly-used-taint-config/sink/injection/apache-Xalan/xpath-injection/xpath.yml b/src/main/resources/commonly-used-taint-config/sink/injection/apache-Xalan/xpath-injection/xpath.yml
new file mode 100644
index 000000000..85961226f
--- /dev/null
+++ b/src/main/resources/commonly-used-taint-config/sink/injection/apache-Xalan/xpath-injection/xpath.yml
@@ -0,0 +1,10 @@
+sinks:
+  - { method: "<org.apache.xpath.XPathAPI: org.apache.xpath.objects.XObject eval(org.w3c.dom.Node,java.lang.String)>", index: 0 }
+  - { method: "<org.apache.xpath.XPathAPI: org.apache.xpath.objects.XObject eval(org.w3c.dom.Node,java.lang.String,org.w3c.dom.Node)>", index: 1 }
+  - { method: "<org.apache.xpath.XPathAPI: org.apache.xpath.objects.XObject eval(org.w3c.dom.Node,java.lang.String,org.apache.xml.utils.PrefixResolver)>", index: 1 }
+  - { method: "<org.apache.xpath.XPathAPI: org.w3c.dom.traversal.NodeIterator selectNodeIterator(org.w3c.dom.Node,java.lang.String)>", index: 0 }
+  - { method: "<org.apache.xpath.XPathAPI: org.w3c.dom.traversal.NodeIterator selectNodeIterator(org.w3c.dom.Node,java.lang.String,org.w3c.dom.Node)>", index: 1 }
+  - { method: "<org.apache.xpath.XPathAPI: org.w3c.dom.NodeList selectNodeList(org.w3c.dom.Node,java.lang.String)>", index: 0 }
+  - { method: "<org.apache.xpath.XPathAPI: org.w3c.dom.NodeList selectNodeList(org.w3c.dom.Node,java.lang.String,org.w3c.dom.Node)>", index: 1 }
+  - { method: "<org.apache.xpath.XPathAPI: org.w3c.dom.Node selectSingleNode(org.w3c.dom.Node,java.lang.String)>", index: 0 }
+  - { method: "<org.apache.xpath.XPathAPI: org.w3c.dom.Node selectSingleNode(org.w3c.dom.Node,java.lang.String,org.w3c.dom.Node)>", index: 1 }
diff --git a/src/main/resources/commonly-used-taint-config/sink/injection/apache-log4j/log4j_1x/crlf/Category.yml b/src/main/resources/commonly-used-taint-config/sink/injection/apache-log4j/log4j_1x/crlf/Category.yml
new file mode 100644
index 000000000..6e72952f6
--- /dev/null
+++ b/src/main/resources/commonly-used-taint-config/sink/injection/apache-log4j/log4j_1x/crlf/Category.yml
@@ -0,0 +1,18 @@
+sinks:
+  - { method: "<org.apache.log4j.Category: void debug(java.lang.Object)>", index: 0 }
+  - { method: "<org.apache.log4j.Category: void debug(java.lang.Object,java.lang.Throwable)>", index: 1 }
+  - { method: "<org.apache.log4j.Category: void error(java.lang.Object)>", index: 0 }
+  - { method: "<org.apache.log4j.Category: void error(java.lang.Object,java.lang.Throwable)>", index: 1 }
+  - { method: "<org.apache.log4j.Category: void fatal(java.lang.Object)>", index: 0 }
+  - { method: "<org.apache.log4j.Category: void fatal(java.lang.Object,java.lang.Throwable)>", index: 1 }
+  - { method: "<org.apache.log4j.Category: void info(java.lang.Object)>", index: 0 }
+  - { method: "<org.apache.log4j.Category: void info(java.lang.Object,java.lang.Throwable)>", index: 1 }
+  - { method: "<org.apache.log4j.Category: void l7dlog(org.apache.log4j.Priority,java.lang.String,java.lang.Object[],java.lang.Throwable)>", index: 1 }
+  - { method: "<org.apache.log4j.Category: void l7dlog(org.apache.log4j.Priority,java.lang.String,java.lang.Object[],java.lang.Throwable)>", index: 2 }
+  - { method: "<org.apache.log4j.Category: void l7dlog(org.apache.log4j.Priority,java.lang.String,java.lang.Throwable)>", index: 1 }
+  - { method: "<org.apache.log4j.Category: void log(org.apache.log4j.Priority,java.lang.Object)>", index: 0 }
+  - { method: "<org.apache.log4j.Category: void log(org.apache.log4j.Priority,java.lang.Object,java.lang.Throwable)>", index: 1 }
+  - { method: "<org.apache.log4j.Category: void log(java.lang.String,org.apache.log4j.Priority,java.lang.Object,java.lang.Throwable)>", index: 1 }
+  - { method: "<org.apache.log4j.Category: void log(java.lang.String,org.apache.log4j.Priority,java.lang.Object java.lang.Throwable)>", index: 3 }
+  - { method: "<org.apache.log4j.Category: void warn(java.lang.Object)>", index: 0 }
+  - { method: "<org.apache.log4j.Category: void warn(java.lang.Object,java.lang.Throwable)>", index: 1 }
diff --git a/src/main/resources/commonly-used-taint-config/sink/injection/apache-log4j/log4j_1x/crlf/Logger.yml b/src/main/resources/commonly-used-taint-config/sink/injection/apache-log4j/log4j_1x/crlf/Logger.yml
new file mode 100644
index 000000000..c6d8c1004
--- /dev/null
+++ b/src/main/resources/commonly-used-taint-config/sink/injection/apache-log4j/log4j_1x/crlf/Logger.yml
@@ -0,0 +1,20 @@
+sinks:
+  - { method: "<org.apache.log4j.Logger: void debug(java.lang.Object)>", index: 0 }
+  - { method: "<org.apache.log4j.Logger: void debug(java.lang.Object,java.lang.Throwable)>", index: 1 }
+  - { method: "<org.apache.log4j.Logger: void error(java.lang.Object)>", index: 0 }
+  - { method: "<org.apache.log4j.Logger: void error(java.lang.Object,java.lang.Throwable)>", index: 1 }
+  - { method: "<org.apache.log4j.Logger: void fatal(java.lang.Object)>", index: 0 }
+  - { method: "<org.apache.log4j.Logger: void fatal(java.lang.Object,java.lang.Throwable)>", index: 1 }
+  - { method: "<org.apache.log4j.Logger: void info(java.lang.Object)>", index: 0 }
+  - { method: "<org.apache.log4j.Logger: void info(java.lang.Object,java.lang.Throwable)>", index: 1 }
+  - { method: "<org.apache.log4j.Logger: void l7dlog(org.apache.log4j.Priority,java.lang.String,java.lang.Object[],java.lang.Throwable)>", index: 1 }
+  - { method: "<org.apache.log4j.Logger: void l7dlog(org.apache.log4j.Priority,java.lang.String,java.lang.Object[],java.lang.Throwable)>", index: 2 }
+  - { method: "<org.apache.log4j.Logger: void l7dlog(org.apache.log4j.Priority,java.lang.String,java.lang.Throwable)>", index: 1 }
+  - { method: "<org.apache.log4j.Logger: void log(org.apache.log4j.Priority,java.lang.Object)>", index: 0 }
+  - { method: "<org.apache.log4j.Logger: void log(org.apache.log4j.Priority,java.lang.Object,java.lang.Throwable)>", index: 1 }
+  - { method: "<org.apache.log4j.Logger: void log(java.lang.String,org.apache.log4j.Priority,java.lang.Object,java.lang.Throwable)>", index: 1 }
+  - { method: "<org.apache.log4j.Logger: void log(java.lang.String,org.apache.log4j.Priority,java.lang.Object,java.lang.Throwable)>", index: 3 }
+  - { method: "<org.apache.log4j.Logger: void warn(java.lang.Object)>", index: 0 }
+  - { method: "<org.apache.log4j.Logger: void warn(java.lang.Object,java.lang.Throwable)>", index: 1 }
+  - { method: "<org.apache.log4j.Logger: void trace(java.lang.Object)>", index: 0 }
+  - { method: "<org.apache.log4j.Logger: void trace(java.lang.Object,java.lang.Throwable)>", index: 1 }
\ No newline at end of file
diff --git a/src/main/resources/commonly-used-taint-config/sink/injection/apache-log4j/log4j_1x/crlf/README.adoc b/src/main/resources/commonly-used-taint-config/sink/injection/apache-log4j/log4j_1x/crlf/README.adoc
new file mode 100644
index 000000000..c6474d293
--- /dev/null
+++ b/src/main/resources/commonly-used-taint-config/sink/injection/apache-log4j/log4j_1x/crlf/README.adoc
@@ -0,0 +1,12 @@
+= Description
+
+- **Overview**: 
+    Apache Log4j is a logging library for Java applications. The APIs in this directory provide various methods to log different levels of log information, including debug, info, warning, error, and fatal errors.
+
+- **Common Use Cases**:
+    These APIs are typically used to log various types of information, such as recording errors and exceptions, tracking runtime information, issuing warnings, and integrating with log auditing systems.
+
+- **Security Risks**:
+    CRLF Injection: Attackers can exploit these APIs by constructing malicious input with CRLF (Carriage Return and Line Feed) sequences to forge log messages, mislead monitoring personnel, or even affect the auditing system. Attackers can also flood logs with errors or irrelevant information, potentially damaging the log integrity.
+
+*Note*: Apache Log4j version 1.x is no longer maintained.
\ No newline at end of file
diff --git a/src/main/resources/commonly-used-taint-config/sink/injection/apache-log4j/log4j_2/crlf/Logger.yml b/src/main/resources/commonly-used-taint-config/sink/injection/apache-log4j/log4j_2/crlf/Logger.yml
new file mode 100644
index 000000000..74edb348b
--- /dev/null
+++ b/src/main/resources/commonly-used-taint-config/sink/injection/apache-log4j/log4j_2/crlf/Logger.yml
@@ -0,0 +1,104 @@
+sinks:
+  - { method: "<org.apache.logging.log4j.Logger: void debug(org.apache.logging.log4j.Marker,java.lang.Object)>", index: 0 }
+  - { method: "<org.apache.logging.log4j.Logger: void debug(org.apache.logging.log4j.Marker,java.lang.Object,java.lang.Throwable)>", index: 1 }
+  - { method: "<org.apache.logging.log4j.Logger: void debug(org.apache.logging.log4j.Marker,java.lang.String)>", index: 0 }
+  - { method: "<org.apache.logging.log4j.Logger: void debug(org.apache.logging.log4j.Marker,java.lang.String,java.lang.Object[])>", index: 0 }
+  - { method: "<org.apache.logging.log4j.Logger: void debug(org.apache.logging.log4j.Marker,java.lang.String,java.lang.Object[])>", index: 1 }
+  - { method: "<org.apache.logging.log4j.Logger: void debug(org.apache.logging.log4j.Marker,java.lang.String,org.apache.logging.log4j.util.Supplier)>", index: 1 }
+  - { method: "<org.apache.logging.log4j.Logger: void debug(org.apache.logging.log4j.Marker,java.lang.String,java.lang.Throwable)>", index: 1 }
+  - { method: "<org.apache.logging.log4j.Logger: void debug(java.lang.Object)>", index: 0 }
+  - { method: "<org.apache.logging.log4j.Logger: void debug(java.lang.Object,java.lang.Throwable)>", index: 1 }
+  - { method: "<org.apache.logging.log4j.Logger: void debug(java.lang.String)>", index: 0 }
+  - { method: "<org.apache.logging.log4j.Logger: void debug(java.lang.String,java.lang.Object)>", index: 0 }
+  - { method: "<org.apache.logging.log4j.Logger: void debug(java.lang.String,java.lang.Object)>", index: 1 }
+  - { method: "<org.apache.logging.log4j.Logger: void debug(java.lang.String,org.apache.logging.log4j.util.Supplier)>", index: 1 }
+  - { method: "<org.apache.logging.log4j.Logger: void debug(java.lang.String,java.lang.Throwable)>", index: 1 }
+  - { method: "<org.apache.logging.log4j.Logger: void entry(java.lang.Object[])>", index: 0 }
+  - { method: "<org.apache.logging.log4j.Logger: void error(org.apache.logging.log4j.Marker,java.lang.Object)>", index: 0 }
+  - { method: "<org.apache.logging.log4j.Logger: void error(org.apache.logging.log4j.Marker,java.lang.Object,java.lang.Throwable)>", index: 1 }
+  - { method: "<org.apache.logging.log4j.Logger: void error(org.apache.logging.log4j.Marker,java.lang.String)>", index: 0 }
+  - { method: "<org.apache.logging.log4j.Logger: void error(org.apache.logging.log4j.Marker,java.lang.String,java.lang.Object[])>", index: 0 }
+  - { method: "<org.apache.logging.log4j.Logger: void error(org.apache.logging.log4j.Marker,java.lang.String,java.lang.Object[])>", index: 1 }
+  - { method: "<org.apache.logging.log4j.Logger: void error(org.apache.logging.log4j.Marker,java.lang.String,org.apache.logging.log4j.util.Supplier)>", index: 1 }
+  - { method: "<org.apache.logging.log4j.Logger: void error(org.apache.logging.log4j.Marker,java.lang.String,java.lang.Throwable)>", index: 1 }
+  - { method: "<org.apache.logging.log4j.Logger: void error(java.lang.Object)>", index: 0 }
+  - { method: "<org.apache.logging.log4j.Logger: void error(java.lang.Object,java.lang.Throwable)>", index: 1 }
+  - { method: "<org.apache.logging.log4j.Logger: void error(java.lang.String)>", index: 0 }
+  - { method: "<org.apache.logging.log4j.Logger: void error(java.lang.String,java.lang.Object[])>", index: 0 }
+  - { method: "<org.apache.logging.log4j.Logger: void error(java.lang.String,java.lang.Object[])>", index: 1 }
+  - { method: "<org.apache.logging.log4j.Logger: void error(java.lang.String,org.apache.logging.log4j.util.Supplier)>", index: 1 }
+  - { method: "<org.apache.logging.log4j.Logger: void error(java.lang.String,java.lang.Throwable)>", index: 1 }
+  - { method: "<org.apache.logging.log4j.Logger: void fatal(org.apache.logging.log4j.Marker,java.lang.Object)>", index: 0 }
+  - { method: "<org.apache.logging.log4j.Logger: void fatal(org.apache.logging.log4j.Marker,java.lang.Object, java.lang.Throwable)>", index: 1 }
+  - { method: "<org.apache.logging.log4j.Logger: void fatal(org.apache.logging.log4j.Marker,java.lang.String)>", index: 0 }
+  - { method: "<org.apache.logging.log4j.Logger: void fatal(org.apache.logging.log4j.Marker,java.lang.String,java.lang.Object[])>", index: 0 }
+  - { method: "<org.apache.logging.log4j.Logger: void fatal(org.apache.logging.log4j.Marker,java.lang.String,java.lang.Object[])>", index: 1 }
+  - { method: "<org.apache.logging.log4j.Logger: void fatal(org.apache.logging.log4j.Marker,java.lang.String,org.apache.logging.log4j.util.Supplier)>", index: 1 }
+  - { method: "<org.apache.logging.log4j.Logger: void fatal(org.apache.logging.log4j.Marker,java.lang.String,java.lang.Throwable)>", index: 1 }
+  - { method: "<org.apache.logging.log4j.Logger: void fatal(java.lang.Object)>", index: 0 }
+  - { method: "<org.apache.logging.log4j.Logger: void fatal(java.lang.Object,java.lang.Throwable)>", index: 1 }
+  - { method: "<org.apache.logging.log4j.Logger: void fatal(java.lang.String)>", index: 0 }
+  - { method: "<org.apache.logging.log4j.Logger: void fatal(java.lang.String,java.lang.Object[])>", index: 0 }
+  - { method: "<org.apache.logging.log4j.Logger: void fatal(java.lang.String,java.lang.Object[])>", index: 1 }
+  - { method: "<org.apache.logging.log4j.Logger: void fatal(java.lang.String,org.apache.logging.log4j.util.Supplier)>", index: 1 }
+  - { method: "<org.apache.logging.log4j.Logger: void fatal(java.lang.String,java.lang.Throwable)>", index: 1 }
+  - { method: "<org.apache.logging.log4j.Logger: void info(org.apache.logging.log4j.Marker,java.lang.Object)>", index: 0 }
+  - { method: "<org.apache.logging.log4j.Logger: void info(org.apache.logging.log4j.Marker,java.lang.Object,java.lang.Throwable)>", index: 1 }
+  - { method: "<org.apache.logging.log4j.Logger: void info(org.apache.logging.log4j.Marker,java.lang.String)>", index: 0 }
+  - { method: "<org.apache.logging.log4j.Logger: void info(org.apache.logging.log4j.Marker,java.lang.String,java.lang.Object[])>", index: 0 }
+  - { method: "<org.apache.logging.log4j.Logger: void info(org.apache.logging.log4j.Marker,java.lang.String,java.lang.Object[])>", index: 1 }
+  - { method: "<org.apache.logging.log4j.Logger: void info(org.apache.logging.log4j.Marker,java.lang.String,org.apache.logging.log4j.util.Supplier)>", index: 1 }
+  - { method: "<org.apache.logging.log4j.Logger: void info(org.apache.logging.log4j.Marker,java.lang.String,java.lang.Throwable)>", index: 1 }
+  - { method: "<org.apache.logging.log4j.Logger: void info(java.lang.Object)>", index: 0 }
+  - { method: "<org.apache.logging.log4j.Logger: void info(java.lang.Object,java.lang.Throwable)>", index: 1 }
+  - { method: "<org.apache.logging.log4j.Logger: void info(java.lang.String)>", index: 0 }
+  - { method: "<org.apache.logging.log4j.Logger: void info(java.lang.String,java.lang.Object[])>", index: 0 }
+  - { method: "<org.apache.logging.log4j.Logger: void info(java.lang.String,java.lang.Object[])>", index: 1 }
+  - { method: "<org.apache.logging.log4j.Logger: void info(java.lang.String,org.apache.logging.log4j.util.Supplier)>", index: 1 }
+  - { method: "<org.apache.logging.log4j.Logger: void info(java.lang.String,java.lang.Throwable)>", index: 1 }
+  - { method: "<org.apache.logging.log4j.Logger: void log(org.apache.logging.log4j.Level,org.slf4j.Marker,java.lang.Object)>", index: 0 }
+  - { method: "<org.apache.logging.log4j.Logger: void log(org.apache.logging.log4j.Level,org.slf4j.Marker,java.lang.Object,java.lang.Throwable)>", index: 1 }
+  - { method: "<org.apache.logging.log4j.Logger: void log(org.apache.logging.log4j.Level,org.apache.logging.log4j.Marker,java.lang.String)>", index: 0 }
+  - { method: "<org.apache.logging.log4j.Logger: void log(org.apache.logging.log4j.Level,org.apache.logging.log4j.Marker,java.lang.String,java.lang.Object[])>", index: 0 }
+  - { method: "<org.apache.logging.log4j.Logger: void log(org.apache.logging.log4j.Level,org.apache.logging.log4j.Marker,java.lang.String,java.lang.Object[])>", index: 1 }
+  - { method: "<org.apache.logging.log4j.Logger: void log(org.apache.logging.log4j.Level,org.apache.logging.log4j.Marker,java.lang.String,org.apache.logging.log4j.util.Supplier)>", index: 1 }
+  - { method: "<org.apache.logging.log4j.Logger: void log(org.apache.logging.log4j.Level,org.apache.logging.log4j.Marker,java.lang.String,java.lang.Throwable)>", index: 1 }
+  - { method: "<org.apache.logging.log4j.Logger: void log(org.apache.logging.log4j.Level,java.lang.Object)>", index: 0 }
+  - { method: "<org.apache.logging.log4j.Logger: void log(org.apache.logging.log4j.Level,java.lang.Object,java.lang.Throwable)>", index: 1 }
+  - { method: "<org.apache.logging.log4j.Logger: void log(org.apache.logging.log4j.Level,java.lang.String)>", index: 0 }
+  - { method: "<org.apache.logging.log4j.Logger: void log(org.apache.logging.log4j.Level,java.lang.String,java.lang.Object[])>", index: 0 }
+  - { method: "<org.apache.logging.log4j.Logger: void log(org.apache.logging.log4j.Level,java.lang.String,java.lang.Object[])>", index: 1 }
+  - { method: "<org.apache.logging.log4j.Logger: void log(org.apache.logging.log4j.Level,java.lang.String,org.apache.logging.log4j.util.Supplier)>", index: 1 }
+  - { method: "<org.apache.logging.log4j.Logger: void log(org.apache.logging.log4j.Level,java.lang.String,java.lang.Throwable)>", index: 1 }
+  - { method: "<org.apache.logging.log4j.Logger: void printf(org.apache.logging.log4j.Level,org.apache.logging.log4j.Marker, java.lang.String, java.lang.Object[])>", index: 0 }
+  - { method: "<org.apache.logging.log4j.Logger: void printf(org.apache.logging.log4j.Level,org.apache.logging.log4j.Marker, java.lang.String, java.lang.Object[])>", index: 1 }
+  - { method: "<org.apache.logging.log4j.Logger: void printf(org.apache.logging.log4j.Level,java.lang.String,java.lang.Object[])>", index: 0 }
+  - { method: "<org.apache.logging.log4j.Logger: void printf(org.apache.logging.log4j.Level,java.lang.String,java.lang.Object[])>", index: 1 }
+  - { method: "<org.apache.logging.log4j.Logger: void trace(org.apache.logging.log4j.Marker,java.lang.Object)>", index: 0 }
+  - { method: "<org.apache.logging.log4j.Logger: void trace(org.apache.logging.log4j.Marker,java.lang.Object,java.lang.Throwable)>", index: 1 }
+  - { method: "<org.apache.logging.log4j.Logger: void trace(org.apache.logging.log4j.Marker,java.lang.String)>", index: 0 }
+  - { method: "<org.apache.logging.log4j.Logger: void trace(org.apache.logging.log4j.Marker,java.lang.String,java.lang.Object[])>", index: 0 }
+  - { method: "<org.apache.logging.log4j.Logger: void trace(org.apache.logging.log4j.Marker,java.lang.String,java.lang.Object[])>", index: 1 }
+  - { method: "<org.apache.logging.log4j.Logger: void trace(org.apache.logging.log4j.Marker,java.lang.String,org.apache.logging.log4j.util.Supplier)>", index: 1 }
+  - { method: "<org.apache.logging.log4j.Logger: void trace(org.apache.logging.log4j.Marker,java.lang.String,java.lang.Throwable)>", index: 1 }
+  - { method: "<org.apache.logging.log4j.Logger: void trace(java.lang.Object)>", index: 0 }
+  - { method: "<org.apache.logging.log4j.Logger: void trace(java.lang.Object,java.lang.Throwable)>", index: 1 }
+  - { method: "<org.apache.logging.log4j.Logger: void trace(java.lang.String)>", index: 0 }
+  - { method: "<org.apache.logging.log4j.Logger: void trace(java.lang.String,java.lang.Object[])>", index: 0 }
+  - { method: "<org.apache.logging.log4j.Logger: void trace(java.lang.String,java.lang.Object[])>", index: 1 }
+  - { method: "<org.apache.logging.log4j.Logger: void trace(java.lang.String,org.apache.logging.log4j.util.Supplier)>", index: 1 }
+  - { method: "<org.apache.logging.log4j.Logger: void trace(java.lang.String,java.lang.Throwable)>", index: 1 }
+  - { method: "<org.apache.logging.log4j.Logger: void warn(org.apache.logging.log4j.Marker,java.lang.Object)>", index: 0 }
+  - { method: "<org.apache.logging.log4j.Logger: void warn(org.apache.logging.log4j.Marker,java.lang.Object,java.lang.Throwable)>", index: 1 }
+  - { method: "<org.apache.logging.log4j.Logger: void warn(org.apache.logging.log4j.Marker,java.lang.String)>", index: 0 }
+  - { method: "<org.apache.logging.log4j.Logger: void warn(org.apache.logging.log4j.Marker,java.lang.String,java.lang.Object[])>", index: 0 }
+  - { method: "<org.apache.logging.log4j.Logger: void warn(org.apache.logging.log4j.Marker,java.lang.String,java.lang.Object[])>", index: 1 }
+  - { method: "<org.apache.logging.log4j.Logger: void warn(org.apache.logging.log4j.Marker,java.lang.String,org.apache.logging.log4j.util.Supplier)>", index: 1 }
+  - { method: "<org.apache.logging.log4j.Logger: void warn(org.apache.logging.log4j.Marker,java.lang.String,java.lang.Throwable)>", index: 1 }
+  - { method: "<org.apache.logging.log4j.Logger: void warn(java.lang.Object)>", index: 0 }
+  - { method: "<org.apache.logging.log4j.Logger: void warn(java.lang.Object,java.lang.Throwable)>", index: 1 }
+  - { method: "<org.apache.logging.log4j.Logger: void warn(java.lang.String)>", index: 0 }
+  - { method: "<org.apache.logging.log4j.Logger: void warn(java.lang.String,java.lang.Object[])>", index: 0 }
+  - { method: "<org.apache.logging.log4j.Logger: void warn(java.lang.String,java.lang.Object[])>", index: 1 }
+  - { method: "<org.apache.logging.log4j.Logger: void warn(java.lang.String,org.apache.logging.log4j.util.Supplier)>", index: 1 }
+  - { method: "<org.apache.logging.log4j.Logger: void warn(java.lang.String,java.lang.Throwable)>", index: 1 }
diff --git a/src/main/resources/commonly-used-taint-config/sink/injection/apache-log4j/log4j_2/crlf/README.adoc b/src/main/resources/commonly-used-taint-config/sink/injection/apache-log4j/log4j_2/crlf/README.adoc
new file mode 100644
index 000000000..eeff6ec37
--- /dev/null
+++ b/src/main/resources/commonly-used-taint-config/sink/injection/apache-log4j/log4j_2/crlf/README.adoc
@@ -0,0 +1,11 @@
+= Description
+
+- **Overview**: 
+    Apache Log4j is a logging library for Java applications. The APIs in this directory offer various methods to log different levels of information, including debug, info, warning, error, and fatal errors.
+
+- **Common Use Cases**:
+    These APIs are commonly used for logging various types of information, such as recording errors and exceptions, tracking runtime information, issuing warnings, and integrating with log auditing systems.
+
+- **Security Risks**:
+    CRLF Injection: Attackers can exploit these APIs by crafting malicious input containing CRLF (Carriage Return and Line Feed) sequences to forge log entries, mislead monitoring personnel, and even affect auditing systems. Additionally, attackers can flood logs with excessive errors or irrelevant information, potentially corrupting the log data.
+
diff --git a/src/main/resources/commonly-used-taint-config/sink/injection/apache-santuario-xml-security/xpath/RAEDME.adoc b/src/main/resources/commonly-used-taint-config/sink/injection/apache-santuario-xml-security/xpath/RAEDME.adoc
new file mode 100644
index 000000000..5c0618ac7
--- /dev/null
+++ b/src/main/resources/commonly-used-taint-config/sink/injection/apache-santuario-xml-security/xpath/RAEDME.adoc
@@ -0,0 +1,11 @@
+= Description
+
+- **Overview**: 
+    The Apache XML Security API provides functionality for processing XPath expressions within XML documents. This primarily involves two classes: `XPathAPI` and `JDKXPathAPI`, which are used to evaluate XPath expressions and select node lists within XML documents.
+
+- **Common Use Cases**:
+    These APIs are commonly used to parse and execute XPath expressions, returning corresponding results based on the content of XML documents.
+
+- **Security Risks**:
+    XPath Injection: Similar to SQL injection attacks, attackers can craft malicious XPath expressions to gain insights into the structure of XML data or access data that is normally restricted. If the XML data is used for user authentication, attackers could even escalate their privileges.
+
diff --git a/src/main/resources/commonly-used-taint-config/sink/injection/apache-santuario-xml-security/xpath/xpath.yml b/src/main/resources/commonly-used-taint-config/sink/injection/apache-santuario-xml-security/xpath/xpath.yml
new file mode 100644
index 000000000..24d9fcbcd
--- /dev/null
+++ b/src/main/resources/commonly-used-taint-config/sink/injection/apache-santuario-xml-security/xpath/xpath.yml
@@ -0,0 +1,5 @@
+sinks:
+  - { method: "<org.apache.xml.security.utils.XPathAPI: boolean evaluate(org.w3c.dom.Node,org.w3c.dom.Node,java.lang.String,org.w3c.dom.Node)>", index: 1 }
+  - { method: "<org.apache.xml.security.utils.XPathAPI: org.w3c.dom.NodeList selectNodeList(org.w3c.dom.Node,org.w3c.dom.Node,java.lang.String,org.w3c.dom.Node)>", index: 1 }
+  - { method: "<org.apache.xml.security.utils.JDKXPathAPI: boolean evaluate(org.w3c.dom.Node,org.w3c.dom.Node,java.lang.String,org.w3c.dom.Node)>", index: 1 }
+  - { method: "<org.apache.xml.security.utils.JDKXPathAPI: org.w3c.dom.NodeList selectNodeList(org.w3c.dom.Node,org.w3c.dom.Node,java.lang.String,org.w3c.dom.Node)>", index: 1 }
diff --git a/src/main/resources/commonly-used-taint-config/sink/injection/apache-struts/file-disclosure/README.adoc b/src/main/resources/commonly-used-taint-config/sink/injection/apache-struts/file-disclosure/README.adoc
new file mode 100644
index 000000000..0ab4da0d9
--- /dev/null
+++ b/src/main/resources/commonly-used-taint-config/sink/injection/apache-struts/file-disclosure/README.adoc
@@ -0,0 +1,11 @@
+= Description
+
+- **Overview**: 
+    These APIs are methods from the Apache Struts framework, used for creating and manipulating `ActionForward` objects. `ActionForward` is a class in Apache Struts used to specify the forwarding path for a request.
+
+- **Common Use Cases**:
+    These APIs are commonly used to create and manipulate `ActionForward` objects, specifying forwarding paths and determining whether a redirect is needed.
+
+- **Security Risks**:
+    File Disclosure: Once an attacker can control the creation of `ActionForward` objects, they can craft malicious requests to modify the forwarding path, potentially gaining access to sensitive files such as configuration files, application class files, or JAR files.
+
diff --git a/src/main/resources/commonly-used-taint-config/sink/injection/apache-struts/file-disclosure/struts-file-disclosure.yml b/src/main/resources/commonly-used-taint-config/sink/injection/apache-struts/file-disclosure/struts-file-disclosure.yml
new file mode 100644
index 000000000..dbc8e5999
--- /dev/null
+++ b/src/main/resources/commonly-used-taint-config/sink/injection/apache-struts/file-disclosure/struts-file-disclosure.yml
@@ -0,0 +1,6 @@
+sinks:
+  - { method: "<org.apache.struts.action.ActionForward: void <init>(java.lang.String)>", index: 0 }
+  - { method: "<org.apache.struts.action.ActionForward: void <init>(java.lang.String,boolean)>", index: 1 }
+  - { method: "<org.apache.struts.action.ActionForward: void <init>(java.lang.String,java.lang.String,boolean)>", index: 1 }
+  - { method: "<org.apache.struts.action.ActionForward: void <init>(java.lang.String,java.lang.String,boolean,boolean)>", index: 2 }
+  - { method: "<org.apache.struts.action.ActionForward: void setPath(java.lang.String)>", index: 0 }
diff --git a/src/main/resources/commonly-used-taint-config/sink/injection/apache-struts/ognl-injection/OgnlUtil.yml b/src/main/resources/commonly-used-taint-config/sink/injection/apache-struts/ognl-injection/OgnlUtil.yml
new file mode 100644
index 000000000..59f99b6ef
--- /dev/null
+++ b/src/main/resources/commonly-used-taint-config/sink/injection/apache-struts/ognl-injection/OgnlUtil.yml
@@ -0,0 +1,20 @@
+sink:
+  - { method: "<com.opensymphony.xwork2.util.TextParser: java.lang.Object evaluate(char[],java.lang.String,com.opensymphony.xwork2.util.TextParseUtil$ParsedValueEvaluator,int)>", index: 2 }
+  - { method: "<com.opensymphony.xwork2.util.OgnlTextParser: java.lang.Object evaluate(char[],java.lang.String,com.opensymphony.xwork2.util.TextParseUtil$ParsedValueEvaluator,int)>", index: 2 }
+
+  - { method: "<com.opensymphony.xwork2.ognl.OgnlUtil: void setProperties(java.util.Map,java.lang.Object,java.util.Map)>", index: 2 }
+  - { method: "<com.opensymphony.xwork2.ognl.OgnlUtil: void setProperties(java.util.Map,java.lang.Object,java.util.Map,boolean)>", index: 3 }
+  - { method: "<com.opensymphony.xwork2.ognl.OgnlUtil: void setProperties(java.util.Map,java.lang.Object)>", index: 1 }
+  - { method: "<com.opensymphony.xwork2.ognl.OgnlUtil: void setProperties(java.util.Map,java.lang.Object,boolean)>", index: 2 }
+  - { method: "<com.opensymphony.xwork2.ognl.OgnlUtil: void setProperty(java.lang.String,java.lang.Object,java.lang.Object,java.util.Map)>", index: 3 }
+  - { method: "<com.opensymphony.xwork2.ognl.OgnlUtil: void setProperty(java.lang.String,java.lang.Object,java.lang.Object,java.util.Map,boolean)>", index: 4 }
+  - { method: "<com.opensymphony.xwork2.ognl.OgnlUtil: void setValue(java.lang.String,java.util.Map,java.lang.Object,java.lang.Object)>", index: 3 }
+  - { method: "<com.opensymphony.xwork2.ognl.OgnlUtil: java.lang.Object getValue(java.lang.String,java.util.Map,java.lang.Object)>", index: 2 }
+  - { method: "<com.opensymphony.xwork2.ognl.OgnlUtil: java.lang.Object callMethod(java.lang.String,java.util.Map,java.lang.Object)>", index: 2 }
+  - { method: "<com.opensymphony.xwork2.ognl.OgnlUtil: java.lang.Object getValue(java.lang.String,java.util.Map,java.lang.Object,java.lang.Class)>", index: 3 }
+
+  - { method: "<com.opensymphony.xwork2.ognl.OgnlUtil: java.lang.Object compile(java.lang.String)>", index: 0 }
+  - { method: "<com.opensymphony.xwork2.ognl.OgnlUtil: java.lang.Object compileAndExecute(java.lang.String,java.util.Map,com.opensymphony.xwork2.ognl.OgnlTask)>", index: 2 }
+  - { method: "<com.opensymphony.xwork2.ognl.OgnlUtil: java.lang.Object compileAndExecuteMethod(java.lang.String,java.util.Map,com.opensymphony.xwork2.ognl.OgnlTask)>", index: 2 }
+  - { method: "<com.opensymphony.xwork2.ognl.OgnlUtil: java.lang.Object compile(java.lang.String,java.util.Map)>", index: 1 }
+
diff --git a/src/main/resources/commonly-used-taint-config/sink/injection/apache-struts/ognl-injection/README.adoc b/src/main/resources/commonly-used-taint-config/sink/injection/apache-struts/ognl-injection/README.adoc
new file mode 100644
index 000000000..61a524b27
--- /dev/null
+++ b/src/main/resources/commonly-used-taint-config/sink/injection/apache-struts/ognl-injection/README.adoc
@@ -0,0 +1,11 @@
+= Description
+
+- **Overview**: 
+    OGNL (Object-Graph Navigation Language) is a language designed to provide a higher-level syntax for navigating Java object graphs. 
+    OGNL can access static methods, properties, and object methods, including classes such as `java.lang.Runtime` that can perform malicious actions like command execution. When OGNL expressions are externally controllable, attackers can craft malicious OGNL expressions to make the program perform malicious operations, which is the basis of the OGNL injection vulnerability.
+
+- **Common Use Cases**:
+    These APIs are commonly used to parse and execute OGNL expressions, replace variables in text, and set class member variables and methods.
+
+- **Security Risks**:
+    Remote Command Execution: When OGNL expressions are externally controllable, attackers can craft OGNL expressions to trigger reverse shells, execute system commands, and perform other malicious actions.
diff --git a/src/main/resources/commonly-used-taint-config/sink/injection/apache-struts/ognl-injection/TextParseUtil.yml b/src/main/resources/commonly-used-taint-config/sink/injection/apache-struts/ognl-injection/TextParseUtil.yml
new file mode 100644
index 000000000..a237c823e
--- /dev/null
+++ b/src/main/resources/commonly-used-taint-config/sink/injection/apache-struts/ognl-injection/TextParseUtil.yml
@@ -0,0 +1,13 @@
+sink:
+  - { method: "<com.opensymphony.xwork2.util.TextParseUtil: java.lang.String translateVariables(java.lang.String,com.opensymphony.xwork2.util.ValueStack)>", index: 1 }
+  - { method: "<com.opensymphony.xwork2.util.TextParseUtil: java.lang.String translateVariables(java.lang.String,com.opensymphony.xwork2.util.ValueStack,com.opensymphony.xwork2.util.TextParseUtil$ParsedValueEvaluator)>", index: 2 }
+  - { method: "<com.opensymphony.xwork2.util.TextParseUtil: java.lang.String translateVariables(char,java.lang.String,com.opensymphony.xwork2.util.ValueStack)>", index: 1 }
+  - { method: "<com.opensymphony.xwork2.util.TextParseUtil: java.lang.Object translateVariables(char,java.lang.String,com.opensymphony.xwork2.util.ValueStack,java.lang.Class)>", index: 2 }
+  - { method: "<com.opensymphony.xwork2.util.TextParseUtil: java.lang.Object translateVariables(char,java.lang.String,com.opensymphony.xwork2.util.ValueStack,java.lang.Class,com.opensymphony.xwork2.util.TextParseUtil$ParsedValueEvaluator)>", index: 3 }
+  - { method: "<com.opensymphony.xwork2.util.TextParseUtil: java.lang.Object translateVariables(char[],java.lang.String,com.opensymphony.xwork2.util.ValueStack,java.lang.Class,com.opensymphony.xwork2.util.TextParseUtil$ParsedValueEvaluator)>", index: 3 }
+  - { method: "<com.opensymphony.xwork2.util.TextParseUtil: java.lang.Object translateVariables(char,java.lang.String,com.opensymphony.xwork2.util.ValueStack,java.lang.Class,com.opensymphony.xwork2.util.TextParseUtil$ParsedValueEvaluator,int)>", index: 4 }
+  - { method: "<com.opensymphony.xwork2.util.TextParseUtil: java.lang.Object translateVariables(char[],java.lang.String,com.opensymphony.xwork2.util.ValueStack,java.lang.Class,com.opensymphony.xwork2.util.TextParseUtil$ParsedValueEvaluator,int)>", index: 4 }
+  - { method: "<com.opensymphony.xwork2.util.TextParseUtil: com.opensymphony.xwork2.util.Collection translateVariablesCollection(java.lang.String,com.opensymphony.xwork2.util.ValueStack,boolean,com.opensymphony.xwork2.util.TextParseUtil$ParsedValueEvaluator)>", index: 3 }
+  - { method: "<com.opensymphony.xwork2.util.TextParseUtil: com.opensymphony.xwork2.util.Collection translateVariablesCollection(char[],java.lang.String,com.opensymphony.xwork2.util.ValueStack,boolean,com.opensymphony.xwork2.util.TextParseUtil$ParsedValueEvaluator,int)>", index: 4 }
+  - { method: "<com.opensymphony.xwork2.util.TextParseUtil: boolean shallBeIncluded(java.lang.String,boolean)>", index: 1 }
+  - { method: "<com.opensymphony.xwork2.util.TextParseUtil: com.opensymphony.xwork2.util.Set commaDelimitedStringToSet(java.lang.String)>", index: 0 }
\ No newline at end of file
diff --git a/src/main/resources/commonly-used-taint-config/sink/injection/apache-struts/ognl-injection/reflection-relative.yml b/src/main/resources/commonly-used-taint-config/sink/injection/apache-struts/ognl-injection/reflection-relative.yml
new file mode 100644
index 000000000..3b5b1f075
--- /dev/null
+++ b/src/main/resources/commonly-used-taint-config/sink/injection/apache-struts/ognl-injection/reflection-relative.yml
@@ -0,0 +1,29 @@
+sinks:
+  - { method: "<com.opensymphony.xwork2.ognl.OgnlReflectionProvider: java.lang.reflect.Method getGetMethod(java.lang.Class,java.lang.String)>", index: 0 }
+  - { method: "<com.opensymphony.xwork2.ognl.OgnlReflectionProvider: java.lang.reflect.Method getSetMethod(java.lang.Class,java.lang.String)>", index: 0 }
+  - { method: "<com.opensymphony.xwork2.ognl.OgnlReflectionProvider: java.lang.reflect.Field getField(java.lang.Class,java.lang.String)>", index: 0 }
+  - { method: "<com.opensymphony.xwork2.ognl.OgnlReflectionProvider: void setProperties(java.util.Map,java.lang.Object,java.util.Map)>", index: 2 }
+  - { method: "<com.opensymphony.xwork2.ognl.OgnlReflectionProvider: void setProperties(java.util.Map,java.lang.Object,java.util.Map,boolean)>", index: 3 }
+  - { method: "<com.opensymphony.xwork2.ognl.OgnlReflectionProvider: void setProperties(java.util.Map,java.lang.Object)>", index: 1 }
+  - { method: "<com.opensymphony.xwork2.ognl.OgnlReflectionProvider: java.beans.PropertyDescriptor getPropertyDescriptor(java.lang.Class,java.lang.String)>", index: 0 }
+  - { method: "<com.opensymphony.xwork2.ognl.OgnlReflectionProvider: java.lang.Object getRealTarget(java.lang.String,java.util.Map,java.lang.Object)>", index: 2 }
+  - { method: "<com.opensymphony.xwork2.ognl.OgnlReflectionProvider: void setProperty(java.lang.String,java.lang.Object,java.lang.Object,java.util.Map)>", index: 3 }
+  - { method: "<com.opensymphony.xwork2.ognl.OgnlReflectionProvider: void setProperty(java.lang.String,java.lang.Object,java.lang.Object,java.util.Map,boolean)>", index: 4 }
+  - { method: "<com.opensymphony.xwork2.ognl.OgnlReflectionProvider: java.lang.Object getValue(java.lang.String,java.util.Map,java.lang.Object)>", index: 2 }
+  - { method: "<com.opensymphony.xwork2.ognl.OgnlReflectionProvider: void setValue(java.lang.String,java.util.Map,java.lang.Object,java.lang.Object)>", index: 3 }
+
+  - { method: "<com.opensymphony.xwork2.util.reflection.ReflectionProvider: java.lang.reflect.Method getGetMethod(java.lang.Class,java.lang.String)>", index: 0 }
+  - { method: "<com.opensymphony.xwork2.util.reflection.ReflectionProvider: java.lang.reflect.Method getSetMethod(java.lang.Class,java.lang.String)>", index: 0 }
+  - { method: "<com.opensymphony.xwork2.util.reflection.ReflectionProvider: java.lang.reflect.Field getField(java.lang.Class,java.lang.String)>", index: 0 }
+  - { method: "<com.opensymphony.xwork2.util.reflection.ReflectionProvider: void setProperties(java.util.Map,java.lang.Object,java.util.Map)>", index: 2 }
+  - { method: "<com.opensymphony.xwork2.util.reflection.ReflectionProvider: void setProperties(java.util.Map,java.lang.Object,java.util.Map,boolean)>", index: 3 }
+  - { method: "<com.opensymphony.xwork2.util.reflection.ReflectionProvider: void setProperties(java.util.Map,java.lang.Object)>", index: 1 }
+  - { method: "<com.opensymphony.xwork2.util.reflection.ReflectionProvider: java.beans.PropertyDescriptor getPropertyDescriptor(java.lang.Class,java.lang.String)>", index: 0 }
+  - { method: "<com.opensymphony.xwork2.util.reflection.ReflectionProvider: void copy(java.lang.Object,java.lang.Object,java.util.Map,java.util.Collection,java.util.Collection)>", index: 4 }
+  - { method: "<com.opensymphony.xwork2.util.reflection.ReflectionProvider: java.lang.Object getRealTarget(java.lang.String,java.util.Map,java.lang.Object)>", index: 2 }
+  - { method: "<com.opensymphony.xwork2.util.reflection.ReflectionProvider: void setProperty(java.lang.String,java.lang.Object,java.lang.Object,java.util.Map,boolean)>", index: 4 }
+  - { method: "<com.opensymphony.xwork2.util.reflection.ReflectionProvider: void setProperty(java.lang.String,java.lang.Object,java.lang.Object,java.util.Map)>", index: 3 }
+  - { method: "<com.opensymphony.xwork2.util.reflection.ReflectionProvider: java.util.Map getBeanMap(com.opensymphony.xwork2.util.reflection.Object)>", index: 0 }
+  - { method: "<com.opensymphony.xwork2.util.reflection.ReflectionProvider: java.lang.Object getValue(java.lang.String,java.util.Map,java.lang.Object)>", index: 2 }
+  - { method: "<com.opensymphony.xwork2.util.reflection.ReflectionProvider: void setValue(java.lang.String,java.util.Map,java.lang.Object,java.lang.Object)>", index: 3 }
+  - { method: "<com.opensymphony.xwork2.util.reflection.ReflectionProvider: java.beans.PropertyDescriptor[] getPropertyDescriptors(java.lang.Object)>", index: 0 }
\ No newline at end of file
diff --git a/src/main/resources/commonly-used-taint-config/sink/injection/apache-struts/other/other.yml b/src/main/resources/commonly-used-taint-config/sink/injection/apache-struts/other/other.yml
new file mode 100644
index 000000000..2f3000870
--- /dev/null
+++ b/src/main/resources/commonly-used-taint-config/sink/injection/apache-struts/other/other.yml
@@ -0,0 +1,25 @@
+sinks:
+  - { method: "<org.apache.struts2.util.VelocityStrutsUtil: java.lang.String evaluate(java.lang.String)>", index: 0 }
+  - { method: "<org.apache.struts2.util.StrutsUtil: org.apache.struts2.util.Object bean(org.apache.struts2.util.Object)>", index: 0 }
+  - { method: "<org.apache.struts2.util.StrutsUtil: boolean isTrue(java.lang.String)>", index: 0 }
+  - { method: "<org.apache.struts2.util.StrutsUtil: org.apache.struts2.util.Object findString(java.lang.String)>", index: 0 }
+  - { method: "<org.apache.struts2.util.StrutsUtil: java.lang.String include(org.apache.struts2.util.Object)>", index: 0 }
+  - { method: "<org.apache.struts2.util.StrutsUtil: java.lang.String urlEncode(java.lang.String)>", index: 0 }
+  - { method: "<org.apache.struts2.util.StrutsUtil: org.apache.struts2.util.Object findValue(java.lang.String,java.lang.String)>", index: 1 }
+  - { method: "<org.apache.struts2.util.StrutsUtil: java.lang.String getText(java.lang.String)>", index: 0 }
+  - { method: "<org.apache.struts2.util.StrutsUtil: java.lang.String translateVariables(java.lang.String)>", index: 0 }
+  - { method: "<org.apache.struts2.util.StrutsUtil: org.apache.struts2.util.List makeSelectList(java.lang.String,java.lang.String,java.lang.String,java.lang.String)>", index: 0 }
+  - { method: "<org.apache.struts2.util.StrutsUtil: org.apache.struts2.util.List makeSelectList(java.lang.String,java.lang.String,java.lang.String,java.lang.String)>", index: 1 }
+  - { method: "<org.apache.struts2.util.StrutsUtil: org.apache.struts2.util.List makeSelectList(java.lang.String,java.lang.String,java.lang.String,java.lang.String)>", index: 2 }
+  - { method: "<org.apache.struts2.util.StrutsUtil: org.apache.struts2.util.List makeSelectList(java.lang.String,java.lang.String,java.lang.String,java.lang.String)>", index: 3 }
+  - { method: "<org.apache.struts2.views.jsp.ui.OgnlTool: org.apache.struts2.views.jsp.ui.Object findValue(java.lang.String,org.apache.struts2.views.jsp.ui.Object)>", index: 1 }
+
+  - { method: "<com.opensymphony.xwork2.util.ValueStack: java.lang.String findString(java.lang.String)>", index: 0 }
+  - { method: "<com.opensymphony.xwork2.util.ValueStack: java.lang.String findString(java.lang.String,boolean)>", index: 1 }
+  - { method: "<com.opensymphony.xwork2.util.ValueStack: java.lang.Object findValue(java.lang.String)>", index: 0 }
+  - { method: "<com.opensymphony.xwork2.util.ValueStack: java.lang.Object findValue(java.lang.String,boolean)>", index: 1 }
+  - { method: "<com.opensymphony.xwork2.util.ValueStack: java.lang.Object findValue(java.lang.String,java.lang.Class)>", index: 1 }
+  - { method: "<com.opensymphony.xwork2.util.ValueStack: java.lang.Object findValue(java.lang.String,java.lang.Class,boolean)>", index: 2 }
+  - { method: "<com.opensymphony.xwork2.util.ValueStack: void setValue(java.lang.String,java.lang.Object)>", index: 1 }
+  - { method: "<com.opensymphony.xwork2.util.ValueStack: void setValue(java.lang.String,java.lang.Object,boolean)>", index: 2 }
+  - { method: "<com.opensymphony.xwork2.util.ValueStack: void setParameter(java.lang.String,java.lang.Object)>", index: 1 }
\ No newline at end of file
diff --git a/src/main/resources/commonly-used-taint-config/sink/injection/apache-turbine/sql-injection/README.adoc b/src/main/resources/commonly-used-taint-config/sink/injection/apache-turbine/sql-injection/README.adoc
new file mode 100644
index 000000000..1c57cea19
--- /dev/null
+++ b/src/main/resources/commonly-used-taint-config/sink/injection/apache-turbine/sql-injection/README.adoc
@@ -0,0 +1,10 @@
+= Description
+
+- **Overview**: 
+    The APIs in this directory provide multiple ways to execute SQL queries and return results. These methods are used to interact with databases by executing SQL queries to retrieve data.
+
+- **Common Use Cases**:
+    These APIs are commonly used for handling user-input data queries and executing SQL statements. Users typically have some level of control over the parameters.
+
+- **Security Risks**:
+    SQL Injection: Attackers can exploit these APIs by crafting malicious input to inject SQL commands, allowing them to manipulate the database.
diff --git a/src/main/resources/commonly-used-taint-config/sink/injection/apache-turbine/sql-injection/sql-turbine.yml b/src/main/resources/commonly-used-taint-config/sink/injection/apache-turbine/sql-injection/sql-turbine.yml
new file mode 100644
index 000000000..b0dc213d0
--- /dev/null
+++ b/src/main/resources/commonly-used-taint-config/sink/injection/apache-turbine/sql-injection/sql-turbine.yml
@@ -0,0 +1,14 @@
+sinks:
+  - { method: "<org.apache.turbine.om.peer.BasePeer: java.util.Vector executeQuery(java.lang.String)>", index: 0 }
+  - { method: "<org.apache.turbine.om.peer.BasePeer: java.util.Vector executeQuery(java.lang.String,java.lang.String)>", index: 1 }
+  - { method: "<org.apache.turbine.om.peer.BasePeer: java.util.Vector executeQuery(java.lang.String,java.lang.String,boolean)>", index: 2 }
+  - { method: "<org.apache.turbine.om.peer.BasePeer: java.util.Vector executeQuery(java.lang.String,boolean,org.apache.turbine.util.db.pool.DBConnection)>", index: 2 }
+  - { method: "<org.apache.turbine.om.peer.BasePeer: java.util.Vector executeQuery(java.lang.String,int,int,boolean,org.apache.turbine.util.db.pool.DBConnection)>", index: 4 }
+  - { method: "<org.apache.turbine.om.peer.BasePeer: java.util.Vector executeQuery(java.lang.String,int,int,java.lang.String,boolean)>", index: 4 }
+
+  - { method: "<org.apache.torque.util.BasePeer: java.util.Vector executeQuery(java.lang.String)>", index: 0 }
+  - { method: "<org.apache.torque.util.BasePeer: java.util.Vector executeQuery(java.lang.String,java.lang.String)>", index: 1 }
+  - { method: "<org.apache.torque.util.BasePeer: java.util.Vector executeQuery(java.lang.String,java.lang.String,boolean)>", index: 2 }
+  - { method: "<org.apache.torque.util.BasePeer: java.util.Vector executeQuery(java.lang.String,boolean,org.apache.turbine.util.db.pool.DBConnection)>", index: 2 }
+  - { method: "<org.apache.torque.util.BasePeer: java.util.Vector executeQuery(java.lang.String,int,int,boolean,org.apache.turbine.util.db.pool.DBConnection)>", index: 4 }
+  - { method: "<org.apache.torque.util.BasePeer: java.util.Vector executeQuery(java.lang.String,int,int,java.lang.String,boolean)>", index: 4 }
diff --git a/src/main/resources/commonly-used-taint-config/sink/injection/apahce-commons/beanutils2/attribute-injection/README.adoc b/src/main/resources/commonly-used-taint-config/sink/injection/apahce-commons/beanutils2/attribute-injection/README.adoc
new file mode 100644
index 000000000..81f5ad374
--- /dev/null
+++ b/src/main/resources/commonly-used-taint-config/sink/injection/apahce-commons/beanutils2/attribute-injection/README.adoc
@@ -0,0 +1,10 @@
+= Description
+
+- **Overview**: 
+    Apache Commons BeanUtils provides a set of utility methods for manipulating Java Beans. The APIs in this directory can be used for common tasks such as property copying, property setting, and object population.
+
+- **Common Use Cases**:
+    These APIs are commonly used for copying, populating, and setting properties of Java Bean objects.
+
+- **Security Risks**:
+    Property Injection: If an attacker gains control over the objects being populated or the property names being set, they can inject unexpected and malicious property values, leading to property injection vulnerabilities.
diff --git a/src/main/resources/commonly-used-taint-config/sink/injection/apahce-commons/beanutils2/attribute-injection/beans.yml b/src/main/resources/commonly-used-taint-config/sink/injection/apahce-commons/beanutils2/attribute-injection/beans.yml
new file mode 100644
index 000000000..f4d465d4f
--- /dev/null
+++ b/src/main/resources/commonly-used-taint-config/sink/injection/apahce-commons/beanutils2/attribute-injection/beans.yml
@@ -0,0 +1,14 @@
+sinks:
+  - { method: "<org.apache.commons.beanutils2.BeanUtils: void copyProperties(java.lang.Object,java.lang.Object)>", index: 0 }
+  - { method: "<org.apache.commons.beanutils2.BeanUtils: void copyProperty(java.lang.Object,java.lang.String,java.lang.Object)>", index: 0 }
+  - { method: "<org.apache.commons.beanutils2.BeanUtils: void copyProperty(java.lang.Object,java.lang.String,java.lang.Object)>", index: 1 }
+  - { method: "<org.apache.commons.beanutils2.BeanUtils: void populate(java.lang.Object,java.util.Map)>", index: 0 }
+  - { method: "<org.apache.commons.beanutils2.BeanUtils: void setProperty(java.lang.Object,java.lang.String,java.lang.Object)>", index: 0 }
+  - { method: "<org.apache.commons.beanutils2.BeanUtils: void setProperty(java.lang.Object,java.lang.String,java.lang.Object)>", index: 1 }
+
+  - { method: "<org.apache.commons.beanutils2.BeanUtilsBean: void copyProperties(java.lang.Object,java.lang.Object)>", index: 0 }
+  - { method: "<org.apache.commons.beanutils2.BeanUtilsBean: void copyProperty(java.lang.Object,java.lang.String,java.lang.Object)>", index: 0 }
+  - { method: "<org.apache.commons.beanutils2.BeanUtilsBean: void copyProperty(java.lang.Object,java.lang.String,java.lang.Object)>", index: 1 }
+  - { method: "<org.apache.commons.beanutils2.BeanUtilsBean: void populate(java.lang.Object,java.util.Map)>", index: 0 }
+  - { method: "<org.apache.commons.beanutils2.BeanUtilsBean: void setProperty(java.lang.Object,java.lang.String,java.lang.Object)>", index: 0 }
+  - { method: "<org.apache.commons.beanutils2.BeanUtilsBean: void setProperty(java.lang.Object,java.lang.String,java.lang.Object)>", index: 1 }
\ No newline at end of file
diff --git a/src/main/resources/commonly-used-taint-config/sink/injection/apahce-commons/logging/crlf/README.adoc b/src/main/resources/commonly-used-taint-config/sink/injection/apahce-commons/logging/crlf/README.adoc
new file mode 100644
index 000000000..5ba66c731
--- /dev/null
+++ b/src/main/resources/commonly-used-taint-config/sink/injection/apahce-commons/logging/crlf/README.adoc
@@ -0,0 +1,10 @@
+= Description
+
+- **Overview**: 
+    The APIs in this directory are interfaces from the Apache Commons Logging library, used for logging. They provide various methods to log different levels of information, including debug, info, warning, and error.
+
+- **Common Use Cases**:
+    These APIs are commonly used to log various types of information, such as recording errors and exceptions, tracking runtime information, issuing warnings, and integrating with log auditing systems.
+
+- **Security Risks**:
+    CRLF Injection: Attackers can exploit these APIs by crafting malicious input containing CRLF (Carriage Return and Line Feed) sequences to forge log entries, mislead monitoring personnel, and even affect auditing systems. Additionally, attackers can flood logs with excessive errors or irrelevant information, potentially corrupting the log data.
diff --git a/src/main/resources/commonly-used-taint-config/sink/injection/apahce-commons/logging/crlf/crlf-logs.yml b/src/main/resources/commonly-used-taint-config/sink/injection/apahce-commons/logging/crlf/crlf-logs.yml
new file mode 100644
index 000000000..cfc98acc8
--- /dev/null
+++ b/src/main/resources/commonly-used-taint-config/sink/injection/apahce-commons/logging/crlf/crlf-logs.yml
@@ -0,0 +1,13 @@
+sinks:
+  - { method: "<org.apache.commons.logging.Log: void debug(java.lang.Object)>", index: 0 }
+  - { method: "<org.apache.commons.logging.Log: void debug(java.lang.Object,java.lang.Throwable)>", index: 1 }
+  - { method: "<org.apache.commons.logging.Log: void error(java.lang.Object)>", index: 0 }
+  - { method: "<org.apache.commons.logging.Log: void error(java.lang.Object,java.lang.Throwable)>", index: 1 }
+  - { method: "<org.apache.commons.logging.Log: void fatal(java.lang.Object)>", index: 0 }
+  - { method: "<org.apache.commons.logging.Log: void fatal(java.lang.Object,java.lang.Throwable)>", index: 1 }
+  - { method: "<org.apache.commons.logging.Log: void info(java.lang.Object)>", index: 0 }
+  - { method: "<org.apache.commons.logging.Log: void info(java.lang.Object,java.lang.Throwable)>", index: 1 }
+  - { method: "<org.apache.commons.logging.Log: void trace(java.lang.Object)>", index: 0 }
+  - { method: "<org.apache.commons.logging.Log: void trace(java.lang.Object,java.lang.Throwable)>", index: 1 }
+  - { method: "<org.apache.commons.logging.Log: void warn(java.lang.Object)>", index: 0 }
+  - { method: "<org.apache.commons.logging.Log: void warn(java.lang.Object,java.lang.Throwable)>", index: 1 }
\ No newline at end of file
diff --git a/src/main/resources/commonly-used-taint-config/sink/injection/java/crlf/README.adoc b/src/main/resources/commonly-used-taint-config/sink/injection/java/crlf/README.adoc
new file mode 100644
index 000000000..e90b33d1d
--- /dev/null
+++ b/src/main/resources/commonly-used-taint-config/sink/injection/java/crlf/README.adoc
@@ -0,0 +1,10 @@
+= Description
+
+- **Overview**: 
+    The APIs in this directory are from the Java standard library's logging utilities, used to generate, record, and manage application logs. They provide various methods to log messages at different levels, support formatting log content, record exception information, and output logs to various targets.
+
+- **Common Use Cases**:
+    These APIs are commonly used for logging various types of information, such as recording errors and exceptions, tracking runtime information, issuing warnings, and integrating with log auditing systems.
+
+- **Security Risks**:
+    CRLF Injection: Attackers can exploit these APIs by crafting malicious input containing CRLF (Carriage Return and Line Feed) sequences to forge log entries, mislead monitoring personnel, and even affect auditing systems. Additionally, attackers can flood logs with excessive errors or irrelevant information, potentially corrupting the log data.
diff --git a/src/main/resources/commonly-used-taint-config/sink/injection/java/crlf/crlf-logs.yml b/src/main/resources/commonly-used-taint-config/sink/injection/java/crlf/crlf-logs.yml
new file mode 100644
index 000000000..7122e7001
--- /dev/null
+++ b/src/main/resources/commonly-used-taint-config/sink/injection/java/crlf/crlf-logs.yml
@@ -0,0 +1,89 @@
+sinks:
+  - { method: "<java.util.logging.Logger: void config(java.lang.String)>", index: 0 }
+  - { method: "<java.util.logging.Logger: void entering(java.lang.String,java.lang.String)>", index: 0 }
+  - { method: "<java.util.logging.Logger: void entering(java.lang.String,java.lang.String)>", index: 1 }
+  - { method: "<java.util.logging.Logger: void entering(java.lang.String,java.lang.String,java.lang.Object)>", index: 0 }
+  - { method: "<java.util.logging.Logger: void entering(java.lang.String,java.lang.String,java.lang.Object)>", index: 1 }
+  - { method: "<java.util.logging.Logger: void entering(java.lang.String,java.lang.String,java.lang.Object)>", index: 2 }
+  - { method: "<java.util.logging.Logger: void entering(java.lang.String,java.lang.String,java.lang.Object[])>", index: 0 }
+  - { method: "<java.util.logging.Logger: void entering(java.lang.String,java.lang.String,java.lang.Object[])>", index: 1 }
+  - { method: "<java.util.logging.Logger: void entering(java.lang.String,java.lang.String,java.lang.Object[])>", index: 2 }
+  - { method: "<java.util.logging.Logger: void exiting(java.lang.String,java.lang.String)>", index: 0 }
+  - { method: "<java.util.logging.Logger: void exiting(java.lang.String,java.lang.String,java.lang.Object)>", index: 0 }
+  - { method: "<java.util.logging.Logger: void exiting(java.lang.String,java.lang.String,java.lang.Object)>", index: 1 }
+  - { method: "<java.util.logging.Logger: void exiting(java.lang.String,java.lang.String,java.lang.Object)>", index: 2 }
+  - { method: "<java.util.logging.Logger: void fine(java.lang.String)>", index: 0 }
+  - { method: "<java.util.logging.Logger: void finer(java.lang.String)>", index: 0 }
+  - { method: "<java.util.logging.Logger: void finest(java.lang.String)>", index: 0 }
+  - { method: "<java.util.logging.Logger: void info(java.lang.String)>", index: 0 }
+
+  - { method: "<java.util.logging.Logger: void log(java.util.logging.Level,java.lang.String)>", index: 0 }
+  - { method: "<java.util.logging.Logger: void log(java.util.logging.Level,java.lang.String,java.lang.Object)>", index: 0 }
+  - { method: "<java.util.logging.Logger: void log(java.util.logging.Level,java.lang.String,java.lang.Object)>", index: 1 }
+  - { method: "<java.util.logging.Logger: void log(java.util.logging.Level,java.lang.String,java.lang.Object[])>", index: 0 }
+  - { method: "<java.util.logging.Logger: void log(java.util.logging.Level,java.lang.String,java.lang.Object[])>", index: 1 }
+  - { method: "<java.util.logging.Logger: void log(java.util.logging.Level,java.lang.String,java.lang.Throwable)>", index: 1 }
+  - { method: "<java.util.logging.Logger: void logp(java.util.logging.Level,java.lang.String,java.lang.String,java.lang.String)>", index: 0 }
+  - { method: "<java.util.logging.Logger: void logp(java.util.logging.Level,java.lang.String,java.lang.String,java.lang.String)>", index: 1 }
+  - { method: "<java.util.logging.Logger: void logp(java.util.logging.Level,java.lang.String,java.lang.String,java.lang.String)>", index: 2 }
+  - { method: "<java.util.logging.Logger: void logp(java.util.logging.Level,java.lang.String,java.lang.String,java.lang.String,java.lang.Object)>", index: 0 }
+  - { method: "<java.util.logging.Logger: void logp(java.util.logging.Level,java.lang.String,java.lang.String,java.lang.String,java.lang.Object)>", index: 1 }
+  - { method: "<java.util.logging.Logger: void logp(java.util.logging.Level,java.lang.String,java.lang.String,java.lang.String,java.lang.Object)>", index: 2 }
+  - { method: "<java.util.logging.Logger: void logp(java.util.logging.Level,java.lang.String,java.lang.String,java.lang.String,java.lang.Object)>", index: 3 }
+  - { method: "<java.util.logging.Logger: void logp(java.util.logging.Level,java.lang.String,java.lang.String,java.lang.String,java.lang.Object[])>", index: 0 }
+  - { method: "<java.util.logging.Logger: void logp(java.util.logging.Level,java.lang.String,java.lang.String,java.lang.String,java.lang.Object[])>", index: 1 }
+  - { method: "<java.util.logging.Logger: void logp(java.util.logging.Level,java.lang.String,java.lang.String,java.lang.String,java.lang.Object[])>", index: 2 }
+  - { method: "<java.util.logging.Logger: void logp(java.util.logging.Level,java.lang.String,java.lang.String,java.lang.String,java.lang.Object[])>", index: 3 }
+  - { method: "<java.util.logging.Logger: void logp(java.util.logging.Level,java.lang.String,java.lang.String,java.lang.String,java.lang.Throwable)>", index: 1 }
+  - { method: "<java.util.logging.Logger: void logp(java.util.logging.Level,java.lang.String,java.lang.String,java.lang.String,java.lang.Throwable)>", index: 2 }
+  - { method: "<java.util.logging.Logger: void logp(java.util.logging.Level,java.lang.String,java.lang.String,java.lang.String,java.lang.Throwable)>", index: 3 }
+  - { method: "<java.util.logging.Logger: void logp(java.util.logging.Level,java.lang.String,java.lang.String,java.util.function.Supplier)>", index: 1 } # no <java.lang.String> in Supplier?
+  - { method: "<java.util.logging.Logger: void logp(java.util.logging.Level,java.lang.String,java.lang.String,java.util.function.Supplier)>", index: 2 }
+  - { method: "<java.util.logging.Logger: void logp(java.util.logging.Level,java.lang.String,java.lang.String,java.lang.Throwable,java.util.function.Supplier)>", index: 2 }
+  - { method: "<java.util.logging.Logger: void logp(java.util.logging.Level,java.lang.String,java.lang.String,java.lang.Throwable,java.util.function.Supplier)>", index: 3 }
+  - { method: "<java.util.logging.Logger: void logrb(java.util.logging.Level,java.lang.String,java.lang.String,java.util.ResourceBundle,java.lang.String,java.lang.Object[])>", index: 0 }
+  - { method: "<java.util.logging.Logger: void logrb(java.util.logging.Level,java.lang.String,java.lang.String,java.util.ResourceBundle,java.lang.String,java.lang.Object[])>", index: 1 }
+  - { method: "<java.util.logging.Logger: void logrb(java.util.logging.Level,java.lang.String,java.lang.String,java.util.ResourceBundle,java.lang.String,java.lang.Object[])>", index: 3 }
+  - { method: "<java.util.logging.Logger: void logrb(java.util.logging.Level,java.lang.String,java.lang.String,java.util.ResourceBundle,java.lang.String,java.lang.Object[])>", index: 4 }
+  - { method: "<java.util.logging.Logger: void logrb(java.util.logging.Level,java.lang.String,java.lang.String,java.util.ResourceBundle,java.lang.String,java.lang.Throwable)>", index: 1 }
+  - { method: "<java.util.logging.Logger: void logrb(java.util.logging.Level,java.lang.String,java.lang.String,java.util.ResourceBundle,java.lang.String,java.lang.Throwable)>", index: 3 }
+  - { method: "<java.util.logging.Logger: void logrb(java.util.logging.Level,java.lang.String,java.lang.String,java.util.ResourceBundle,java.lang.String,java.lang.Throwable)>", index: 4 }
+  - { method: "<java.util.logging.Logger: void logrb(java.util.logging.Level,java.lang.String,java.lang.String,java.lang.String,java.lang.String)>", index: 0 }
+  - { method: "<java.util.logging.Logger: void logrb(java.util.logging.Level,java.lang.String,java.lang.String,java.lang.String,java.lang.String)>", index: 2 }
+  - { method: "<java.util.logging.Logger: void logrb(java.util.logging.Level,java.lang.String,java.lang.String,java.lang.String,java.lang.String)>", index: 3 }
+  - { method: "<java.util.logging.Logger: void logrb(java.util.logging.Level,java.lang.String,java.lang.String,java.lang.String,java.lang.String,java.lang.Object)>", index: 0 }
+  - { method: "<java.util.logging.Logger: void logrb(java.util.logging.Level,java.lang.String,java.lang.String,java.lang.String,java.lang.String,java.lang.Object)>", index: 1 }
+  - { method: "<java.util.logging.Logger: void logrb(java.util.logging.Level,java.lang.String,java.lang.String,java.lang.String,java.lang.String,java.lang.Object)>", index: 3 }
+  - { method: "<java.util.logging.Logger: void logrb(java.util.logging.Level,java.lang.String,java.lang.String,java.lang.String,java.lang.String,java.lang.Object)>", index: 4 }
+  - { method: "<java.util.logging.Logger: void logrb(java.util.logging.Level,java.lang.String,java.lang.String,java.lang.String,java.lang.String,java.lang.Object[])>", index: 0 }
+  - { method: "<java.util.logging.Logger: void logrb(java.util.logging.Level,java.lang.String,java.lang.String,java.lang.String,java.lang.String,java.lang.Object[])>", index: 1 }
+  - { method: "<java.util.logging.Logger: void logrb(java.util.logging.Level,java.lang.String,java.lang.String,java.lang.String,java.lang.String,java.lang.Object[])>", index: 3 }
+  - { method: "<java.util.logging.Logger: void logrb(java.util.logging.Level,java.lang.String,java.lang.String,java.lang.String,java.lang.String,java.lang.Object[])>", index: 4 }
+  - { method: "<java.util.logging.Logger: void logrb(java.util.logging.Level,java.lang.String,java.lang.String,java.lang.String,java.lang.String,java.lang.Throwable)>", index: 1 }
+  - { method: "<java.util.logging.Logger: void logrb(java.util.logging.Level,java.lang.String,java.lang.String,java.lang.String,java.lang.String,java.lang.Throwable)>", index: 3 }
+  - { method: "<java.util.logging.Logger: void logrb(java.util.logging.Level,java.lang.String,java.lang.String,java.lang.String,java.lang.String,java.lang.Throwable)>", index: 4 }
+
+  - { method: "<java.util.logging.Logger: void severe(java.lang.String)>", index: 0 }
+  - { method: "<java.util.logging.Logger: void throwing(java.lang.String,java.lang.String,java.lang.Throwable)>", index: 1 }
+  - { method: "<java.util.logging.Logger: void throwing(java.lang.String,java.lang.String,java.lang.Throwable)>", index: 2 }
+  - { method: "<java.util.logging.Logger: void warning(java.lang.String)>", index: 0 }
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/src/main/resources/commonly-used-taint-config/sink/injection/java/path-traversal/README.adoc b/src/main/resources/commonly-used-taint-config/sink/injection/java/path-traversal/README.adoc
new file mode 100644
index 000000000..9f5f12e3e
--- /dev/null
+++ b/src/main/resources/commonly-used-taint-config/sink/injection/java/path-traversal/README.adoc
@@ -0,0 +1,10 @@
+= Description
+
+- **Overview**: 
+    The APIs in this directory involve file operations from the Java standard library, including file creation, reading, writing, and path handling. These classes and methods allow developers to perform various file operations, such as creating temporary files, reading file content, and writing data to files. If the parameters are unconstrained and controlled externally, attackers can exploit path traversal vulnerabilities to read and write arbitrary files.
+
+- **Common Use Cases**:
+    These APIs are commonly used for creating files and directories, reading files, writing files, and handling file paths.
+
+- **Security Risks**:
+    Path Traversal: Attackers can exploit malicious input to perform arbitrary file operations or access unsafe locations, potentially leading to unauthorized file read and write access.
diff --git a/src/main/resources/commonly-used-taint-config/sink/injection/java/path-traversal/path-traversal.yml b/src/main/resources/commonly-used-taint-config/sink/injection/java/path-traversal/path-traversal.yml
new file mode 100644
index 000000000..c82164eb0
--- /dev/null
+++ b/src/main/resources/commonly-used-taint-config/sink/injection/java/path-traversal/path-traversal.yml
@@ -0,0 +1,36 @@
+sinks:
+  # in
+  - { method: "<java.io.File: void <init>(java.lang.String)>", index: 0 }
+  - { method: "<java.io.File: void <init>(java.lang.String,java.lang.String)>", index: 0 }
+  - { method: "<java.io.File: void <init>(java.lang.String,java.lang.String)>", index: 1 }
+  - { method: "<java.io.File: void <init>(java.io.File,java.lang.String)>", index: 0 }
+  - { method: "<java.io.File: void <init>(java.net.URI)>", index: 0 }
+  - { method: "<java.io.RandomAccessFile: void <init>(java.lang.String,java.lang.String)>", index: 1 }
+
+  - { method: "<java.io.FileReader: void <init>(java.lang.String)>", index: 0 }
+  - { method: "<java.io.FileInputStream: void <init>(java.lang.String)>", index: 0 }
+
+  - { method: "<java.nio.file.Paths: java.nio.file.Path get(java.lang.String,java.lang.String[])>", index: 0 }
+  - { method: "<java.nio.file.Paths: java.nio.file.Path get(java.lang.String,java.lang.String[])>", index: 1 }
+  - { method: "<java.nio.file.Paths: java.nio.file.Path get(java.net.URI)>", index: 0 }
+
+  - { method: "<java.io.File: java.io.File createTempFile(java.lang.String,java.lang.String)>", index: 0 }
+  - { method: "<java.io.File: java.io.File createTempFile(java.lang.String,java.lang.String)>", index: 1 }
+  - { method: "<java.io.File: java.io.File createTempFile(java.lang.String,java.lang.String,java.io.File)>", index: 0 }
+  - { method: "<java.io.File: java.io.File createTempFile(java.lang.String,java.lang.String,java.io.File)>", index: 1 }
+  - { method: "<java.io.File: java.io.File createTempFile(java.lang.String,java.lang.String,java.io.File)>", index: 2 }
+
+  - { method: "<javax.activation.FileDataSource: void <init>(java.lang.String)>", index: 0 }
+
+  - { method: "<java.nio.file.Files: java.nio.file.Path createTempFile(java.nio.file.Path,java.lang.String,java.lang.String,java.nio.file.attribute.FileAttribute[])>", index: 1 }
+  - { method: "<java.nio.file.Files: java.nio.file.Path createTempFile(java.nio.file.Path,java.lang.String,java.lang.String,java.nio.file.attribute.FileAttribute[])>", index: 2 }
+  - { method: "<java.nio.file.Files: java.nio.file.Path createTempFile(java.lang.String,java.lang.String,java.nio.file.attribute.FileAttribute[])>", index: 1 }
+  - { method: "<java.nio.file.Files: java.nio.file.Path createTempFile(java.lang.String,java.lang.String,java.nio.file.attribute.FileAttribute[])>", index: 2 }
+  - { method: "<java.nio.file.Files: java.nio.file.Path createTempDirectory(java.nio.file.Path,java.lang.String,java.nio.file.attribute.FileAttribute[])>", index: 1 }
+  - { method: "<java.nio.file.Files: java.nio.file.Path createTempDirectory(java.lang.String,java.nio.file.attribute.FileAttribute[])>", index: 1 }
+
+  # out
+  - { method: "<java.io.FileWriter: void <init>(java.lang.String)>", index: 0 }
+  - { method: "<java.io.FileWriter: void <init>(java.lang.String,boolean)>", index: 1 }
+  - { method: "<java.io.FileOutputStream: void <init>(java.lang.String)>", index: 0 }
+  - { method: "<java.io.FileOutputStream: void <init>(java.lang.String,boolean)>", index: 1 }
diff --git a/src/main/resources/commonly-used-taint-config/sink/injection/java/rce/README.adoc b/src/main/resources/commonly-used-taint-config/sink/injection/java/rce/README.adoc
new file mode 100644
index 000000000..19dfff8ec
--- /dev/null
+++ b/src/main/resources/commonly-used-taint-config/sink/injection/java/rce/README.adoc
@@ -0,0 +1,10 @@
+= Description
+
+- **Overview**: 
+    The APIs in this directory involve operations for creating and managing processes in Java. They are used to start and control external processes, suitable for various scenarios such as executing system commands and launching external applications. If their parameters are subject to unlimited external input, attackers can execute arbitrary commands on the local machine.
+
+- **Common Use Cases**:
+    These APIs are commonly used to create and manage processes, and to execute system commands.
+
+- **Security Risks**:
+    Command Injection: Attackers can exploit these methods to execute arbitrary commands on the local machine, potentially compromising the system and accessing confidential information.
diff --git a/src/main/resources/commonly-used-taint-config/sink/injection/java/rce/command.yml b/src/main/resources/commonly-used-taint-config/sink/injection/java/rce/command.yml
new file mode 100644
index 000000000..6c09b9388
--- /dev/null
+++ b/src/main/resources/commonly-used-taint-config/sink/injection/java/rce/command.yml
@@ -0,0 +1,17 @@
+sinks:
+  - { method: "<java.lang.Runtime: java.lang.Process exec(java.lang.String)>", index: 0 }
+  - { method: "<java.lang.Runtime: java.lang.Process exec(java.lang.String[])>", index: 0 }
+  - { method: "<java.lang.Runtime: java.lang.Process exec(java.lang.String,java.lang.String[])>", index: 0 }
+  - { method: "<java.lang.Runtime: java.lang.Process exec(java.lang.String,java.lang.String[])>", index: 1 }
+  - { method: "<java.lang.Runtime: java.lang.Process exec(java.lang.String[],java.lang.String[])>", index: 0 }
+  - { method: "<java.lang.Runtime: java.lang.Process exec(java.lang.String[],java.lang.String[])>", index: 1 }
+  - { method: "<java.lang.Runtime: java.lang.Process exec(java.lang.String,java.lang.String[],java.io.File)>", index: 1 }
+  - { method: "<java.lang.Runtime: java.lang.Process exec(java.lang.String,java.lang.String[],java.io.File)>", index: 2 }
+  - { method: "<java.lang.Runtime: java.lang.Process exec(java.lang.String[],java.lang.String[],java.io.File)>", index: 1 }
+  - { method: "<java.lang.Runtime: java.lang.Process exec(java.lang.String[],java.lang.String[],java.io.File)>", index: 2 }
+
+  - { method: "<java.lang.ProcessBuilder: void <init>(java.lang.String[])>", index: 0 }
+  - { method: "<java.lang.ProcessBuilder: void <init>(java.util.List)>", index: 0 }
+  - { method: "<java.lang.ProcessBuilder: java.lang.ProcessBuilder command(java.lang.String[])>", index: 0 }
+  - { method: "<java.lang.ProcessBuilder: java.lang.ProcessBuilder command(java.util.List)>", index: 0 }
+
diff --git a/src/main/resources/commonly-used-taint-config/sink/injection/java/xpath-injection/README.adoc b/src/main/resources/commonly-used-taint-config/sink/injection/java/xpath-injection/README.adoc
new file mode 100644
index 000000000..992fb6bb9
--- /dev/null
+++ b/src/main/resources/commonly-used-taint-config/sink/injection/java/xpath-injection/README.adoc
@@ -0,0 +1,10 @@
+= Description
+
+- **Overview**: 
+    The Java standard library provides a set of methods for evaluating XPath expressions and selecting nodes within XML documents. Using these methods, developers can easily locate, filter, and process specific nodes and data within XML documents.
+
+- **Common Use Cases**:
+    These APIs are commonly used to parse and execute XPath expressions, returning corresponding results based on the content of XML documents.
+
+- **Security Risks**:
+    XPath Injection: Similar to SQL injection attacks, attackers can craft malicious XPath expressions to reveal the structure of XML data or access data that is normally restricted. If the XML data is used for user authentication, attackers could even escalate their privileges.
diff --git a/src/main/resources/commonly-used-taint-config/sink/injection/java/xpath-injection/xpath.yml b/src/main/resources/commonly-used-taint-config/sink/injection/java/xpath-injection/xpath.yml
new file mode 100644
index 000000000..0c0ca312d
--- /dev/null
+++ b/src/main/resources/commonly-used-taint-config/sink/injection/java/xpath-injection/xpath.yml
@@ -0,0 +1,10 @@
+sinks:
+  - { method: "<com.sun.org.apache.xpath.internal.XPathAPI: com.sun.org.apache.xpath.internal.objects.XObject eval(org.w3c.dom.Node,java.lang.String)>", index: 0 }
+  - { method: "<com.sun.org.apache.xpath.internal.XPathAPI: com.sun.org.apache.xpath.internal.objects.XObject eval(org.w3c.dom.Node,java.lang.String,org.w3c.dom.Node)>", index: 1 }
+  - { method: "<com.sun.org.apache.xpath.internal.XPathAPI: com.sun.org.apache.xpath.internal.objects.XObject eval(org.w3c.dom.Node,java.lang.String,com.sun.org.apache.xml.internal.utils.PrefixResolver)>", index: 1 }
+  - { method: "<com.sun.org.apache.xpath.internal.XPathAPI: org.w3c.dom.traversal.NodeIterator selectNodeIterator(org.w3c.dom.Node,java.lang.String)>", index: 0 }
+  - { method: "<com.sun.org.apache.xpath.internal.XPathAPI: org.w3c.dom.traversal.NodeIterator selectNodeIterator(org.w3c.dom.Node,java.lang.String,org.w3c.dom.Node)>", index: 1 }
+  - { method: "<com.sun.org.apache.xpath.internal.XPathAPI: org.w3c.dom.NodeList selectNodeList(org.w3c.dom.Node,java.lang.String)>", index: 0 }
+  - { method: "<com.sun.org.apache.xpath.internal.XPathAPI: org.w3c.dom.NodeList selectNodeList(org.w3c.dom.Node,java.lang.String,org.w3c.dom.Node)>", index: 1 }
+  - { method: "<com.sun.org.apache.xpath.internal.XPathAPI: org.w3c.dom.Node selectSingleNode(org.w3c.dom.Node,java.lang.String)>", index: 0 }
+  - { method: "<com.sun.org.apache.xpath.internal.XPathAPI: org.w3c.dom.Node selectSingleNode(org.w3c.dom.Node,java.lang.String,org.w3c.dom.Node)>", index: 1 }
diff --git a/src/main/resources/commonly-used-taint-config/sink/injection/java/xss/README.adoc b/src/main/resources/commonly-used-taint-config/sink/injection/java/xss/README.adoc
new file mode 100644
index 000000000..e4ba95a5b
--- /dev/null
+++ b/src/main/resources/commonly-used-taint-config/sink/injection/java/xss/README.adoc
@@ -0,0 +1,10 @@
+= Description
+
+- **Overview**: 
+    The Java standard library provides a set of formatting and output APIs that are used to format data into specific string forms and output these strings to various targets.
+
+- **Common Use Cases**:
+    These APIs are commonly used to format strings, write text to output streams, and other similar tasks.
+
+- **Security Risks**:
+    XSS (Cross-Site Scripting) Attacks: If the formatted string or parameters include user input data and are not properly encoded, it may lead to XSS vulnerabilities. For example, if user input contains a `<script>` tag, it may be rendered and executed.
diff --git a/src/main/resources/commonly-used-taint-config/sink/injection/java/xss/formatter.yml b/src/main/resources/commonly-used-taint-config/sink/injection/java/xss/formatter.yml
new file mode 100644
index 000000000..0f3b531f8
--- /dev/null
+++ b/src/main/resources/commonly-used-taint-config/sink/injection/java/xss/formatter.yml
@@ -0,0 +1,13 @@
+sinks:
+  - { method: "<java.util.Formatter: java.util.Formatter format(java.lang.String,java.lang.Object[])>", index: 1 }
+  - { method: "<java.util.Formatter: java.util.Formatter format(java.util.Locale,java.lang.String,java.lang.Object[])>", index: 1 }
+
+  - { method: "<java.io.PrintStream: java.io.PrintStream format(java.lang.String,java.lang.Object[])>", index: 1 }
+  - { method: "<java.io.PrintStream: java.io.PrintStream format(java.util.Locale,java.lang.String,java.lang.Object[])>", index: 1 }
+  - { method: "<java.lang.String: java.lang.String format(java.lang.String,java.lang.Object[])>", index: 1 }
+  - { method: "<java.lang.String: java.lang.String format(java.util.Locale,java.lang.String,java.lang.Object[])>", index: 1 }
+
+  - { method: "<java.io.PrintWriter: java.io.PrintWriter format(java.util.Locale,java.lang.String,java.lang.Object[])>", index: 0 }
+  - { method: "<java.io.PrintWriter: java.io.PrintWriter format(java.util.Locale,java.lang.String,java.lang.Object[])>", index: 1 }
+  - { method: "<java.io.PrintWriter: java.io.PrintWriter format(java.lang.String,java.lang.Object[])>", index: 0 }
+  - { method: "<java.io.PrintWriter: java.io.PrintWriter format(java.lang.String,java.lang.Object[])>", index: 1 }
\ No newline at end of file
diff --git a/src/main/resources/commonly-used-taint-config/sink/injection/java/xss/output.yml b/src/main/resources/commonly-used-taint-config/sink/injection/java/xss/output.yml
new file mode 100644
index 000000000..a2a384b22
--- /dev/null
+++ b/src/main/resources/commonly-used-taint-config/sink/injection/java/xss/output.yml
@@ -0,0 +1,23 @@
+sinks:
+  - { method: "<java.io.PrintWriter: void write(java.lang.String)>", index: 0 }
+  - { method: "<java.io.PrintWriter: void write(java.lang.String,int,int)>", index: 2 }
+  - { method: "<java.io.PrintWriter: void write(char[])>", index: 0 }
+  - { method: "<java.io.PrintWriter: void write(char[],int,int)>", index: 2 }
+
+  - { method: "<java.io.PrintWriter: void print(char[])>", index: 0 }
+  - { method: "<java.io.PrintWriter: void print(java.lang.String)>", index: 0 }
+  - { method: "<java.io.PrintWriter: void print(java.lang.Object)>", index: 0 }
+  - { method: "<java.io.PrintWriter: void print(char)>", index: 0 }
+  - { method: "<java.io.PrintWriter: void println(char[])>", index: 0 }
+  - { method: "<java.io.PrintWriter: void println(java.lang.String)>", index: 0 }
+  - { method: "<java.io.PrintWriter: void println(java.lang.Object)>", index: 0 }
+  - { method: "<java.io.PrintWriter: void println(char)>", index: 0 }
+  - { method: "<java.io.PrintWriter: java.io.PrintWriter printf(java.util.Locale,java.lang.String,java.lang.Object[])>", index: 0 }
+  - { method: "<java.io.PrintWriter: java.io.PrintWriter printf(java.util.Locale,java.lang.String,java.lang.Object[])>", index: 1 }
+  - { method: "<java.io.PrintWriter: java.io.PrintWriter printf(java.lang.String,java.lang.Object[])>", index: 0 }
+  - { method: "<java.io.PrintWriter: java.io.PrintWriter printf(java.lang.String,java.lang.Object[])>", index: 1 }
+  - { method: "<java.io.PrintWriter: java.io.PrintWriter append(java.lang.CharSequence)>", index: 0 }
+  - { method: "<java.io.PrintWriter: java.io.PrintWriter append(java.lang.CharSequence,int,int)>", index: 2 }
+  - { method: "<java.io.PrintWriter: java.io.PrintWriter append(char)>", index: 0 }
+  - { method: "<java.io.PrintStream: java.io.PrintStream printf(java.lang.String,java.lang.Object[])>", index: 1 }
+  - { method: "<java.io.PrintStream: java.io.PrintStream printf(java.util.Locale,java.lang.String,java.lang.Object[])>", index: 1 }
\ No newline at end of file
diff --git a/src/main/resources/commonly-used-taint-config/sink/injection/javax/ldap-injection/README.adoc b/src/main/resources/commonly-used-taint-config/sink/injection/javax/ldap-injection/README.adoc
new file mode 100644
index 000000000..c8d366edb
--- /dev/null
+++ b/src/main/resources/commonly-used-taint-config/sink/injection/javax/ldap-injection/README.adoc
@@ -0,0 +1,10 @@
+= Description
+
+- **Overview**: 
+    LDAP (Lightweight Directory Access Protocol) is a protocol used for accessing and maintaining distributed directory information services. Web applications commonly use LDAP to manage users and permissions.
+
+- **Common Use Cases**:
+    These APIs are commonly used to search, query, and list entries in an LDAP directory.
+
+- **Security Risks**:
+    Unauthorized Access: When applications construct LDAP queries using user input, and if proper input validation is not performed, attackers can modify the LDAP query through crafted input, leading to unauthorized access or data manipulation.
diff --git a/src/main/resources/commonly-used-taint-config/sink/injection/javax/ldap-injection/ldap.yml b/src/main/resources/commonly-used-taint-config/sink/injection/javax/ldap-injection/ldap.yml
new file mode 100644
index 000000000..e9a9ca40c
--- /dev/null
+++ b/src/main/resources/commonly-used-taint-config/sink/injection/javax/ldap-injection/ldap.yml
@@ -0,0 +1,53 @@
+sinks:
+  - { method: "<javax.naming.ldap.LdapName: void <init>(java.lang.String)>", index: 0 }
+  - { method: "<javax.naming.Context: java.lang.Object lookup(java.lang.String)>", index: 0 }
+
+  - { method: "<javax.naming.directory.DirContext: java.lang.Object lookup(java.lang.String)>", index: 0 }
+  - { method: "<javax.naming.directory.DirContext: javax.naming.NamingEnumeration search(javax.naming.Name,java.lang.String,javax.naming.directory.SearchControls)>", index: 1 }
+  - { method: "<javax.naming.directory.DirContext: javax.naming.NamingEnumeration search(javax.naming.Name,java.lang.String,java.lang.Object[],javax.naming.directory.SearchControls)>", index: 2 }
+  - { method: "<javax.naming.directory.DirContext: javax.naming.NamingEnumeration search(java.lang.String,java.lang.String,javax.naming.directory.SearchControls)>", index: 1 }
+  - { method: "<javax.naming.directory.DirContext: javax.naming.NamingEnumeration search(java.lang.String,java.lang.String,javax.naming.directory.SearchControls)>", index: 2 }
+  - { method: "<javax.naming.directory.DirContext: javax.naming.NamingEnumeration search(java.lang.String,java.lang.String,java.lang.Object[],javax.naming.directory.SearchControls)>", index: 2 }
+  - { method: "<javax.naming.directory.DirContext: javax.naming.NamingEnumeration search(java.lang.String,java.lang.String,java.lang.Object[],javax.naming.directory.SearchControls)>", index: 3 }
+
+  - { method: "<javax.naming.directory.InitialDirContext: java.lang.Object lookup(java.lang.String)>", index: 0 }
+  - { method: "<javax.naming.directory.InitialDirContext: javax.naming.NamingEnumeration search(javax.naming.Name,java.lang.String,javax.naming.directory.SearchControls)>", index: 1 }
+  - { method: "<javax.naming.directory.InitialDirContext: javax.naming.NamingEnumeration search(javax.naming.Name,java.lang.String,java.lang.Object[],javax.naming.directory.SearchControls)>", index: 2 }
+  - { method: "<javax.naming.directory.InitialDirContext: javax.naming.NamingEnumeration search(java.lang.String,java.lang.String,javax.naming.directory.SearchControls)>", index: 1 }
+  - { method: "<javax.naming.directory.InitialDirContext: javax.naming.NamingEnumeration search(java.lang.String,java.lang.String,javax.naming.directory.SearchControls)>", index: 2 }
+  - { method: "<javax.naming.directory.InitialDirContext: javax.naming.NamingEnumeration search(java.lang.String,java.lang.String,java.lang.Object[],javax.naming.directory.SearchControls)>", index: 2 }
+  - { method: "<javax.naming.directory.InitialDirContext: javax.naming.NamingEnumeration search(java.lang.String,java.lang.String,java.lang.Object[],javax.naming.directory.SearchControls)>", index: 3 }
+
+  - { method: "<javax.naming.ldap.LdapContext: java.lang.Object lookup(java.lang.String)>", index: 0 }
+  - { method: "<javax.naming.ldap.LdapContext: javax.naming.NamingEnumeration search(javax.naming.Name,java.lang.String,javax.naming.directory.SearchControls)>", index: 1 }
+  - { method: "<javax.naming.ldap.LdapContext: javax.naming.NamingEnumeration search(javax.naming.Name,java.lang.String,java.lang.Object[],javax.naming.directory.SearchControls)>", index: 2 }
+  - { method: "<javax.naming.ldap.LdapContext: javax.naming.NamingEnumeration search(java.lang.String,java.lang.String,javax.naming.directory.SearchControls)>", index: 1 }
+  - { method: "<javax.naming.ldap.LdapContext: javax.naming.NamingEnumeration search(java.lang.String,java.lang.String,javax.naming.directory.SearchControls)>", index: 2 }
+  - { method: "<javax.naming.ldap.LdapContext: javax.naming.NamingEnumeration search(java.lang.String,java.lang.String,java.lang.Object[],javax.naming.directory.SearchControls)>", index: 2 }
+  - { method: "<javax.naming.ldap.LdapContext: javax.naming.NamingEnumeration search(java.lang.String,java.lang.String,java.lang.Object[],javax.naming.directory.SearchControls)>", index: 3 }
+
+  - { method: "<javax.naming.ldap.InitialLdapContext: java.lang.Object lookup(java.lang.String)>", index: 0 }
+  - { method: "<javax.naming.ldap.InitialLdapContext: javax.naming.NamingEnumeration search(javax.naming.Name,java.lang.String,javax.naming.directory.SearchControls)>", index: 1 }
+  - { method: "<javax.naming.ldap.InitialLdapContext: javax.naming.NamingEnumeration search(javax.naming.Name,java.lang.String,java.lang.Object[],javax.naming.directory.SearchControls)>", index: 2 }
+  - { method: "<javax.naming.ldap.InitialLdapContext: javax.naming.NamingEnumeration search(java.lang.String,java.lang.String,javax.naming.directory.SearchControls)>", index: 1 }
+  - { method: "<javax.naming.ldap.InitialLdapContext: javax.naming.NamingEnumeration search(java.lang.String,java.lang.String,javax.naming.directory.SearchControls)>", index: 2 }
+  - { method: "<javax.naming.ldap.InitialLdapContext: javax.naming.NamingEnumeration search(java.lang.String,java.lang.String,java.lang.Object[],javax.naming.directory.SearchControls)>", index: 2 }
+  - { method: "<javax.naming.ldap.InitialLdapContext: javax.naming.NamingEnumeration search(java.lang.String,java.lang.String,java.lang.Object[],javax.naming.directory.SearchControls)>", index: 3 }
+
+  - { method: "<javax.naming.event.EventDirContext: java.lang.Object lookup(java.lang.String)>", index: 0 }
+  - { method: "<javax.naming.event.EventDirContext: javax.naming.NamingEnumeration search(javax.naming.Name,java.lang.String,javax.naming.directory.SearchControls)>", index: 1 }
+  - { method: "<javax.naming.event.EventDirContext: javax.naming.NamingEnumeration search(javax.naming.Name,java.lang.String,java.lang.Object[],javax.naming.directory.SearchControls)>", index: 2 }
+  - { method: "<javax.naming.event.EventDirContext: javax.naming.NamingEnumeration search(java.lang.String,java.lang.String,javax.naming.directory.SearchControls)>", index: 1 }
+  - { method: "<javax.naming.event.EventDirContext: javax.naming.NamingEnumeration search(java.lang.String,java.lang.String,javax.naming.directory.SearchControls)>", index: 2 }
+  - { method: "<javax.naming.event.EventDirContext: javax.naming.NamingEnumeration search(java.lang.String,java.lang.String,java.lang.Object[],javax.naming.directory.SearchControls)>", index: 2 }
+  - { method: "<javax.naming.event.EventDirContext: javax.naming.NamingEnumeration search(java.lang.String,java.lang.String,java.lang.Object[],javax.naming.directory.SearchControls)>", index: 3 }
+
+  - { method: "<com.sun.jndi.ldap.LdapCtx: java.lang.Object lookup(java.lang.String)>", index: 0 }
+  - { method: "<com.sun.jndi.ldap.LdapCtx: javax.naming.NamingEnumeration search(javax.naming.Name,java.lang.String,javax.naming.directory.SearchControls)>", index: 1 }
+  - { method: "<com.sun.jndi.ldap.LdapCtx: javax.naming.NamingEnumeration search(javax.naming.Name,java.lang.String,java.lang.Object[],javax.naming.directory.SearchControls)>", index: 2 }
+  - { method: "<com.sun.jndi.ldap.LdapCtx: javax.naming.NamingEnumeration search(java.lang.String,java.lang.String,javax.naming.directory.SearchControls)>", index: 1 }
+  - { method: "<com.sun.jndi.ldap.LdapCtx: javax.naming.NamingEnumeration search(java.lang.String,java.lang.String,javax.naming.directory.SearchControls)>", index: 2 }
+  - { method: "<com.sun.jndi.ldap.LdapCtx: javax.naming.NamingEnumeration search(java.lang.String,java.lang.String,java.lang.Object[],javax.naming.directory.SearchControls)>", index: 2 }
+  - { method: "<com.sun.jndi.ldap.LdapCtx: javax.naming.NamingEnumeration search(java.lang.String,java.lang.String,java.lang.Object[],javax.naming.directory.SearchControls)>", index: 3 }
+  - { method: "<com.unboundid.ldap.sdk.LDAPConnection: com.unboundid.ldap.sdk.SearchResult search(java.lang.String,com.unboundid.ldap.sdk.SearchScope,java.lang.String,java.lang.String[])>", index: 1 } 
+  - { method: "<com.unboundid.ldap.sdk.LDAPConnection: com.unboundid.ldap.sdk.SearchResult search(java.lang.String,com.unboundid.ldap.sdk.SearchScope,java.lang.String,java.lang.String[])>", index: 3 }
\ No newline at end of file
diff --git a/src/main/resources/commonly-used-taint-config/sink/injection/javax/other/el.yml b/src/main/resources/commonly-used-taint-config/sink/injection/javax/other/el.yml
new file mode 100644
index 000000000..a0040d9c8
--- /dev/null
+++ b/src/main/resources/commonly-used-taint-config/sink/injection/javax/other/el.yml
@@ -0,0 +1,3 @@
+sinks:
+  - { method: "<javax.el.ExpressionFactory: javax.el.ValueExpression createValueExpression(javax.el.ELContext,java.lang.String,java.lang.Class)>", index: 1 }
+  - { method: "<javax.el.ExpressionFactory: javax.el.MethodExpression createMethodExpression(javax.el.ELContext,java.lang.String,java.lang.Class,java.lang.Class[])>", index: 2 }
diff --git a/src/main/resources/commonly-used-taint-config/sink/injection/javax/other/response-splitting.yml b/src/main/resources/commonly-used-taint-config/sink/injection/javax/other/response-splitting.yml
new file mode 100644
index 000000000..9d372a43a
--- /dev/null
+++ b/src/main/resources/commonly-used-taint-config/sink/injection/javax/other/response-splitting.yml
@@ -0,0 +1,13 @@
+sinks:
+  - { method: "<javax.servlet.http.Cookie: void <init>(java.lang.String,java.lang.String)>", index: 0 }
+  - { method: "<javax.servlet.http.Cookie: void <init>(java.lang.String,java.lang.String)>", index: 1 }
+  - { method: "<javax.servlet.http.Cookie: void setValue(java.lang.String)>", index: 0 }
+
+  - { method: "<javax.servlet.http.HttpServletResponse: void addHeader(java.lang.String,java.lang.String)>", index: 0 }
+  - { method: "<javax.servlet.http.HttpServletResponse: void addHeader(java.lang.String,java.lang.String)>", index: 1 }
+  - { method: "<javax.servlet.http.HttpServletResponse: void setHeader(java.lang.String,java.lang.String)>", index: 0 }
+  - { method: "<javax.servlet.http.HttpServletResponse: void setHeader(java.lang.String,java.lang.String)>", index: 1 }
+  - { method: "<javax.servlet.http.HttpServletResponseWrapper: void addHeader(java.lang.String,java.lang.String)>", index: 0 }
+  - { method: "<javax.servlet.http.HttpServletResponseWrapper: void addHeader(java.lang.String,java.lang.String)>", index: 1 }
+  - { method: "<javax.servlet.http.HttpServletResponseWrapper: void setHeader(java.lang.String,java.lang.String)>", index: 0 }
+  - { method: "<javax.servlet.http.HttpServletResponseWrapper: void setHeader(java.lang.String,java.lang.String)>", index: 1 }
diff --git a/src/main/resources/commonly-used-taint-config/sink/injection/javax/other/script-engine.yml b/src/main/resources/commonly-used-taint-config/sink/injection/javax/other/script-engine.yml
new file mode 100644
index 000000000..2acd80784
--- /dev/null
+++ b/src/main/resources/commonly-used-taint-config/sink/injection/javax/other/script-engine.yml
@@ -0,0 +1,2 @@
+sinks:
+  - { method: "<javax.script.ScriptEngine: java.lang.Object eval(java.lang.String)>", index: 0 }
diff --git a/src/main/resources/commonly-used-taint-config/sink/injection/javax/other/smtp.yml b/src/main/resources/commonly-used-taint-config/sink/injection/javax/other/smtp.yml
new file mode 100644
index 000000000..f9b245397
--- /dev/null
+++ b/src/main/resources/commonly-used-taint-config/sink/injection/javax/other/smtp.yml
@@ -0,0 +1,6 @@
+sinks:
+  - { method: "<javax.mail.Message: void setSubject(java.lang.String)>", index: 0 }
+  - { method: "<javax.mail.Message: void addHeader(java.lang.String,java.lang.String)>", index: 0 }
+  - { method: "<javax.mail.Message: void addHeader(java.lang.String,java.lang.String)>", index: 1 }
+  - { method: "<javax.mail.Message: void setDescription(java.lang.String)>", index: 0 }
+  - { method: "<javax.mail.Message: void setDisposition(java.lang.String)>", index: 0 }
diff --git a/src/main/resources/commonly-used-taint-config/sink/injection/javax/other/trust-boundary-violation.yml b/src/main/resources/commonly-used-taint-config/sink/injection/javax/other/trust-boundary-violation.yml
new file mode 100644
index 000000000..0f7b173a5
--- /dev/null
+++ b/src/main/resources/commonly-used-taint-config/sink/injection/javax/other/trust-boundary-violation.yml
@@ -0,0 +1,6 @@
+sinks:
+  - { method: "<javax.servlet.http.HttpSession: void setAttribute(java.lang.String,java.lang.Object)>", index: 1 }
+  - { method: "<javax.servlet.http.HttpSession: void putValue(java.lang.String,java.lang.Object)>", index: 1 }
+
+  - { method: "<javax.servlet.http.HttpSession: void setAttribute(java.lang.String,java.lang.Object)>", index: 0 }
+  - { method: "<javax.servlet.http.HttpSession: void putValue(java.lang.String,java.lang.Object)>", index: 0 }
diff --git a/src/main/resources/commonly-used-taint-config/sink/injection/javax/other/xslt.yml b/src/main/resources/commonly-used-taint-config/sink/injection/javax/other/xslt.yml
new file mode 100644
index 000000000..b4d536dde
--- /dev/null
+++ b/src/main/resources/commonly-used-taint-config/sink/injection/javax/other/xslt.yml
@@ -0,0 +1,2 @@
+sinks:
+  - { method: "<javax.xml.transform.TransformerFactory: javax.xml.transform.Transformer newTransformer(javax.xml.transform.Source)>", index: 0 }
diff --git a/src/main/resources/commonly-used-taint-config/sink/injection/javax/xss/README.adoc b/src/main/resources/commonly-used-taint-config/sink/injection/javax/xss/README.adoc
new file mode 100644
index 000000000..68c232acc
--- /dev/null
+++ b/src/main/resources/commonly-used-taint-config/sink/injection/javax/xss/README.adoc
@@ -0,0 +1,10 @@
+= Description
+
+- **Overview**: 
+    Java EE provides a set of formatting and output APIs that are used to format data into specific string forms and output these strings to various targets.
+
+- **Common Use Cases**:
+    These APIs are commonly used for formatting strings, writing text to output streams, and other similar tasks.
+
+- **Security Risks**:
+    XSS (Cross-Site Scripting) Attacks: If the formatted string or parameters include user input data and are not properly encoded, it may lead to XSS vulnerabilities. For example, if user input contains a `<script>` tag, it may be rendered and executed.
diff --git a/src/main/resources/commonly-used-taint-config/sink/injection/javax/xss/output.yml b/src/main/resources/commonly-used-taint-config/sink/injection/javax/xss/output.yml
new file mode 100644
index 000000000..b5bc605d2
--- /dev/null
+++ b/src/main/resources/commonly-used-taint-config/sink/injection/javax/xss/output.yml
@@ -0,0 +1,24 @@
+sinks:
+  - { method: "<javax.servlet.http.HttpServletResponse: void sendError(int,java.lang.String)>", index: 0 }
+  - { method: "<javax.servlet.http.HttpServletResponse: void setStatus(int,java.lang.String)>", index: 0 }
+  - { method: "<javax.servlet.http.HttpServletResponseWrapper: void sendError(int,java.lang.String)>", index: 0 }
+  - { method: "<javax.servlet.http.HttpServletResponseWrapper: void setStatus(int,java.lang.String)>", index: 0 }
+  - { method: "<javax.servlet.ServletOutputStream: void print(java.lang.String)>", index: 0 }
+  - { method: "<javax.servlet.ServletOutputStream: void println(java.lang.String)>", index: 0 }
+
+  - { method: "<javax.servlet.jsp.JspWriter: void write(java.lang.String)>", index: 0 }
+  - { method: "<javax.servlet.jsp.JspWriter: void write(java.lang.String,int,int)>", index: 2 }
+  - { method: "<javax.servlet.jsp.JspWriter: void write(char[])>", index: 0 }
+  - { method: "<javax.servlet.jsp.JspWriter: void write(char[],int,int)>", index: 2 }
+  - { method: "<javax.servlet.jsp.JspWriter: java.io.PrintWriter append(java.lang.CharSequence)>", index: 0 }
+  - { method: "<javax.servlet.jsp.JspWriter: java.io.PrintWriter append(java.lang.CharSequence,int,int)>", index: 2 }
+  - { method: "<javax.servlet.jsp.JspWriter: java.io.PrintWriter append(char)>", index: 0 }
+
+  - { method: "<javax.servlet.jsp.JspWriter: void print(char[])>", index: 0 }
+  - { method: "<javax.servlet.jsp.JspWriter: void print(java.lang.String)>", index: 0 }
+  - { method: "<javax.servlet.jsp.JspWriter: void print(java.lang.Object)>", index: 0 }
+  - { method: "<javax.servlet.jsp.JspWriter: void print(char)>", index: 0 }
+  - { method: "<javax.servlet.jsp.JspWriter: void println(char[])>", index: 0 }
+  - { method: "<javax.servlet.jsp.JspWriter: void println(java.lang.String)>", index: 0 }
+  - { method: "<javax.servlet.jsp.JspWriter: void println(java.lang.Object)>", index: 0 }
+  - { method: "<javax.servlet.jsp.JspWriter: void println(char)>", index: 0 }
\ No newline at end of file
diff --git a/src/main/resources/commonly-used-taint-config/sink/injection/javax/xss/request-dispatcher.yml b/src/main/resources/commonly-used-taint-config/sink/injection/javax/xss/request-dispatcher.yml
new file mode 100644
index 000000000..ff6f15ddf
--- /dev/null
+++ b/src/main/resources/commonly-used-taint-config/sink/injection/javax/xss/request-dispatcher.yml
@@ -0,0 +1,3 @@
+sinks:
+  - { method: "<javax.servlet.RequestDispatcher: void forward(javax.servlet.ServletRequest,javax.servlet.ServletResponse)>", index: 1 }
+  - { method: "<javax.servlet.RequestDispatcher: void include(javax.servlet.ServletRequest,javax.servlet.ServletResponse)>", index: 1 }
diff --git a/src/main/resources/commonly-used-taint-config/sink/injection/slf4j/crlf/README.adoc b/src/main/resources/commonly-used-taint-config/sink/injection/slf4j/crlf/README.adoc
new file mode 100644
index 000000000..e94237d96
--- /dev/null
+++ b/src/main/resources/commonly-used-taint-config/sink/injection/slf4j/crlf/README.adoc
@@ -0,0 +1,10 @@
+= Description
+
+- **Overview**: 
+    SLF4J (Simple Logging Facade for Java) is a logging library that provides a simple, unified interface for various logging frameworks. It allows developers to choose different logging implementations (e.g., Logback, Log4j, etc.) and log through a common API.
+
+- **Common Use Cases**:
+    These APIs are commonly used to log various types of information, such as recording errors and exceptions, tracking runtime information, issuing warnings, and integrating with log auditing systems.
+
+- **Security Risks**:
+    CRLF Injection: Attackers can craft malicious input containing CRLF (Carriage Return and Line Feed) sequences to forge log entries, mislead monitoring personnel, and even affect auditing systems. Additionally, attackers can flood logs with excessive errors or irrelevant information, potentially corrupting the log data.
diff --git a/src/main/resources/commonly-used-taint-config/sink/injection/slf4j/crlf/crlf-logs.yml b/src/main/resources/commonly-used-taint-config/sink/injection/slf4j/crlf/crlf-logs.yml
new file mode 100644
index 000000000..064738993
--- /dev/null
+++ b/src/main/resources/commonly-used-taint-config/sink/injection/slf4j/crlf/crlf-logs.yml
@@ -0,0 +1,91 @@
+sinks:
+  - { method: "<org.slf4j.Logger: void debug(org.slf4j.Marker,java.lang.String)>", index: 0 }
+  - { method: "<org.slf4j.Logger: void debug(org.slf4j.Marker,java.lang.String,java.lang.Object[])>", index: 0 }
+  - { method: "<org.slf4j.Logger: void debug(org.slf4j.Marker,java.lang.String,java.lang.Object[])>", index: 1 }
+  - { method: "<org.slf4j.Logger: void debug(org.slf4j.Marker,java.lang.String,java.lang.Object)>", index: 0 }
+  - { method: "<org.slf4j.Logger: void debug(org.slf4j.Marker,java.lang.String,java.lang.Object)>", index: 1 }
+  - { method: "<org.slf4j.Logger: void debug(org.slf4j.Marker,java.lang.String,java.lang.Object,java.lang.Object)>", index: 0 }
+  - { method: "<org.slf4j.Logger: void debug(org.slf4j.Marker,java.lang.String,java.lang.Object,java.lang.Object)>", index: 1 }
+  - { method: "<org.slf4j.Logger: void debug(org.slf4j.Marker,java.lang.String,java.lang.Object,java.lang.Object)>", index: 2 }
+  - { method: "<org.slf4j.Logger: void debug(org.slf4j.Marker,java.lang.String,java.lang.Throwable)>", index: 1 }
+  - { method: "<org.slf4j.Logger: void debug(java.lang.String)>", index: 0 }
+  - { method: "<org.slf4j.Logger: void debug(java.lang.String,java.lang.Object[])>", index: 0 }
+  - { method: "<org.slf4j.Logger: void debug(java.lang.String,java.lang.Object[])>", index: 1 }
+  - { method: "<org.slf4j.Logger: void debug(java.lang.String,java.lang.Object)>", index: 0 }
+  - { method: "<org.slf4j.Logger: void debug(java.lang.String,java.lang.Object)>", index: 1 }
+  - { method: "<org.slf4j.Logger: void debug(java.lang.String,java.lang.Object,java.lang.Object)>", index: 0 }
+  - { method: "<org.slf4j.Logger: void debug(java.lang.String,java.lang.Object,java.lang.Object)>", index: 1 }
+  - { method: "<org.slf4j.Logger: void debug(java.lang.String,java.lang.Object,java.lang.Object)>", index: 2 }
+  - { method: "<org.slf4j.Logger: void debug(java.lang.String,java.lang.Throwable)>", index: 1 }
+  - { method: "<org.slf4j.Logger: void error(org.slf4j.Marker,java.lang.String)>", index: 0 }
+  - { method: "<org.slf4j.Logger: void error(org.slf4j.Marker,java.lang.String,java.lang.Object[])>", index: 0 }
+  - { method: "<org.slf4j.Logger: void error(org.slf4j.Marker,java.lang.String,java.lang.Object[])>", index: 1 }
+  - { method: "<org.slf4j.Logger: void error(org.slf4j.Marker,java.lang.String,java.lang.Object)>", index: 0 }
+  - { method: "<org.slf4j.Logger: void error(org.slf4j.Marker,java.lang.String,java.lang.Object)>", index: 1 }
+  - { method: "<org.slf4j.Logger: void error(org.slf4j.Marker,java.lang.String,java.lang.Object, java.lang.Object)>", index: 0 }
+  - { method: "<org.slf4j.Logger: void error(org.slf4j.Marker,java.lang.String,java.lang.Object, java.lang.Object)>", index: 1 }
+  - { method: "<org.slf4j.Logger: void error(org.slf4j.Marker,java.lang.String,java.lang.Object, java.lang.Object)>", index: 2 }
+  - { method: "<org.slf4j.Logger: void error(org.slf4j.Marker,java.lang.String,java.lang.Throwable)>", index: 1 }
+  - { method: "<org.slf4j.Logger: void error(java.lang.String)>", index: 0 }
+  - { method: "<org.slf4j.Logger: void error(java.lang.String,java.lang.Object[])>", index: 0 }
+  - { method: "<org.slf4j.Logger: void error(java.lang.String,java.lang.Object[])>", index: 1 }
+  - { method: "<org.slf4j.Logger: void error(java.lang.String,java.lang.Object)>", index: 0 }
+  - { method: "<org.slf4j.Logger: void error(java.lang.String,java.lang.Object)>", index: 1 }
+  - { method: "<org.slf4j.Logger: void error(java.lang.String,java.lang.Object,java.lang.Object)>", index: 0 }
+  - { method: "<org.slf4j.Logger: void error(java.lang.String,java.lang.Object,java.lang.Object)>", index: 1 }
+  - { method: "<org.slf4j.Logger: void error(java.lang.String,java.lang.Object,java.lang.Object)>", index: 2 }
+  - { method: "<org.slf4j.Logger: void error(java.lang.String,java.lang.Throwable)>", index: 1 }
+  - { method: "<org.slf4j.Logger: void info(java.lang.String)>", index: 0 }
+  - { method: "<org.slf4j.Logger: void info(java.lang.String,java.lang.Object[])>", index: 0 }
+  - { method: "<org.slf4j.Logger: void info(java.lang.String,java.lang.Object[])>", index: 1 }
+  - { method: "<org.slf4j.Logger: void info(java.lang.String,java.lang.Object)>", index: 0 }
+  - { method: "<org.slf4j.Logger: void info(java.lang.String,java.lang.Object)>", index: 1 }
+  - { method: "<org.slf4j.Logger: void info(java.lang.String,java.lang.Object,java.lang.Object)>", index: 0 }
+  - { method: "<org.slf4j.Logger: void info(java.lang.String,java.lang.Object,java.lang.Object)>", index: 1 }
+  - { method: "<org.slf4j.Logger: void info(java.lang.String,java.lang.Object,java.lang.Object)>", index: 2 }
+  - { method: "<org.slf4j.Logger: void info(java.lang.String,java.lang.Throwable)>", index: 1 }
+  - { method: "<org.slf4j.Logger: void info(java.lang.String)>", index: 0 }
+  - { method: "<org.slf4j.Logger: void info(java.lang.String,java.lang.Object[])>", index: 0 }
+  - { method: "<org.slf4j.Logger: void info(java.lang.String,java.lang.Object[])>", index: 1 }
+  - { method: "<org.slf4j.Logger: void info(java.lang.String,java.lang.Object)>", index: 0 }
+  - { method: "<org.slf4j.Logger: void info(java.lang.String,java.lang.Object)>", index: 1 }
+  - { method: "<org.slf4j.Logger: void info(java.lang.String,java.lang.Object,java.lang.Object)>", index: 0 }
+  - { method: "<org.slf4j.Logger: void info(java.lang.String,java.lang.Object,java.lang.Object)>", index: 1 }
+  - { method: "<org.slf4j.Logger: void info(java.lang.String,java.lang.Object,java.lang.Object)>", index: 2 }
+  - { method: "<org.slf4j.Logger: void info(java.lang.String,java.lang.Throwable)>", index: 1 }
+  - { method: "<org.slf4j.Logger: void trace(org.slf4j.Marker,java.lang.String)>", index: 0 }
+  - { method: "<org.slf4j.Logger: void trace(org.slf4j.Marker,java.lang.String,java.lang.Object[])>", index: 0 }
+  - { method: "<org.slf4j.Logger: void trace(org.slf4j.Marker,java.lang.String,java.lang.Object[])>", index: 1 }
+  - { method: "<org.slf4j.Logger: void trace(org.slf4j.Marker,java.lang.String,java.lang.Object)>", index: 0 }
+  - { method: "<org.slf4j.Logger: void trace(org.slf4j.Marker,java.lang.String,java.lang.Object)>", index: 1 }
+  - { method: "<org.slf4j.Logger: void trace(org.slf4j.Marker,java.lang.String,java.lang.Object,java.lang.Object)>", index: 0 }
+  - { method: "<org.slf4j.Logger: void trace(org.slf4j.Marker,java.lang.String,java.lang.Object,java.lang.Object)>", index: 1 }
+  - { method: "<org.slf4j.Logger: void trace(org.slf4j.Marker,java.lang.String,java.lang.Object,java.lang.Object)>", index: 2 }
+  - { method: "<org.slf4j.Logger: void trace(org.slf4j.Marker,java.lang.String,java.lang.Throwable)>", index: 1 }
+  - { method: "<org.slf4j.Logger: void trace(java.lang.String)>", index: 0 }
+  - { method: "<org.slf4j.Logger: void trace(java.lang.String,java.lang.Object[])>", index: 0 }
+  - { method: "<org.slf4j.Logger: void trace(java.lang.String,java.lang.Object[])>", index: 1 }
+  - { method: "<org.slf4j.Logger: void trace(java.lang.String,java.lang.Object)>", index: 0 }
+  - { method: "<org.slf4j.Logger: void trace(java.lang.String,java.lang.Object)>", index: 1 }
+  - { method: "<org.slf4j.Logger: void trace(java.lang.String,java.lang.Object,java.lang.Object)>", index: 0 }
+  - { method: "<org.slf4j.Logger: void trace(java.lang.String,java.lang.Object,java.lang.Object)>", index: 1 }
+  - { method: "<org.slf4j.Logger: void trace(java.lang.String,java.lang.Object,java.lang.Object)>", index: 2 }
+  - { method: "<org.slf4j.Logger: void trace(java.lang.String,java.lang.Throwable)>", index: 1 }
+  - { method: "<org.slf4j.Logger: void warn(org.slf4j.Marker,java.lang.String)>", index: 0 }
+  - { method: "<org.slf4j.Logger: void warn(org.slf4j.Marker,java.lang.String,java.lang.Object[])>", index: 0 }
+  - { method: "<org.slf4j.Logger: void warn(org.slf4j.Marker,java.lang.String,java.lang.Object[])>", index: 1 }
+  - { method: "<org.slf4j.Logger: void warn(org.slf4j.Marker,java.lang.String,java.lang.Object)>", index: 0 }
+  - { method: "<org.slf4j.Logger: void warn(org.slf4j.Marker,java.lang.String,java.lang.Object)>", index: 1 }
+  - { method: "<org.slf4j.Logger: void warn(org.slf4j.Marker,java.lang.String,java.lang.Object,java.lang.Object)>", index: 0 }
+  - { method: "<org.slf4j.Logger: void warn(org.slf4j.Marker,java.lang.String,java.lang.Object,java.lang.Object)>", index: 1 }
+  - { method: "<org.slf4j.Logger: void warn(org.slf4j.Marker,java.lang.String,java.lang.Object,java.lang.Object)>", index: 2 }
+  - { method: "<org.slf4j.Logger: void warn(org.slf4j.Marker,java.lang.String,java.lang.Throwable)>", index: 1 }
+  - { method: "<org.slf4j.Logger: void warn(java.lang.String)>", index: 0 }
+  - { method: "<org.slf4j.Logger: void warn(java.lang.String,java.lang.Object[])>", index: 0 }
+  - { method: "<org.slf4j.Logger: void warn(java.lang.String,java.lang.Object[])>", index: 1 }
+  - { method: "<org.slf4j.Logger: void warn(java.lang.String,java.lang.Object)>", index: 0 }
+  - { method: "<org.slf4j.Logger: void warn(java.lang.String,java.lang.Object)>", index: 1 }
+  - { method: "<org.slf4j.Logger: void warn(java.lang.String,java.lang.Object,java.lang.Object)>", index: 0 }
+  - { method: "<org.slf4j.Logger: void warn(java.lang.String,java.lang.Object,java.lang.Object)>", index: 1 }
+  - { method: "<org.slf4j.Logger: void warn(java.lang.String,java.lang.Object,java.lang.Object)>", index: 2 }
+  - { method: "<org.slf4j.Logger: void warn(java.lang.String,java.lang.Throwable)>", index: 1 }
\ No newline at end of file
diff --git a/src/main/resources/commonly-used-taint-config/sink/injection/spring-framework/beans/README.adoc b/src/main/resources/commonly-used-taint-config/sink/injection/spring-framework/beans/README.adoc
new file mode 100644
index 000000000..dd4e23c3d
--- /dev/null
+++ b/src/main/resources/commonly-used-taint-config/sink/injection/spring-framework/beans/README.adoc
@@ -0,0 +1,10 @@
+= Description
+
+- **Overview**: 
+    The Spring Framework beans provide a set of utility methods for manipulating Java Beans. The APIs in this directory can be used for common tasks, such as property copying.
+
+- **Common Use Cases**:
+    These APIs are commonly used for copying Java Bean objects.
+
+- **Security Risks**:
+    Property Injection: If attackers gain control over the objects being populated or the property names being set, they can inject unexpected and malicious property values, leading to property injection vulnerabilities.
diff --git a/src/main/resources/commonly-used-taint-config/sink/injection/spring-framework/beans/beans.yml b/src/main/resources/commonly-used-taint-config/sink/injection/spring-framework/beans/beans.yml
new file mode 100644
index 000000000..fcea2c64a
--- /dev/null
+++ b/src/main/resources/commonly-used-taint-config/sink/injection/spring-framework/beans/beans.yml
@@ -0,0 +1,5 @@
+sinks:
+  - { method: "<org.springframework.beans.BeanUtils: void copyProperties(java.lang.Object,java.lang.Object)>", index: 1 }
+  - { method: "<org.springframework.beans.BeanUtils: void copyProperties(java.lang.Object,java.lang.Object,java.lang.Class)>", index: 1 }
+  - { method: "<org.springframework.beans.BeanUtils: void copyProperties(java.lang.Object,java.lang.Object,java.lang.String[])>", index: 1 }
+  - { method: "<org.springframework.beans.BeanUtils: void copyProperties(java.lang.Object,java.lang.Object,java.lang.Class,java.lang.String[])>", index: 1 }
diff --git a/src/main/resources/commonly-used-taint-config/sink/injection/spring-framework/file-disclosure/README.adoc b/src/main/resources/commonly-used-taint-config/sink/injection/spring-framework/file-disclosure/README.adoc
new file mode 100644
index 000000000..369c0cbde
--- /dev/null
+++ b/src/main/resources/commonly-used-taint-config/sink/injection/spring-framework/file-disclosure/README.adoc
@@ -0,0 +1,10 @@
+= Description
+
+- **Overview**: 
+    These APIs are methods from Spring MVC used to create and manipulate ModelAndView objects. ModelAndView is a class in Spring MVC used to return model data and view names, enabling data binding to the view for rendering.
+
+- **Common Use Cases**:
+    These APIs are commonly used to create and manipulate ModelAndView objects, for page navigation, data passing, and dynamic view resolution.
+
+- **Security Risks**:
+    File Disclosure: If attackers gain control over the creation of ModelAndView objects, they can craft malicious requests to access sensitive files, such as configuration files or application class/jar files.
diff --git a/src/main/resources/commonly-used-taint-config/sink/injection/spring-framework/file-disclosure/spring-file-disclosure.yml b/src/main/resources/commonly-used-taint-config/sink/injection/spring-framework/file-disclosure/spring-file-disclosure.yml
new file mode 100644
index 000000000..1c4e93f74
--- /dev/null
+++ b/src/main/resources/commonly-used-taint-config/sink/injection/spring-framework/file-disclosure/spring-file-disclosure.yml
@@ -0,0 +1,5 @@
+sinks:
+  - { method: "<org.springframework.web.servlet.ModelAndView: void <init>(java.lang.String)>", index: 0 }
+  - { method: "<org.springframework.web.servlet.ModelAndView: void <init>(java.lang.String,java.lang.String,java.lang.Object)>", index: 2 }
+  - { method: "<org.springframework.web.servlet.ModelAndView: void <init>(java.lang.String,java.util.Map)>", index: 1 }
+  - { method: "<org.springframework.web.servlet.ModelAndView: void setViewName(java.lang.String)>", index: 0 }
diff --git a/src/main/resources/commonly-used-taint-config/sink/injection/spring-framework/ldap-injection/README.adoc b/src/main/resources/commonly-used-taint-config/sink/injection/spring-framework/ldap-injection/README.adoc
new file mode 100644
index 000000000..2ab3d8b73
--- /dev/null
+++ b/src/main/resources/commonly-used-taint-config/sink/injection/spring-framework/ldap-injection/README.adoc
@@ -0,0 +1,10 @@
+= Description
+
+- **Overview**: 
+    LDAP (Lightweight Directory Access Protocol) is a protocol used to access and maintain distributed directory information services. Web applications often use LDAP to manage users and permissions.
+
+- **Common Use Cases**:
+    These APIs are commonly used to search, query, and list entries in an LDAP directory.
+
+- **Security Risks**:
+    Unauthorized Access: When applications construct LDAP queries based on user input, attackers can exploit insufficient input validation to craft malicious inputs that modify the LDAP query, leading to unauthorized access or data manipulation.
diff --git a/src/main/resources/commonly-used-taint-config/sink/injection/spring-framework/ldap-injection/ldap.yml b/src/main/resources/commonly-used-taint-config/sink/injection/spring-framework/ldap-injection/ldap.yml
new file mode 100644
index 000000000..9bebfba2d
--- /dev/null
+++ b/src/main/resources/commonly-used-taint-config/sink/injection/spring-framework/ldap-injection/ldap.yml
@@ -0,0 +1,74 @@
+sinks:
+  - { method: "<org.springframework.ldap.core.LdapTemplate: java.util.List list(java.lang.String)>", index: 0 }
+  - { method: "<org.springframework.ldap.core.LdapTemplate: java.util.List list(java.lang.String,org.springframework.ldap.core.NameClassPairMapper)>", index: 1 }
+  - { method: "<org.springframework.ldap.core.LdapTemplate: void list(java.lang.String,org.springframework.ldap.core.NameClassPairCallbackHandler)>", index: 1 }
+
+  - { method: "<org.springframework.ldap.core.LdapTemplate: java.lang.Object lookup(java.lang.String)>", index: 0 }
+  - { method: "<org.springframework.ldap.core.LdapTemplate: java.lang.Object lookup(java.lang.String,org.springframework.ldap.core.AttributesMapper)>", index: 1 }
+  - { method: "<org.springframework.ldap.core.LdapTemplate: java.lang.Object lookup(java.lang.String,org.springframework.ldap.core.ContextMapper)>", index: 1 }
+
+  - { method: "<org.springframework.ldap.core.LdapTemplate: void search(java.lang.String,java.lang.String,javax.naming.directory.SearchControls,org.springframework.ldap.core.NameClassPairCallbackHandler)>", index: 2 }
+  - { method: "<org.springframework.ldap.core.LdapTemplate: void search(java.lang.String,java.lang.String,javax.naming.directory.SearchControls,org.springframework.ldap.core.NameClassPairCallbackHandler)>", index: 3 }
+  - { method: "<org.springframework.ldap.core.LdapTemplate: java.util.List search(java.lang.String,java.lang.String,javax.naming.directory.SearchControls,org.springframework.ldap.core.AttributesMapper,org.springframework.ldap.core.DirContextProcessor)>", index: 3 }
+  - { method: "<org.springframework.ldap.core.LdapTemplate: java.util.List search(java.lang.String,java.lang.String,javax.naming.directory.SearchControls,org.springframework.ldap.core.AttributesMapper,org.springframework.ldap.core.DirContextProcessor)>", index: 4 }
+  - { method: "<org.springframework.ldap.core.LdapTemplate: java.util.List search(java.lang.String,java.lang.String,javax.naming.directory.SearchControls,org.springframework.ldap.core.ContextMapper,org.springframework.ldap.core.DirContextProcessor)>", index: 3 }
+  - { method: "<org.springframework.ldap.core.LdapTemplate: java.util.List search(java.lang.String,java.lang.String,javax.naming.directory.SearchControls,org.springframework.ldap.core.ContextMapper,org.springframework.ldap.core.DirContextProcessor)>", index: 4 }
+  - { method: "<org.springframework.ldap.core.LdapTemplate: void search(java.lang.String,java.lang.String,javax.naming.directory.SearchControls,org.springframework.ldap.core.NameClassPairCallbackHandler,org.springframework.ldap.core.DirContextProcessor)>", index: 3 }
+  - { method: "<org.springframework.ldap.core.LdapTemplate: void search(java.lang.String,java.lang.String,javax.naming.directory.SearchControls,org.springframework.ldap.core.NameClassPairCallbackHandler,org.springframework.ldap.core.DirContextProcessor)>", index: 4 }
+  - { method: "<org.springframework.ldap.core.LdapTemplate: void search(java.lang.String,java.lang.String,int,boolean,org.springframework.ldap.core.NameClassPairCallbackHandler)>", index: 3 }
+  - { method: "<org.springframework.ldap.core.LdapTemplate: void search(java.lang.String,java.lang.String,int,boolean,org.springframework.ldap.core.NameClassPairCallbackHandler)>", index: 4 }
+  - { method: "<org.springframework.ldap.core.LdapTemplate: void search(java.lang.String,java.lang.String,org.springframework.ldap.core.NameClassPairCallbackHandler)>", index: 1 }
+  - { method: "<org.springframework.ldap.core.LdapTemplate: void search(java.lang.String,java.lang.String,org.springframework.ldap.core.NameClassPairCallbackHandler)>", index: 2 }
+  - { method: "<org.springframework.ldap.core.LdapTemplate: java.util.List search(java.lang.String,java.lang.String,int,java.lang.String[],org.springframework.ldap.core.AttributesMapper)>", index: 3 }
+  - { method: "<org.springframework.ldap.core.LdapTemplate: java.util.List search(java.lang.String,java.lang.String,int,java.lang.String[],org.springframework.ldap.core.AttributesMapper)>", index: 4 }
+  - { method: "<org.springframework.ldap.core.LdapTemplate: java.util.List search(java.lang.String,java.lang.String,int,org.springframework.ldap.core.AttributesMapper)>", index: 2 }
+  - { method: "<org.springframework.ldap.core.LdapTemplate: java.util.List search(java.lang.String,java.lang.String,int,org.springframework.ldap.core.AttributesMapper)>", index: 3 }
+  - { method: "<org.springframework.ldap.core.LdapTemplate: java.util.List search(java.lang.String,java.lang.String,org.springframework.ldap.core.AttributesMapper)>", index: 1 }
+  - { method: "<org.springframework.ldap.core.LdapTemplate: java.util.List search(java.lang.String,java.lang.String,org.springframework.ldap.core.AttributesMapper)>", index: 2 }
+  - { method: "<org.springframework.ldap.core.LdapTemplate: java.util.List search(java.lang.String,java.lang.String,int,java.lang.String[],org.springframework.ldap.core.ContextMapper)>", index: 3 }
+  - { method: "<org.springframework.ldap.core.LdapTemplate: java.util.List search(java.lang.String,java.lang.String,int,java.lang.String[],org.springframework.ldap.core.ContextMapper)>", index: 4 }
+  - { method: "<org.springframework.ldap.core.LdapTemplate: java.util.List search(java.lang.String,java.lang.String,int,org.springframework.ldap.core.ContextMapper)>", index: 2 }
+  - { method: "<org.springframework.ldap.core.LdapTemplate: java.util.List search(java.lang.String,java.lang.String,int,org.springframework.ldap.core.ContextMapper)>", index: 3 }
+  - { method: "<org.springframework.ldap.core.LdapTemplate: java.util.List search(java.lang.String,java.lang.String,org.springframework.ldap.core.ContextMapper)>", index: 1 }
+  - { method: "<org.springframework.ldap.core.LdapTemplate: java.util.List search(java.lang.String,java.lang.String,org.springframework.ldap.core.ContextMapper)>", index: 2 }
+  - { method: "<org.springframework.ldap.core.LdapTemplate: java.util.List search(java.lang.String,java.lang.String,javax.naming.directory.SearchControls,org.springframework.ldap.core.ContextMapper)>", index: 2 }
+  - { method: "<org.springframework.ldap.core.LdapTemplate: java.util.List search(java.lang.String,java.lang.String,javax.naming.directory.SearchControls,org.springframework.ldap.core.ContextMapper)>", index: 3 }
+  - { method: "<org.springframework.ldap.core.LdapTemplate: java.util.List search(java.lang.String,java.lang.String,javax.naming.directory.SearchControls,org.springframework.ldap.core.AttributesMapper)>", index: 2 }
+  - { method: "<org.springframework.ldap.core.LdapTemplate: java.util.List search(java.lang.String,java.lang.String,javax.naming.directory.SearchControls,org.springframework.ldap.core.AttributesMapper)>", index: 3 }
+
+  - { method: "<org.springframework.ldap.core.LdapOperations: java.util.List list(java.lang.String)>", index: 0 }
+  - { method: "<org.springframework.ldap.core.LdapOperations: java.util.List list(java.lang.String,org.springframework.ldap.core.NameClassPairMapper)>", index: 1 }
+  - { method: "<org.springframework.ldap.core.LdapOperations: void list(java.lang.String,org.springframework.ldap.core.NameClassPairCallbackHandler)>", index: 1 }
+
+  - { method: "<org.springframework.ldap.core.LdapOperations: java.lang.Object lookup(java.lang.String)>", index: 0 }
+  - { method: "<org.springframework.ldap.core.LdapOperations: java.lang.Object lookup(java.lang.String,org.springframework.ldap.core.AttributesMapper)>", index: 1 }
+  - { method: "<org.springframework.ldap.core.LdapOperations: java.lang.Object lookup(java.lang.String,org.springframework.ldap.core.ContextMapper)>", index: 1 }
+
+  - { method: "<org.springframework.ldap.core.LdapOperations: void search(java.lang.String,java.lang.String,javax.naming.directory.SearchControls,org.springframework.ldap.core.NameClassPairCallbackHandler)>", index: 2 }
+  - { method: "<org.springframework.ldap.core.LdapOperations: void search(java.lang.String,java.lang.String,javax.naming.directory.SearchControls,org.springframework.ldap.core.NameClassPairCallbackHandler)>", index: 3 }
+  - { method: "<org.springframework.ldap.core.LdapOperations: java.util.List search(java.lang.String,java.lang.String,javax.naming.directory.SearchControls,org.springframework.ldap.core.AttributesMapper,org.springframework.ldap.core.DirContextProcessor)>", index: 3 }
+  - { method: "<org.springframework.ldap.core.LdapOperations: java.util.List search(java.lang.String,java.lang.String,javax.naming.directory.SearchControls,org.springframework.ldap.core.AttributesMapper,org.springframework.ldap.core.DirContextProcessor)>", index: 4 }
+  - { method: "<org.springframework.ldap.core.LdapOperations: java.util.List search(java.lang.String,java.lang.String,javax.naming.directory.SearchControls,org.springframework.ldap.core.ContextMapper,org.springframework.ldap.core.DirContextProcessor)>", index: 3 }
+  - { method: "<org.springframework.ldap.core.LdapOperations: java.util.List search(java.lang.String,java.lang.String,javax.naming.directory.SearchControls,org.springframework.ldap.core.ContextMapper,org.springframework.ldap.core.DirContextProcessor)>", index: 4 }
+  - { method: "<org.springframework.ldap.core.LdapOperations: void search(java.lang.String,java.lang.String,javax.naming.directory.SearchControls,org.springframework.ldap.core.NameClassPairCallbackHandler,org.springframework.ldap.core.DirContextProcessor)>", index: 3 }
+  - { method: "<org.springframework.ldap.core.LdapOperations: void search(java.lang.String,java.lang.String,javax.naming.directory.SearchControls,org.springframework.ldap.core.NameClassPairCallbackHandler,org.springframework.ldap.core.DirContextProcessor)>", index: 4 }
+  - { method: "<org.springframework.ldap.core.LdapOperations: void search(java.lang.String,java.lang.String,int,boolean,org.springframework.ldap.core.NameClassPairCallbackHandler)>", index: 3 }
+  - { method: "<org.springframework.ldap.core.LdapOperations: void search(java.lang.String,java.lang.String,int,boolean,org.springframework.ldap.core.NameClassPairCallbackHandler)>", index: 4 }
+  - { method: "<org.springframework.ldap.core.LdapOperations: void search(java.lang.String,java.lang.String,org.springframework.ldap.core.NameClassPairCallbackHandler)>", index: 1 }
+  - { method: "<org.springframework.ldap.core.LdapOperations: void search(java.lang.String,java.lang.String,org.springframework.ldap.core.NameClassPairCallbackHandler)>", index: 2 }
+  - { method: "<org.springframework.ldap.core.LdapOperations: java.util.List search(java.lang.String,java.lang.String,int,java.lang.String[],org.springframework.ldap.core.AttributesMapper)>", index: 3 }
+  - { method: "<org.springframework.ldap.core.LdapOperations: java.util.List search(java.lang.String,java.lang.String,int,java.lang.String[],org.springframework.ldap.core.AttributesMapper)>", index: 4 }
+  - { method: "<org.springframework.ldap.core.LdapOperations: java.util.List search(java.lang.String,java.lang.String,int,org.springframework.ldap.core.AttributesMapper)>", index: 2 }
+  - { method: "<org.springframework.ldap.core.LdapOperations: java.util.List search(java.lang.String,java.lang.String,int,org.springframework.ldap.core.AttributesMapper)>", index: 3 }
+  - { method: "<org.springframework.ldap.core.LdapOperations: java.util.List search(java.lang.String,java.lang.String,org.springframework.ldap.core.AttributesMapper)>", index: 1 }
+  - { method: "<org.springframework.ldap.core.LdapOperations: java.util.List search(java.lang.String,java.lang.String,org.springframework.ldap.core.AttributesMapper)>", index: 2 }
+  - { method: "<org.springframework.ldap.core.LdapOperations: java.util.List search(java.lang.String,java.lang.String,int,java.lang.String[],org.springframework.ldap.core.ContextMapper)>", index: 3 }
+  - { method: "<org.springframework.ldap.core.LdapOperations: java.util.List search(java.lang.String,java.lang.String,int,java.lang.String[],org.springframework.ldap.core.ContextMapper)>", index: 4 }
+  - { method: "<org.springframework.ldap.core.LdapOperations: java.util.List search(java.lang.String,java.lang.String,int,org.springframework.ldap.core.ContextMapper)>", index: 2 }
+  - { method: "<org.springframework.ldap.core.LdapOperations: java.util.List search(java.lang.String,java.lang.String,int,org.springframework.ldap.core.ContextMapper)>", index: 3 }
+  - { method: "<org.springframework.ldap.core.LdapOperations: java.util.List search(java.lang.String,java.lang.String,org.springframework.ldap.core.ContextMapper)>", index: 1 }
+  - { method: "<org.springframework.ldap.core.LdapOperations: java.util.List search(java.lang.String,java.lang.String,org.springframework.ldap.core.ContextMapper)>", index: 2 }
+  - { method: "<org.springframework.ldap.core.LdapOperations: java.util.List search(java.lang.String,java.lang.String,javax.naming.directory.SearchControls,org.springframework.ldap.core.ContextMapper)>", index: 2 }
+  - { method: "<org.springframework.ldap.core.LdapOperations: java.util.List search(java.lang.String,java.lang.String,javax.naming.directory.SearchControls,org.springframework.ldap.core.ContextMapper)>", index: 3 }
+  - { method: "<org.springframework.ldap.core.LdapOperations: java.util.List search(java.lang.String,java.lang.String,javax.naming.directory.SearchControls,org.springframework.ldap.core.AttributesMapper)>", index: 2 }
+  - { method: "<org.springframework.ldap.core.LdapOperations: java.util.List search(java.lang.String,java.lang.String,javax.naming.directory.SearchControls,org.springframework.ldap.core.AttributesMapper)>", index: 3 }
diff --git a/src/main/resources/commonly-used-taint-config/sink/injection/spring-framework/spel-inejction/README.adoc b/src/main/resources/commonly-used-taint-config/sink/injection/spring-framework/spel-inejction/README.adoc
new file mode 100644
index 000000000..25d73d30a
--- /dev/null
+++ b/src/main/resources/commonly-used-taint-config/sink/injection/spring-framework/spel-inejction/README.adoc
@@ -0,0 +1,10 @@
+= Description
+
+- **Overview**: 
+    These APIs are methods from the Spring Framework used to parse expression strings and generate corresponding expression objects. SPEL (Spring Expression Language) is a more powerful expression language than JSP's EL, offering capabilities such as method calls and basic string templating.
+
+- **Common Use Cases**:
+    These APIs are commonly used to parse expression strings and generate corresponding expression objects, which may later be evaluated within a specific context.
+
+- **Security Risks**:
+    RCE (Remote Code Execution): If attackers can manipulate the input SpEL expressions without restrictions, evaluating the expression in the default context may lead to remote code execution vulnerabilities.
diff --git a/src/main/resources/commonly-used-taint-config/sink/injection/spring-framework/spel-inejction/spring-expression.yml b/src/main/resources/commonly-used-taint-config/sink/injection/spring-framework/spel-inejction/spring-expression.yml
new file mode 100644
index 000000000..24b0c466d
--- /dev/null
+++ b/src/main/resources/commonly-used-taint-config/sink/injection/spring-framework/spel-inejction/spring-expression.yml
@@ -0,0 +1,6 @@
+sinks:
+  - { method: "<org.springframework.expression.spel.standard.SpelExpressionParser: org.springframework.expression.Expression parseExpression(java.lang.String)>", index: 0 }
+  - { method: "<org.springframework.expression.common.TemplateAwareExpressionParser: org.springframework.expression.Expression parseExpression(java.lang.String)>", index: 0 }
+
+  - { method: "<org.springframework.expression.spel.standard.SpelExpressionParser: org.springframework.expression.Expression parseExpression(java.lang.String,org.springframework.expression.ParserContext)>", index: 1 }
+  - { method: "<org.springframework.expression.common.TemplateAwareExpressionParser: org.springframework.expression.Expression parseExpression(java.lang.String,org.springframework.expression.ParserContext)>", index: 1 }
diff --git a/src/main/resources/commonly-used-taint-config/sink/injection/spring-framework/sql-injection/README.adoc b/src/main/resources/commonly-used-taint-config/sink/injection/spring-framework/sql-injection/README.adoc
new file mode 100644
index 000000000..4e470e00f
--- /dev/null
+++ b/src/main/resources/commonly-used-taint-config/sink/injection/spring-framework/sql-injection/README.adoc
@@ -0,0 +1,10 @@
+= Description
+
+- **Overview**: 
+    The APIs in this directory provide various ways to execute SQL queries and return results. These methods are used for interacting with databases by executing SQL queries to retrieve data.
+
+- **Common Use Cases**:
+    These APIs are commonly used for handling user input for data queries and SQL query execution, where users typically have some control over the parameters.
+
+- **Security Risks**:
+    SQL Injection: Attackers can craft malicious inputs to insert SQL commands, allowing them to manipulate the database.
diff --git a/src/main/resources/commonly-used-taint-config/sink/injection/spring-framework/sql-injection/sql-spring.yml b/src/main/resources/commonly-used-taint-config/sink/injection/spring-framework/sql-injection/sql-spring.yml
new file mode 100644
index 000000000..60368efce
--- /dev/null
+++ b/src/main/resources/commonly-used-taint-config/sink/injection/spring-framework/sql-injection/sql-spring.yml
@@ -0,0 +1,30 @@
+sinks:
+  - { method: "<org.springframework.jdbc.core.JdbcTemplate: int update(java.lang.String)>", index: 0 }
+  - { method: "<org.springframework.jdbc.core.JdbcTemplate: int update(java.lang.String,java.lang.Object[],int[])>", index: 1 }
+  - { method: "<org.springframework.jdbc.core.JdbcTemplate: int update(java.lang.String,java.lang.Object[],int[])>", index: 2 }
+  - { method: "<org.springframework.jdbc.core.JdbcTemplate: int update(java.lang.String,org.springframework.jdbc.core.PreparedStatementSetter)>", index: 1 }
+  - { method: "<org.springframework.jdbc.core.JdbcTemplate: int update(java.lang.String,java.lang.Object[],int[])>", index: 1 }
+  - { method: "<org.springframework.jdbc.core.JdbcTemplate: int update(java.lang.String,java.lang.Object[],int[])>", index: 2 }
+  - { method: "<org.springframework.jdbc.core.JdbcTemplate: int update(java.lang.String,java.lang.Object[])>", index: 1 }
+
+  - { method: "<org.springframework.jdbc.core.JdbcTemplate: java.lang.Object query(java.lang.String,org.springframework.jdbc.core.ResultSetExtractor)>", index: 0 }
+  - { method: "<org.springframework.jdbc.core.JdbcTemplate: void query(java.lang.String,org.springframework.jdbc.core.RowCallbackHandler)>", index: 0 }
+  - { method: "<org.springframework.jdbc.core.JdbcTemplate: java.util.List query(java.lang.String,org.springframework.jdbc.core.RowMapper)>", index: 0 }
+  
+  - { method: "<org.springframework.jdbc.core.JdbcTemplate: java.lang.Object query(java.lang.String,org.springframework.jdbc.core.PreparedStatementSetter,org.springframework.jdbc.core.ResultSetExtractor)>", index: 1 }
+  - { method: "<org.springframework.jdbc.core.JdbcTemplate: java.lang.Object query(java.lang.String,java.lang.Object[],int[],org.springframework.jdbc.core.ResultSetExtractor)>", index: 1 }
+  - { method: "<org.springframework.jdbc.core.JdbcTemplate: java.lang.Object query(java.lang.String,java.lang.Object[],int[],org.springframework.jdbc.core.ResultSetExtractor)>", index: 2 }
+  - { method: "<org.springframework.jdbc.core.JdbcTemplate: java.lang.Object query(java.lang.String,java.lang.Object[],org.springframework.jdbc.core.ResultSetExtractor)>", index: 1 }
+  - { method: "<org.springframework.jdbc.core.JdbcTemplate: java.lang.Object query(java.lang.String,org.springframework.jdbc.core.ResultSetExtractor,java.lang.Object[])>", index: 2 }
+  
+  - { method: "<org.springframework.jdbc.core.JdbcTemplate: void query(java.lang.String,org.springframework.jdbc.core.PreparedStatementSetter,org.springframework.jdbc.core.RowCallbackHandler)>", index: 1 }
+  - { method: "<org.springframework.jdbc.core.JdbcTemplate: void query(java.lang.String,java.lang.Object[],int[],org.springframework.jdbc.core.RowCallbackHandler)>", index: 1 }
+  - { method: "<org.springframework.jdbc.core.JdbcTemplate: void query(java.lang.String,java.lang.Object[],int[],org.springframework.jdbc.core.RowCallbackHandler)>", index: 2 }
+  - { method: "<org.springframework.jdbc.core.JdbcTemplate: void query(java.lang.String,java.lang.Object[],org.springframework.jdbc.core.RowCallbackHandler)>", index: 1 }
+  - { method: "<org.springframework.jdbc.core.JdbcTemplate: void query(java.lang.String,org.springframework.jdbc.core.RowCallbackHandler,java.lang.Object[])>", index: 2 }
+  
+  - { method: "<org.springframework.jdbc.core.JdbcTemplate: java.util.List query(java.lang.String,org.springframework.jdbc.core.PreparedStatementSetter,org.springframework.jdbc.core.RowMapper)>", index: 1 }
+  - { method: "<org.springframework.jdbc.core.JdbcTemplate: java.util.List query(java.lang.String,java.lang.Object[],int[],org.springframework.jdbc.core.RowMapper)>", index: 1 }
+  - { method: "<org.springframework.jdbc.core.JdbcTemplate: java.util.List query(java.lang.String,java.lang.Object[],int[],org.springframework.jdbc.core.RowMapper)>", index: 2 }
+  - { method: "<org.springframework.jdbc.core.JdbcTemplate: java.util.List query(java.lang.String,java.lang.Object[],org.springframework.jdbc.core.RowMapper)>", index: 1 }
+  - { method: "<org.springframework.jdbc.core.JdbcTemplate: java.util.List query(java.lang.String,org.springframework.jdbc.core.RowMapper,java.lang.Object[])>", index: 2 }
diff --git a/src/main/resources/commonly-used-taint-config/sink/injection/tinylog/crlf/README.adoc b/src/main/resources/commonly-used-taint-config/sink/injection/tinylog/crlf/README.adoc
new file mode 100644
index 000000000..d9da913ab
--- /dev/null
+++ b/src/main/resources/commonly-used-taint-config/sink/injection/tinylog/crlf/README.adoc
@@ -0,0 +1,10 @@
+= Description
+
+- **Overview**: 
+    The APIs in this directory are part of tinylog, used for logging purposes. They provide various methods for logging information at different levels, including debug, info, warning, and error.
+
+- **Common Use Cases**:
+    These APIs are commonly used to log various types of information, such as recording errors and exceptions, tracking runtime information, issuing warnings, and integrating with log auditing systems.
+
+- **Security Risks**:
+    CRLF Injection: Attackers can craft malicious input containing CRLF (Carriage Return and Line Feed) sequences to forge log entries, mislead monitoring personnel, and even affect auditing systems. Additionally, attackers can flood logs with excessive errors or irrelevant information, potentially corrupting the log data.
diff --git a/src/main/resources/commonly-used-taint-config/sink/injection/tinylog/crlf/crlf-logs.yml b/src/main/resources/commonly-used-taint-config/sink/injection/tinylog/crlf/crlf-logs.yml
new file mode 100644
index 000000000..a19469985
--- /dev/null
+++ b/src/main/resources/commonly-used-taint-config/sink/injection/tinylog/crlf/crlf-logs.yml
@@ -0,0 +1,21 @@
+sinks:
+  - { method: "<org.pmw.tinylog.Logger: void debug(java.lang.Object)>", index: 0 }
+  - { method: "<org.pmw.tinylog.Logger: void debug(java.lang.String)>", index: 0 }
+  - { method: "<org.pmw.tinylog.Logger: void debug(java.lang.String,java.lang.Object[])>", index: 1 }
+  - { method: "<org.pmw.tinylog.Logger: void debug(java.lang.Throwable,java.lang.String,java.lang.Object[])>", index: 1 }
+  - { method: "<org.pmw.tinylog.Logger: void error(java.lang.Object)>", index: 0 }
+  - { method: "<org.pmw.tinylog.Logger: void error(java.lang.String)>", index: 0 }
+  - { method: "<org.pmw.tinylog.Logger: void error(java.lang.String,java.lang.Object[])>", index: 1 }
+  - { method: "<org.pmw.tinylog.Logger: void error(java.lang.Throwable,java.lang.String,java.lang.Object[])>", index: 1 }
+  - { method: "<org.pmw.tinylog.Logger: void info(java.lang.Object)>", index: 0 }
+  - { method: "<org.pmw.tinylog.Logger: void info(java.lang.String)>", index: 0 }
+  - { method: "<org.pmw.tinylog.Logger: void info(java.lang.String,java.lang.Object[])>", index: 1 }
+  - { method: "<org.pmw.tinylog.Logger: void info(java.lang.Throwable,java.lang.String,java.lang.Object[])>", index: 1 }
+  - { method: "<org.pmw.tinylog.Logger: void trace(java.lang.Object)>", index: 0 }
+  - { method: "<org.pmw.tinylog.Logger: void trace(java.lang.String)>", index: 0 }
+  - { method: "<org.pmw.tinylog.Logger: void trace(java.lang.String,java.lang.Object[])>", index: 1 }
+  - { method: "<org.pmw.tinylog.Logger: void trace(java.lang.Throwable,java.lang.String,java.lang.Object[])>", index: 1 }
+  - { method: "<org.pmw.tinylog.Logger: void warn(java.lang.Object)>", index: 0 }
+  - { method: "<org.pmw.tinylog.Logger: void warn(java.lang.String)>", index: 0 }
+  - { method: "<org.pmw.tinylog.Logger: void warn(java.lang.String,java.lang.Object[])>", index: 1 }
+  - { method: "<org.pmw.tinylog.Logger: void warn(java.lang.Throwable,java.lang.String,java.lang.Object[])>", index: 1 }
\ No newline at end of file
diff --git a/src/main/resources/commonly-used-taint-config/source/infoleak/java/README.adoc b/src/main/resources/commonly-used-taint-config/source/infoleak/java/README.adoc
new file mode 100644
index 000000000..aa4d0144b
--- /dev/null
+++ b/src/main/resources/commonly-used-taint-config/source/infoleak/java/README.adoc
@@ -0,0 +1,15 @@
+= Description
+
+The sources recorded in this directory mainly come from the Java standard library. The source methods that can generate taints include:
+
+- Methods that retrieve stored data from databases (e.g., `getString` and `getNString` methods in `java.sql`).
+- Methods that retrieve data from users that need to be validated (e.g., `get` methods and `requestPasswordAuthentication` method in `java.net.Authenticator`).
+- Methods that retrieve information from connected clients (e.g., `get` methods in `java.net.ContentHandler`, `CookieHandler`, and `CookieManager`).
+- Methods that retrieve information from `DatagramSocket`/`HttpCookie` (e.g., `get` methods in `java.net.DatagramSocket`/`HttpCookie`).
+- Methods that retrieve system information from `System` (e.g., `get` methods in `java.lang.System`).
+- Methods that retrieve information from input streams (e.g., `read` methods in various `InputStream` and `Reader` classes in `java.io`).
+- Methods that retrieve specified values from persistent fields (e.g., `get` methods in `java.io.ObjectInputStream$GetField`).
+- Methods that read information from files (e.g., `read` method in `java.io.RandomAccessFile`).
+- ...
+
+*Note*: The methods referred to as `get` or `read` are those that start with "get" or "read".
diff --git a/src/main/resources/commonly-used-taint-config/source/infoleak/java/java-io.yml b/src/main/resources/commonly-used-taint-config/source/infoleak/java/java-io.yml
new file mode 100644
index 000000000..8fc26aec0
--- /dev/null
+++ b/src/main/resources/commonly-used-taint-config/source/infoleak/java/java-io.yml
@@ -0,0 +1,137 @@
+sources:
+  - { kind: call, method: "<java.io.BufferedInputStream: int read()>", index: result, type: "int" }
+  - { kind: call, method: "<java.io.BufferedInputStream: int read(byte[],int,int)>", index: 0, type: "byte[]" }
+
+  - { kind: call, method: "<java.io.BufferedReader: java.lang.String readLine()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<java.io.BufferedReader: int read()>", index: result, type: "int" }
+  - { kind: call, method: "<java.io.BufferedReader: int read(char[],int,int)>", index: 0, type: "char[]" }
+
+  - { kind: call, method: "<java.io.ByteArrayInputStream: int read()>", index: result, type: "int" }
+  - { kind: call, method: "<java.io.ByteArrayInputStream: int read(byte[],int,int)>", index: 0, type: "byte[]" }
+
+  - { kind: call, method: "<java.io.CharArrayReader: int read()>", index: result, type: "int" }
+  - { kind: call, method: "<java.io.CharArrayReader: int read(char[],int,int)>", index: 0, type: "char[]" }
+
+  - { kind: call, method: "<java.io.DataInputStream: int read(byte[])>", index: 0, type: "byte[]" }
+  - { kind: call, method: "<java.io.DataInputStream: int read(byte[],int,int)>", index: 0, type: "byte[]" }
+  - { kind: call, method: "<java.io.DataInputStream: void readFully(byte[])>", index: 0, type: "byte[]" }
+  - { kind: call, method: "<java.io.DataInputStream: void readFully(byte[],int,int)>", index: 0, type: "byte[]" }
+  - { kind: call, method: "<java.io.DataInputStream: boolean readBoolean()>", index: result, type: "boolean" }
+  - { kind: call, method: "<java.io.DataInputStream: byte readByte()>", index: result, type: "byte" }
+  - { kind: call, method: "<java.io.DataInputStream: int readUnsignedByte()>", index: result, type: "int" }
+  - { kind: call, method: "<java.io.DataInputStream: short readShort()>", index: result, type: "short" }
+  - { kind: call, method: "<java.io.DataInputStream: int readUnsignedShort()>", index: result, type: "int" }
+  - { kind: call, method: "<java.io.DataInputStream: char readChar()>", index: result, type: "char" }
+  - { kind: call, method: "<java.io.DataInputStream: int readInt()>", index: result, type: "int" }
+  - { kind: call, method: "<java.io.DataInputStream: long readLong()>", index: result, type: "long" }
+  - { kind: call, method: "<java.io.DataInputStream: float readFloat()>", index: result, type: "float" }
+  - { kind: call, method: "<java.io.DataInputStream: double readDouble()>", index: result, type: "double" }
+  - { kind: call, method: "<java.io.DataInputStream: java.lang.String readLine()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<java.io.DataInputStream: int readUnsignedByte()>", index: result, type: "int" }
+  - { kind: call, method: "<java.io.DataInputStream: int readUnsignedShort()>", index: result, type: "int" }
+  - { kind: call, method: "<java.io.DataInputStream: java.lang.String readUTF()>", index: result, type: "java.lang.String" }
+
+  - { kind: call, method: "<java.io.FileInputStream: int read()>", index: result, type: "int" }
+  - { kind: call, method: "<java.io.FileInputStream: int read(byte[])>", index: 0, type: "byte[]" }
+  - { kind: call, method: "<java.io.FileInputStream: int read(byte[],int,int)>", index: 0, type: "byte[]" }
+
+  - { kind: call, method: "<java.io.FilterInputStream: int read()>", index: result, type: "int" }
+  - { kind: call, method: "<java.io.FilterInputStream: int read(byte[])>", index: 0, type: "byte[]" }
+  - { kind: call, method: "<java.io.FilterInputStream: int read(byte[],int,int)>", index: 0, type: "byte[]" }
+
+  - { kind: call, method: "<java.io.FilterReader: int read()>", index: result, type: "int" }
+  - { kind: call, method: "<java.io.FilterReader: int read(char[],int,int)>", index: 0, type: "char[]" }
+
+  - { kind: call, method: "<java.io.InputStream: int read()>", index: result, type: "int" }
+  - { kind: call, method: "<java.io.InputStream: int read(byte[])>", index: 0, type: "byte[]" }
+  - { kind: call, method: "<java.io.InputStream: int read(byte[],int,int)>", index: 0, type: "byte[]" }
+
+  - { kind: call, method: "<java.io.InputStreamReader: int read()>", index: result, type: "int" }
+  - { kind: call, method: "<java.io.InputStreamReader: int read(char[],int,int)>", index: 0, type: "char[]" }
+
+  - { kind: call, method: "<java.io.LineNumberInputStream: int read()>", index: result, type: "int" }
+  - { kind: call, method: "<java.io.LineNumberInputStream: int read(byte[],int,int)>", index: 0, type: "byte[]" }
+
+  - { kind: call, method: "<java.io.LineNumberReader: java.lang.String readLine()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<java.io.LineNumberReader: int read()>", index: result, type: "int" }
+  - { kind: call, method: "<java.io.LineNumberReader: int read(char[],int,int)>", index: 0, type: "char[]" }
+
+
+  - { kind: call, method: "<java.io.ObjectInputStream: int read()>", index: result, type: "int" }
+  - { kind: call, method: "<java.io.ObjectInputStream: int read(byte[],int,int)>", index: 0, type: "byte[]" }
+  - { kind: call, method: "<java.io.ObjectInputStream: boolean readBoolean()>", index: result, type: "boolean" }
+  - { kind: call, method: "<java.io.ObjectInputStream: byte readByte()>", index: result, type: "byte" }
+  - { kind: call, method: "<java.io.ObjectInputStream: char readChar()>", index: result, type: "char" }
+  - { kind: call, method: "<java.io.ObjectInputStream: double readDouble()>", index: result, type: "double" }
+  - { kind: call, method: "<java.io.ObjectInputStream: float readFloat()>", index: result, type: "float" }
+  - { kind: call, method: "<java.io.ObjectInputStream: void readFully(byte[])>", index: 0, type: "byte[]" }
+  - { kind: call, method: "<java.io.ObjectInputStream: void readFully(byte[],int,int)>", index: 0, type: "byte[]" }
+  - { kind: call, method: "<java.io.ObjectInputStream: int readInt()>", index: result, type: "int" }
+  - { kind: call, method: "<java.io.ObjectInputStream: java.lang.String readLine()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<java.io.ObjectInputStream: long readLong()>", index: result, type: "long" }
+  - { kind: call, method: "<java.io.ObjectInputStream: java.lang.Object readObject()>", index: result, type: "java.lang.Object" }
+  - { kind: call, method: "<java.io.ObjectInputStream: java.lang.Object readObjectOverride()>", index: result, type: "java.lang.Object" }
+  - { kind: call, method: "<java.io.ObjectInputStream: java.lang.Object readUnshared()>", index: result, type: "java.lang.Object" }
+  - { kind: call, method: "<java.io.ObjectInputStream: short readShort()>", index: result, type: "short" }
+  - { kind: call, method: "<java.io.ObjectInputStream: int readUnsignedByte()>", index: result, type: "int" }
+  - { kind: call, method: "<java.io.ObjectInputStream: int readUnsignedShort()>", index: result, type: "int" }
+  - { kind: call, method: "<java.io.ObjectInputStream: java.lang.String readUTF()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<java.io.ObjectInputStream: java.io.ObjectInputStream$GetField readFields()>", index: result, type: "java.io.ObjectInputStream$GetField" }
+
+  - { kind: call, method: "<java.io.ObjectInputStream$GetField: boolean defaulted(java.lang.String)>", index: result, type: "boolean" }
+  - { kind: call, method: "<java.io.ObjectInputStream$GetField: boolean get(java.lang.String,boolean)>", index: result, type: "boolean" }
+  - { kind: call, method: "<java.io.ObjectInputStream$GetField: byte get(java.lang.String,byte)>", index: result, type: "byte" }
+  - { kind: call, method: "<java.io.ObjectInputStream$GetField: char get(java.lang.String,char)>", index: result, type: "char" }
+  - { kind: call, method: "<java.io.ObjectInputStream$GetField: double get(java.lang.String,double)>", index: result, type: "double" }
+  - { kind: call, method: "<java.io.ObjectInputStream$GetField: float get(java.lang.String,float)>", index: result, type: "float" }
+  - { kind: call, method: "<java.io.ObjectInputStream$GetField: int get(java.lang.String,int)>", index: result, type: "int" }
+  - { kind: call, method: "<java.io.ObjectInputStream$GetField: java.lang.Object get(java.lang.String,java.lang.Object)>", index: result, type: "java.lang.Object" }
+  - { kind: call, method: "<java.io.ObjectInputStream$GetField: long get(java.lang.String,long)>", index: result, type: "long" }
+  - { kind: call, method: "<java.io.ObjectInputStream$GetField: short get(java.lang.String,short)>", index: result, type: "short" }
+
+
+  - { kind: call, method: "<java.io.PipedInputStream: int read()>", index: result, type: "int" }
+  - { kind: call, method: "<java.io.PipedInputStream: int read(byte[],int,int)>", index: result, type: "int" }
+
+  - { kind: call, method: "<java.io.PipedReader: int read()>", index: result, type: "int" }
+  - { kind: call, method: "<java.io.PipedReader: int read(char[], int, int)>", index: result, type: "int" }
+
+  - { kind: call, method: "<java.io.PushbackInputStream: int read()>", index: result, type: "int" }
+  - { kind: call, method: "<java.io.PushbackInputStream: int read(byte[], int, int)>", index: result, type: "int" }
+
+  - { kind: call, method: "<java.io.PushbackReader: int read()>", index: result, type: "int" }
+  - { kind: call, method: "<java.io.PushbackReader: int read(char[], int, int)>", index: result, type: "int" }
+
+  - { kind: call, method: "<java.io.RandomAccessFile: int read()>", index: result, type: "int" }
+  - { kind: call, method: "<java.io.RandomAccessFile: int read(byte[], int, int)>", index: result, type: "int" }
+  - { kind: call, method: "<java.io.RandomAccessFile: int read(byte[])>", index: result, type: "int" }
+  - { kind: call, method: "<java.io.RandomAccessFile: void readFully(byte[])>", index: 0, type: "byte[]" }
+  - { kind: call, method: "<java.io.RandomAccessFile: void readFully(byte[],int,int)>", index: 0, type: "byte[]" }
+  - { kind: call, method: "<java.io.RandomAccessFile: boolean readBoolean()>", index: result, type: "boolean" }
+  - { kind: call, method: "<java.io.RandomAccessFile: byte readByte()>", index: result, type: "byte" }
+  - { kind: call, method: "<java.io.RandomAccessFile: int readUnsignedByte()>", index: result, type: "int" }
+  - { kind: call, method: "<java.io.RandomAccessFile: short readShort()>", index: result, type: "short" }
+  - { kind: call, method: "<java.io.RandomAccessFile: int readUnsignedShort()>", index: result, type: "int" }
+  - { kind: call, method: "<java.io.RandomAccessFile: char readChar()>", index: result, type: "char" }
+  - { kind: call, method: "<java.io.RandomAccessFile: int readInt()>", index: result, type: "int" }
+  - { kind: call, method: "<java.io.RandomAccessFile: long readLong()>", index: result, type: "long" }
+  - { kind: call, method: "<java.io.RandomAccessFile: float readFloat()>", index: result, type: "float" }
+  - { kind: call, method: "<java.io.RandomAccessFile: double readDouble()>", index: result, type: "double" }
+  - { kind: call, method: "<java.io.RandomAccessFile: java.lang.String readLine()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<java.io.RandomAccessFile: int readUnsignedByte()>", index: result, type: "int" }
+  - { kind: call, method: "<java.io.RandomAccessFile: int readUnsignedShort()>", index: result, type: "int" }
+  - { kind: call, method: "<java.io.RandomAccessFile: java.lang.String readUTF()>", index: result, type: "java.lang.String" }
+
+  - { kind: call, method: "<java.io.Reader: int read()>", index: result, type: "int" }
+  - { kind: call, method: "<java.io.Reader: int read(char[], int, int)>", index: result, type: "int" }
+  - { kind: call, method: "<java.io.Reader: int read(char[])>", index: result, type: "int" }
+  - { kind: call, method: "<java.io.Reader: int read(java.nio.CharBuffer)>", index: result, type: "int" }
+
+  - { kind: call, method: "<java.io.SequenceInputStream: int read()>", index: result, type: "int" }
+  - { kind: call, method: "<java.io.SequenceInputStream: int read(byte[],int,int)>", index: result, type: "int" }
+
+  - { kind: call, method: "<java.io.StringBufferInputStream: int read()>", index: result, type: "int" }
+  - { kind: call, method: "<java.io.StringBufferInputStream: int read(byte[],int,int)>", index: result, type: "int" }
+
+  - { kind: call, method: "<java.io.StringReader: int read()>", index: result, type: "int" }
+  - { kind: call, method: "<java.io.StringReader: int read(char[],int,int)>", index: result, type: "int" }
diff --git a/src/main/resources/commonly-used-taint-config/source/infoleak/java/java-lang-system.yml b/src/main/resources/commonly-used-taint-config/source/infoleak/java/java-lang-system.yml
new file mode 100644
index 000000000..d23970ad2
--- /dev/null
+++ b/src/main/resources/commonly-used-taint-config/source/infoleak/java/java-lang-system.yml
@@ -0,0 +1,6 @@
+sources:
+  - { kind: call, method: "<java.lang.System: java.lang.String clearProperty(java.lang.String)>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<java.lang.System: java.util.Map getenv()>", index: result, type: "java.util.Map" }
+  - { kind: call, method: "<java.lang.System: java.lang.String getenv(java.lang.String)>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<java.lang.System: java.lang.String getProperty(java.lang.String)>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<java.lang.System: java.lang.String getProperty(java.lang.String,java.lang.String)>", index: result, type: "java.lang.String" }
diff --git a/src/main/resources/commonly-used-taint-config/source/infoleak/java/java-net.yml b/src/main/resources/commonly-used-taint-config/source/infoleak/java/java-net.yml
new file mode 100644
index 000000000..3f43469a7
--- /dev/null
+++ b/src/main/resources/commonly-used-taint-config/source/infoleak/java/java-net.yml
@@ -0,0 +1,45 @@
+sources:
+  - { kind: call, method: "<java.net.Authenticator: java.net.PasswordAuthentication getPasswordAuthentication()>", index: result, type: "java.net.PasswordAuthentication" }
+  - { kind: call, method: "<java.net.Authenticator: java.lang.String getRequestingHost()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<java.net.Authenticator: int getRequestingPort()>", index: result, type: "int" }
+  - { kind: call, method: "<java.net.Authenticator: java.lang.String getRequestingProtocol()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<java.net.Authenticator: java.lang.String getRequestingPrompt()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<java.net.Authenticator: java.net.InetAddress getRequestingSite()>", index: result, type: "java.net.InetAddress" }
+  - { kind: call, method: "<java.net.Authenticator: java.net.URL getRequestingURL()>", index: result, type: "java.net.URL" }
+  - { kind: call, method: "<java.net.Authenticator: java.lang.String getRequestingScheme()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<java.net.Authenticator: java.net.Authenticator.RequestorType getRequestorType()>", index: result, type: "java.net.Authenticator$RequestorType" }
+  - { kind: call, method: "<java.net.Authenticator: java.net.PasswordAuthentication requestPasswordAuthentication(java.net.InetAddress,int,java.lang.String,java.lang.String,java.lang.String)>", index: result, type: "java.net.PasswordAuthentication" }
+  - { kind: call, method: "<java.net.Authenticator: java.net.PasswordAuthentication requestPasswordAuthentication(java.lang.String,java.net.InetAddress,int,java.lang.String,java.lang.String,java.lang.String)>", index: result, type: "java.net.PasswordAuthentication" }
+  - { kind: call, method: "<java.net.Authenticator: java.net.PasswordAuthentication requestPasswordAuthentication(java.lang.String,java.net.InetAddress,int,java.lang.String,java.lang.String,java.lang.String,java.net.URL,java.net.Authenticator$RequestorType)>", index: result, type: "java.net.PasswordAuthentication" }
+
+  - { kind: call, method: "<java.net.ContentHandler: java.lang.Object getContent(java.net.URLConnection)>", index: result, type: "java.lang.Object" } #interface
+  - { kind: call, method: "<java.net.ContentHandler: java.lang.Object getContent(java.net.URLConnection,java.lang.Class[])>", index: result, type: "java.lang.Object" }
+
+  - { kind: call, method: "<java.net.CookieHandler: java.util.Map get(java.net.URI,java.util.Map)>", index: result, type: "java.util.Map" }
+
+  - { kind: call, method: "<java.net.CookieManager: java.util.Map get(java.net.URI,java.util.Map)>", index: result, type: "java.util.Map" }
+
+  - { kind: call, method: "<java.net.DatagramPacket: java.net.InetAddress getAddress()>", index: result, type: "java.net.InetAddress" }
+  - { kind: call, method: "<java.net.DatagramPacket: byte[] getData()>", index: result, type: "byte[]" }
+  - { kind: call, method: "<java.net.DatagramPacket: java.net.SocketAddress getSocketAddress()>", index: result, type: "java.net.SocketAddress" }
+  - { kind: call, method: "<java.net.DatagramPacket: int getPort()>", index: result, type: "int" }
+
+  - { kind: call, method: "<java.net.DatagramSocket: java.net.InetAddress getLocalAddress()>", index: result, type: "java.net.InetAddress" }
+  - { kind: call, method: "<java.net.DatagramSocket: java.net.SocketAddress getLocalSocketAddress()>", index: result, type: "java.net.SocketAddress" }
+  - { kind: call, method: "<java.net.DatagramSocket: java.net.SocketAddress getRemoteSocketAddress()>", index: result, type: "java.net.SocketAddress" }
+  - { kind: call, method: "<java.net.DatagramSocket: java.net.DatagramChannel getChannel()>", index: result, type: "java.net.DatagramChannel" }
+  - { kind: call, method: "<java.net.DatagramSocket: java.net.InetAddress getInetAddress()>", index: result, type: "java.net.InetAddress" }
+  - { kind: call, method: "<java.net.DatagramSocket: int getPort()>", index: result, type: "int" }
+
+  - { kind: call, method: "<java.net.HttpCookie: java.lang.String getComment()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<java.net.HttpCookie: java.lang.String getCommentURL()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<java.net.HttpCookie: boolean getDiscard()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<java.net.HttpCookie: java.lang.String getDomain()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<java.net.HttpCookie: int getMaxAge()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<java.net.HttpCookie: java.lang.String getPath()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<java.net.HttpCookie: java.lang.String getPortlist()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<java.net.HttpCookie: java.lang.String getSecure()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<java.net.HttpCookie: java.lang.String getValue()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<java.net.HttpCookie: int getVersion()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<java.net.HttpCookie: java.lang.String getName()>", index: result, type: "java.lang.String" }
+
diff --git a/src/main/resources/commonly-used-taint-config/source/infoleak/java/java-sql.yml b/src/main/resources/commonly-used-taint-config/source/infoleak/java/java-sql.yml
new file mode 100644
index 000000000..6475623e8
--- /dev/null
+++ b/src/main/resources/commonly-used-taint-config/source/infoleak/java/java-sql.yml
@@ -0,0 +1,5 @@
+sources:
+  - { kind: call, method: "<java.sql.ResultSet: java.lang.String getNString(int)>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<java.sql.ResultSet: java.lang.String getNString(java.lang.String)>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<java.sql.ResultSet: java.lang.String getString(int)>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<java.sql.ResultSet: java.lang.String getString(java.lang.String)>", index: result, type: "java.lang.String" }
diff --git a/src/main/resources/commonly-used-taint-config/source/injection/apache-struts2/README.adoc b/src/main/resources/commonly-used-taint-config/source/injection/apache-struts2/README.adoc
new file mode 100644
index 000000000..90e271b4b
--- /dev/null
+++ b/src/main/resources/commonly-used-taint-config/source/injection/apache-struts2/README.adoc
@@ -0,0 +1,7 @@
+= Description
+
+The Sources recorded in this directory primarily come from Apache Struts2. The source methods that can cause taint include:
+- Methods that take input from external sources (e.g., getValue)
+- ...
+
+These inputs are provided externally and can be spoofed.
diff --git a/src/main/resources/commonly-used-taint-config/source/injection/apache-struts2/struts2.yml b/src/main/resources/commonly-used-taint-config/source/injection/apache-struts2/struts2.yml
new file mode 100644
index 000000000..468c0cd15
--- /dev/null
+++ b/src/main/resources/commonly-used-taint-config/source/injection/apache-struts2/struts2.yml
@@ -0,0 +1,2 @@
+sources:
+  - { kind: call, method: "<org.apache.struts2.dispatcher.Parameter: java.lang.String getValue()>", index: result, type: "java.lang.String" }
diff --git a/src/main/resources/commonly-used-taint-config/source/injection/apache-wicket/README.adoc b/src/main/resources/commonly-used-taint-config/source/injection/apache-wicket/README.adoc
new file mode 100644
index 000000000..3c1bca38e
--- /dev/null
+++ b/src/main/resources/commonly-used-taint-config/source/injection/apache-wicket/README.adoc
@@ -0,0 +1,7 @@
+= Description
+
+The Sources recorded in this directory primarily come from the Apache Wicket framework, a Java web application development framework. The source methods that can cause taint include:
+- Methods that retrieve properties from the incoming request (e.g., getHeader, getParameterValue)
+- Methods that obtain input streams for uploaded files (e.g., getInputStream)
+
+These inputs are provided externally and can be spoofed.
diff --git a/src/main/resources/commonly-used-taint-config/source/injection/apache-wicket/wicket.yml b/src/main/resources/commonly-used-taint-config/source/injection/apache-wicket/wicket.yml
new file mode 100644
index 000000000..cce259d6b
--- /dev/null
+++ b/src/main/resources/commonly-used-taint-config/source/injection/apache-wicket/wicket.yml
@@ -0,0 +1,28 @@
+sources:
+  - { kind: call, method: "<org.apache.wicket.protocol.http.request.WebClientInfo: java.lang.String getUserAgent()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<org.apache.wicket.protocol.http.request.WebClientInfo: java.lang.String getUserAgentStringLc()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<org.apache.wicket.protocol.http.request.WebClientInfo: java.lang.String getRemoteAddr(org.apache.wicket.request.cycle.RequestCycle)>", index: result, type: "java.lang.String" }
+
+  - { kind: call, method: "<org.apache.wicket.request.http.WebRequest: java.util.List getHeaders(java.lang.String)>", index: result, type: "java.util.List" }
+  - { kind: call, method: "<org.apache.wicket.request.http.WebRequest: java.lang.String getHeader(java.lang.String)>", index: result, type: "java.lang.String" }
+
+  - { kind: call, method: "<org.apache.wicket.protocol.http.ClientProperties: java.lang.String getNavigatorAppCodeName()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<org.apache.wicket.protocol.http.ClientProperties: java.lang.String getNavigatorAppName()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<org.apache.wicket.protocol.http.ClientProperties: java.lang.String getNavigatorAppVersion()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<org.apache.wicket.protocol.http.ClientProperties: java.lang.String getNavigatorLanguage()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<org.apache.wicket.protocol.http.ClientProperties: java.lang.String getNavigatorPlatform()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<org.apache.wicket.protocol.http.ClientProperties: java.lang.String getNavigatorUserAgent()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<org.apache.wicket.protocol.http.ClientProperties: java.lang.String getRemoteAddress()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<org.apache.wicket.protocol.http.ClientProperties: java.lang.String getHostname()>", index: result, type: "java.lang.String" }
+
+  - { kind: call, method: "<org.apache.wicket.request.IRequestParameters: java.util.Set getParameterNames()>", index: result, type: "java.util.Set" }
+  - { kind: call, method: "<org.apache.wicket.request.IRequestParameters: org.apache.wicket.util.string.StringValue getParameterValue(java.lang.String)>", index: result, type: "org.apache.wicket.util.string.StringValue" }
+  - { kind: call, method: "<org.apache.wicket.request.IRequestParameters: java.util.List getParameterValues(java.lang.String)>", index: result, type: "java.util.List" }
+
+  - { kind: call, method: "<org.apache.wicket.protocol.http.servlet.ServletPartFileItem: java.lang.String getName()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<org.apache.wicket.protocol.http.servlet.ServletPartFileItem: java.lang.String getFileName(javax.servlet.http.Part)>", index: result, type: "java.lang.String" }
+
+  - { kind: call, method: "<org.apache.wicket.protocol.http.servlet.ServletPartFileItem: byte[] get()>", index: result, type: "byte[]" }
+  - { kind: call, method: "<org.apache.wicket.protocol.http.servlet.ServletPartFileItem: java.lang.String getString(java.lang.String)>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<org.apache.wicket.protocol.http.servlet.ServletPartFileItem: java.lang.String getString()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<org.apache.wicket.protocol.http.servlet.ServletPartFileItem: java.io.InputStream getInputStream()>", index: result, type: "java.io.InputStream" }
diff --git a/src/main/resources/commonly-used-taint-config/source/injection/dropwizard/README.adoc b/src/main/resources/commonly-used-taint-config/source/injection/dropwizard/README.adoc
new file mode 100644
index 000000000..dd5fa832a
--- /dev/null
+++ b/src/main/resources/commonly-used-taint-config/source/injection/dropwizard/README.adoc
@@ -0,0 +1,8 @@
+= Description
+
+The Sources recorded in this directory primarily come from the Dropwizard framework. The source methods that can cause taint include:
+- Methods that take the incoming request as a parameter (e.g., doFilter, doGet)
+- Methods that retrieve properties from the incoming request (e.g., getParameter, getBody)
+- ...
+
+These inputs are provided externally and can be spoofed.
diff --git a/src/main/resources/commonly-used-taint-config/source/injection/dropwizard/dropwizard-jersey/dropwizard-jersey.yml b/src/main/resources/commonly-used-taint-config/source/injection/dropwizard/dropwizard-jersey/dropwizard-jersey.yml
new file mode 100644
index 000000000..e6531df49
--- /dev/null
+++ b/src/main/resources/commonly-used-taint-config/source/injection/dropwizard/dropwizard-jersey/dropwizard-jersey.yml
@@ -0,0 +1,2 @@
+sources:
+  - { kind: param, method: "<io.dropwizard.jersey.filter.AllowedMethodsFilter: void doFilter(jakarta.servlet.ServletRequest,jakarta.servlet.ServletResponse,jakarta.servlet.FilterChain)>", index: 0, type: "jakarta.servlet.ServletRequest" }
diff --git a/src/main/resources/commonly-used-taint-config/source/injection/dropwizard/dropwizard-servlets/dropwizard-servlet.yml b/src/main/resources/commonly-used-taint-config/source/injection/dropwizard/dropwizard-servlets/dropwizard-servlet.yml
new file mode 100644
index 000000000..c4408d3af
--- /dev/null
+++ b/src/main/resources/commonly-used-taint-config/source/injection/dropwizard/dropwizard-servlets/dropwizard-servlet.yml
@@ -0,0 +1,10 @@
+sources:
+  - { kind: call, method: "<io.dropwizard.servlets.Servlets: java.lang.String getFullUrl(jakarta.servlet.http.HttpServletRequest)>", index: result, type: "java.lang.String" }
+  - { kind: param, method: "<io.dropwizard.servlets.CacheBustingFilter: void doFilter(jakarta.servlet.ServletRequest,jakarta.servlet.ServletResponse,jakarta.servlet.FilterChain)>", index: 0, type: "jakarta.servlet.ServletRequest" }
+  - { kind: param, method: "<io.dropwizard.servlets.ThreadNameFilter: void doFilter(jakarta.servlet.ServletRequest,jakarta.servlet.ServletResponse,jakarta.servlet.FilterChain)>", index: 0, type: "jakarta.servlet.ServletRequest" }
+  - { kind: param, method: "<io.dropwizard.servlets.SlowRequestFilter: void doFilter(jakarta.servlet.ServletRequest,jakarta.servlet.ServletResponse,jakarta.servlet.FilterChain)>", index: 0, type: "jakarta.servlet.ServletRequest" }
+  
+  - { kind: param, method: "<io.dropwizard.servlets.tasks.TaskServlet: void doGet(jakarta.servlet.http.HttpServletRequest,jakarta.servlet.http.HttpServletResponse)>", index: 0, type: "jakarta.servlet.http.HttpServletRequest" }
+  - { kind: param, method: "<io.dropwizard.servlets.tasks.TaskServlet: void doPost(jakarta.servlet.http.HttpServletRequest,jakarta.servlet.http.HttpServletResponse)>", index: 0, type: "jakarta.servlet.http.HttpServletRequest" }
+  - { kind: call, method: "<io.dropwizard.servlets.tasks.TaskServlet: java.util.Map getParams(jakarta.servlet.http.HttpServletRequest)>", index: result, type: "java.util.Map" }
+  - { kind: call, method: "<io.dropwizard.servlets.tasks.TaskServlet: java.lang.String getBody(jakarta.servlet.http.HttpServletRequest)>", index: result, type: "java.lang.String" }
\ No newline at end of file
diff --git a/src/main/resources/commonly-used-taint-config/source/injection/java/README.adoc b/src/main/resources/commonly-used-taint-config/source/injection/java/README.adoc
new file mode 100644
index 000000000..e3ca3dfd6
--- /dev/null
+++ b/src/main/resources/commonly-used-taint-config/source/injection/java/README.adoc
@@ -0,0 +1,8 @@
+= Description
+
+The Sources recorded in this directory primarily come from the Java standard library. The source methods that can cause taint include:
+- Methods that retrieve properties from the incoming request (e.g., getContent, getRemoteSocketAddress)
+- Methods that take external input (e.g., getSelectedText, readLine)
+- ...
+
+These inputs are provided externally and can be spoofed.
diff --git a/src/main/resources/commonly-used-taint-config/source/injection/java/java-awt.yml b/src/main/resources/commonly-used-taint-config/source/injection/java/java-awt.yml
new file mode 100644
index 000000000..077ee2dc7
--- /dev/null
+++ b/src/main/resources/commonly-used-taint-config/source/injection/java/java-awt.yml
@@ -0,0 +1,3 @@
+sources:
+  - { kind: call, method: "<java.awt.TextComponent: java.lang.String getSelectedText()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<java.awt.TextComponent: java.lang.String getText()>", index: result, type: "java.lang.String" }
diff --git a/src/main/resources/commonly-used-taint-config/source/injection/java/java-io.yml b/src/main/resources/commonly-used-taint-config/source/injection/java/java-io.yml
new file mode 100644
index 000000000..4df2b601a
--- /dev/null
+++ b/src/main/resources/commonly-used-taint-config/source/injection/java/java-io.yml
@@ -0,0 +1,8 @@
+sources:
+  - { kind: call, method: "<java.io.BufferedReader: java.lang.String readLine()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<java.io.Console: java.lang.String readLine()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<java.io.Console: java.lang.String readLine(java.lang.String,java.lang.Object[])>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<java.io.DataInputStream: java.lang.String readLine()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<java.io.DataInputStream: java.lang.String readUTF()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<java.io.DataInputStream: java.lang.String readUTF(java.io.DataInput)>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<java.io.LineNumberReader: java.lang.String readLine()>", index: result, type: "java.lang.String" }
diff --git a/src/main/resources/commonly-used-taint-config/source/injection/java/java-net.yml b/src/main/resources/commonly-used-taint-config/source/injection/java/java-net.yml
new file mode 100644
index 000000000..ee6ede543
--- /dev/null
+++ b/src/main/resources/commonly-used-taint-config/source/injection/java/java-net.yml
@@ -0,0 +1,26 @@
+sources:
+  - { kind: call, method: "<java.net.URL: java.lang.Object getContent()>", index: result, type: "java.lang.Object" }
+  - { kind: call, method: "<java.net.URL: java.lang.Object getContent(java.lang.Class[])>", index: result, type: "java.lang.Object" }
+
+  - { kind: call, method: "<java.net.HttpCookie: java.lang.String getComment()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<java.net.HttpCookie: java.lang.String getCommentURL()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<java.net.HttpCookie: java.lang.String getDiscard()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<java.net.HttpCookie: java.lang.String getDomain()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<java.net.HttpCookie: java.lang.String getMaxAge()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<java.net.HttpCookie: java.lang.String getPath()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<java.net.HttpCookie: java.lang.String getPortlist()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<java.net.HttpCookie: java.lang.String getSecure()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<java.net.HttpCookie: java.lang.String getValue()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<java.net.HttpCookie: java.lang.String getVersion()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<java.net.HttpCookie: java.lang.String getName()>", index: result, type: "java.lang.String" }
+  
+  - { kind: call, method: "<java.net.CookieHandler: java.util.Map get(java.net.URI,java.util.Map)>", index: result, type: "java.util.Map" }
+  - { kind: call, method: "<java.net.CookieManager: java.util.Map get(java.net.URI,java.util.Map)>", index: result, type: "java.util.Map" }
+  
+  - { kind: call, method: "<java.net.DatagramPacket: java.net.InetAddress getAddress()>", index: result, type: "java.net.InetAddress" }
+  - { kind: call, method: "<java.net.DatagramPacket: byte[] getData()>", index: result, type: "byte[]" }
+  - { kind: call, method: "<java.net.DatagramPacket: java.net.SocketAddress getSocketAddress()>", index: result, type: "java.net.SocketAddress" }
+  - { kind: call, method: "<java.net.DatagramPacket: int getPort()>", index: result, type: "int" }
+  - { kind: call, method: "<java.net.DatagramSocket: java.net.SocketAddress getRemoteSocketAddress()>", index: result, type: "java.net.SocketAddress" }
+  - { kind: call, method: "<java.net.DatagramSocket: java.net.InetAddress getInetAddress()>", index: result, type: "java.net.InetAddress" }
+  - { kind: call, method: "<java.net.DatagramSocket: int getPort()>", index: result, type: "int" }
\ No newline at end of file
diff --git a/src/main/resources/commonly-used-taint-config/source/injection/java/java-util-Scanner.yml b/src/main/resources/commonly-used-taint-config/source/injection/java/java-util-Scanner.yml
new file mode 100644
index 000000000..252ede005
--- /dev/null
+++ b/src/main/resources/commonly-used-taint-config/source/injection/java/java-util-Scanner.yml
@@ -0,0 +1,12 @@
+sources:
+  - { kind: call, method: "<java.util.Scanner: void <init>(java.io.File)>", index: 0, type: "java.io.File" }
+  - { kind: call, method: "<java.util.Scanner: void <init>(java.io.File,java.lang.String)>", index: 0, type: "java.io.File" }
+  - { kind: call, method: "<java.util.Scanner: void <init>(java.io.InputStream)>", index: 0, type: "java.io.InputStream" }
+  - { kind: call, method: "<java.util.Scanner: void <init>(java.io.InputStream,java.lang.String)>", index: 0, type: "java.io.InputStream" }
+  - { kind: call, method: "<java.util.Scanner: void <init>(java.nio.file.Path)>", index: 0, type: "java.nio.file.Path" }
+  - { kind: call, method: "<java.util.Scanner: void <init>(java.nio.file.Path,java.lang.String)>", index: 0, type: "java.nio.file.Path" }
+  - { kind: call, method: "<java.util.Scanner: void <init>(java.lang.Readable)>", index: 0, type: "java.lang.Readable" }
+  - { kind: call, method: "<java.util.Scanner: void <init>(java.nio.channels.ReadableByteChannel)>", index: 0, type: "java.nio.channels.ReadableByteChannel" }
+  - { kind: call, method: "<java.util.Scanner: void <init>(java.nio.channels.ReadableByteChannel,java.lang.String)>", index: 0, type: "java.nio.channels.ReadableByteChannel" }
+  - { kind: call, method: "<java.util.Scanner: void <init>(java.lang.String)>", index: 0, type: "java.lang.String" }
+
diff --git a/src/main/resources/commonly-used-taint-config/source/injection/javax/README.adoc b/src/main/resources/commonly-used-taint-config/source/injection/javax/README.adoc
new file mode 100644
index 000000000..682875b33
--- /dev/null
+++ b/src/main/resources/commonly-used-taint-config/source/injection/javax/README.adoc
@@ -0,0 +1,8 @@
+= Description
+
+The Sources recorded in this directory primarily come from Java EE. The source methods that can cause taint include:
+- Methods that take external input (e.g., getSelectedText)
+- Methods that retrieve properties from the incoming request (e.g., getParameter, getContentType)
+- ...
+
+These inputs are provided externally and can be spoofed.
diff --git a/src/main/resources/commonly-used-taint-config/source/injection/javax/javax-portlet/PortletRequest.yml b/src/main/resources/commonly-used-taint-config/source/injection/javax/javax-portlet/PortletRequest.yml
new file mode 100644
index 000000000..75f7a6d1d
--- /dev/null
+++ b/src/main/resources/commonly-used-taint-config/source/injection/javax/javax-portlet/PortletRequest.yml
@@ -0,0 +1,18 @@
+sources:
+  - { kind: call, method: "<javax.portlet.PortletRequest: javax.portlet.PortletMode getPortletMode()>", index: result, type: "javax.portlet.PortletMode" }
+  - { kind: call, method: "<javax.portlet.PortletRequest: javax.portlet.WindowState getWindowState()>", index: result, type: "javax.portlet.WindowState" }
+  - { kind: call, method: "<javax.portlet.PortletRequest: java.lang.String getRemoteUser()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<javax.portlet.PortletRequest: java.security.Principal getUserPrincipal()>", index: result, type: "java.security.Principal" }
+  - { kind: call, method: "<javax.portlet.PortletRequest: java.lang.String getParameter(java.lang.String)>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<javax.portlet.PortletRequest: java.util.Map getParameterMap()>", index: result, type: "java.util.Map" }
+  - { kind: call, method: "<javax.portlet.PortletRequest: java.util.Enumeration getParameterNames()>", index: result, type: "java.util.Enumeration" }
+  - { kind: call, method: "<javax.portlet.PortletRequest: java.lang.String[] getParameterValues(java.lang.String)>", index: result, type: "java.lang.String[]" }
+  - { kind: call, method: "<javax.portlet.PortletRequest: java.lang.String getRequestedSessionId()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<javax.portlet.PortletRequest: java.util.Enumeration getResponseContentType()>", index: result, type: "java.util.Enumeration" }
+  - { kind: call, method: "<javax.portlet.PortletRequest: java.util.Enumeration getResponseContentTypes()>", index: result, type: "java.util.Enumeration" }
+  - { kind: call, method: "<javax.portlet.PortletRequest: java.util.Locale getLocale()>", index: result, type: "java.util.Locale" }
+  - { kind: call, method: "<javax.portlet.PortletRequest: java.lang.String getServerName()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<javax.portlet.PortletRequest: java.lang.String getWindowID()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<javax.portlet.PortletRequest: javax.portlet.http.Cookie[] getCookies()>", index: result, type: "javax.portlet.http.Cookie[]" }
+  - { kind: call, method: "<javax.portlet.PortletRequest: java.util.Map getPrivateParameterMap()>", index: result, type: "java.util.Map" }
+  - { kind: call, method: "<javax.portlet.PortletRequest: java.util.Map getPublicParameterMap()>", index: result, type: "java.util.Map" }
diff --git a/src/main/resources/commonly-used-taint-config/source/injection/javax/javax-portlet/portlet-other.yml b/src/main/resources/commonly-used-taint-config/source/injection/javax/javax-portlet/portlet-other.yml
new file mode 100644
index 000000000..80f78f941
--- /dev/null
+++ b/src/main/resources/commonly-used-taint-config/source/injection/javax/javax-portlet/portlet-other.yml
@@ -0,0 +1,14 @@
+sources:
+  - { kind: call, method: "<javax.portlet.ActionRequest: java.io.BufferedReader getReader()>", index: result, type: "java.io.BufferedReader" }
+  - { kind: call, method: "<javax.portlet.ActionRequest: java.lang.String getCharacterEncoding()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<javax.portlet.ActionRequest: java.lang.String getContentType()>", index: result, type: "java.lang.String" }
+
+  - { kind: call, method: "<javax.portlet.ClientDataRequest: java.io.InputStream getPortletInputStream()>", index: result, type: "java.io.InputStream" }
+  - { kind: call, method: "<javax.portlet.ClientDataRequest: java.io.BufferedReader getReader()>", index: result, type: "java.io.BufferedReader" }
+  - { kind: call, method: "<javax.portlet.ClientDataRequest: java.lang.String getContentType()>", index: result, type: "java.lang.String" }
+
+  - { kind: call, method: "<javax.portlet.RenderRequest: java.lang.String getETag()>", index: result, type: "java.lang.String" }
+
+  - { kind: call, method: "<javax.portlet.ResourceRequest: java.lang.String getETag()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<javax.portlet.ResourceRequest: java.lang.String getResourceID()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<javax.portlet.ResourceRequest: java.util.Map getPrivateRenderParameterMap()>", index: result, type: "java.util.Map" }
diff --git a/src/main/resources/commonly-used-taint-config/source/injection/javax/javax-servlet/Cookie.yml b/src/main/resources/commonly-used-taint-config/source/injection/javax/javax-servlet/Cookie.yml
new file mode 100644
index 000000000..a1c2ce2f5
--- /dev/null
+++ b/src/main/resources/commonly-used-taint-config/source/injection/javax/javax-servlet/Cookie.yml
@@ -0,0 +1,6 @@
+sources:
+  - { kind: call, method: "<javax.servlet.http.Cookie: java.lang.String getComment()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<javax.servlet.http.Cookie: java.lang.String getDomain()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<javax.servlet.http.Cookie: java.lang.String getName()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<javax.servlet.http.Cookie: java.lang.String getPath()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<javax.servlet.http.Cookie: java.lang.String getValue()>", index: result, type: "java.lang.String" }
diff --git a/src/main/resources/commonly-used-taint-config/source/injection/javax/javax-servlet/HttpServletRequestWrapper.yml b/src/main/resources/commonly-used-taint-config/source/injection/javax/javax-servlet/HttpServletRequestWrapper.yml
new file mode 100644
index 000000000..251eb7203
--- /dev/null
+++ b/src/main/resources/commonly-used-taint-config/source/injection/javax/javax-servlet/HttpServletRequestWrapper.yml
@@ -0,0 +1,20 @@
+sources:
+  - { kind: call, method: "<javax.servlet.http.HttpServletRequestWrapper: java.lang.String getContentType()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<javax.servlet.http.HttpServletRequestWrapper: javax.servlet.http.Cookie[] getCookies()>", index: result, type: "javax.servlet.http.Cookie[]" }
+  - { kind: call, method: "<javax.servlet.http.HttpServletRequestWrapper: java.lang.String getHeader(java.lang.String)>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<javax.servlet.http.HttpServletRequestWrapper: java.util.Enumeration getHeaderNames()>", index: result, type: "java.util.Enumeration" }
+  - { kind: call, method: "<javax.servlet.http.HttpServletRequestWrapper: java.util.Enumeration getHeaders(java.lang.String)>", index: result, type: "java.util.Enumeration" }
+  - { kind: call, method: "<javax.servlet.http.HttpServletRequestWrapper: java.lang.String getLocalName()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<javax.servlet.http.HttpServletRequestWrapper: java.lang.String getParameter(java.lang.String)>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<javax.servlet.http.HttpServletRequestWrapper: java.util.Map getParameterMap()>", index: result, type: "java.util.Map" }
+  - { kind: call, method: "<javax.servlet.http.HttpServletRequestWrapper: java.util.Enumeration getParameterNames()>", index: result, type: "java.util.Enumeration" }
+  - { kind: call, method: "<javax.servlet.http.HttpServletRequestWrapper: java.lang.String[] getParameterValues(java.lang.String)>", index: result, type: "java.lang.String[]" }
+  - { kind: call, method: "<javax.servlet.http.HttpServletRequestWrapper: java.lang.String getPathInfo()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<javax.servlet.http.HttpServletRequestWrapper: java.lang.String getPathTranslated()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<javax.servlet.http.HttpServletRequestWrapper: java.lang.String getQueryString()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<javax.servlet.http.HttpServletRequestWrapper: java.lang.String getRemoteHost()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<javax.servlet.http.HttpServletRequestWrapper: java.lang.String getRemoteUser()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<javax.servlet.http.HttpServletRequestWrapper: java.lang.String getRequestURI()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<javax.servlet.http.HttpServletRequestWrapper: java.lang.StringBuffer getRequestURL()>", index: result, type: "java.lang.StringBuffer" }
+  - { kind: call, method: "<javax.servlet.http.HttpServletRequestWrapper: java.lang.String getServerName()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<javax.servlet.http.HttpServletRequestWrapper: java.lang.String getServletPath()>", index: result, type: "java.lang.String" }
diff --git a/src/main/resources/commonly-used-taint-config/source/injection/javax/javax-servlet/ServletRequestWrapper.yml b/src/main/resources/commonly-used-taint-config/source/injection/javax/javax-servlet/ServletRequestWrapper.yml
new file mode 100644
index 000000000..556533eea
--- /dev/null
+++ b/src/main/resources/commonly-used-taint-config/source/injection/javax/javax-servlet/ServletRequestWrapper.yml
@@ -0,0 +1,9 @@
+sources:
+  - { kind: call, method: "<javax.servlet.ServletRequestWrapper: java.lang.String getContentType()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<javax.servlet.ServletRequestWrapper: java.lang.String getLocalName()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<javax.servlet.ServletRequestWrapper: java.lang.String getParameter(java.lang.String)>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<javax.servlet.ServletRequestWrapper: java.util.Map getParameterMap()>", index: result, type: "java.util.Map" }
+  - { kind: call, method: "<javax.servlet.ServletRequestWrapper: java.util.Enumeration getParameterNames()>", index: result, type: "java.util.Enumeration" }
+  - { kind: call, method: "<javax.servlet.ServletRequestWrapper: java.lang.String[] getParameterValues(java.lang.String)>", index: result, type: "java.lang.String[]" }
+  - { kind: call, method: "<javax.servlet.ServletRequestWrapper: java.lang.String getRemoteHost()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<javax.servlet.ServletRequestWrapper: java.lang.String getServerName()>", index: result, type: "java.lang.String" }
diff --git a/src/main/resources/commonly-used-taint-config/source/injection/javax/javax-swing/swing.yml b/src/main/resources/commonly-used-taint-config/source/injection/javax/javax-swing/swing.yml
new file mode 100644
index 000000000..b113f56bd
--- /dev/null
+++ b/src/main/resources/commonly-used-taint-config/source/injection/javax/javax-swing/swing.yml
@@ -0,0 +1,4 @@
+sources:
+  - { kind: call, method: "<javax.swing.text.JTextComponent: java.lang.String getSelectedText()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<javax.swing.text.JTextComponent: java.lang.String getText()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<javax.swing.text.JTextComponent: java.lang.String getText(int,int)>", index: result, type: "java.lang.String" }
\ No newline at end of file
diff --git a/src/main/resources/commonly-used-taint-config/source/injection/jetty/README.adoc b/src/main/resources/commonly-used-taint-config/source/injection/jetty/README.adoc
new file mode 100644
index 000000000..d9dd7d1ae
--- /dev/null
+++ b/src/main/resources/commonly-used-taint-config/source/injection/jetty/README.adoc
@@ -0,0 +1,8 @@
+= Description
+
+The Sources recorded in this directory primarily come from Jetty. The source methods that can cause taint include:
+- Methods that take the incoming request as a parameter (e.g., handle)
+- Methods that retrieve properties from the incoming request (e.g., getParam, getQuery)
+- ...
+
+These inputs are provided externally and can be spoofed.
diff --git a/src/main/resources/commonly-used-taint-config/source/injection/jetty/jetty-http/jetty-http.yml b/src/main/resources/commonly-used-taint-config/source/injection/jetty/jetty-http/jetty-http.yml
new file mode 100644
index 000000000..a6d7b3483
--- /dev/null
+++ b/src/main/resources/commonly-used-taint-config/source/injection/jetty/jetty-http/jetty-http.yml
@@ -0,0 +1,27 @@
+sources:
+  - { kind: call, method: "<org.eclipse.jetty.http.HttpFields: java.util.Set getFieldNamesCollection()>", index: result, type: "java.util.Set" }
+  - { kind: call, method: "<org.eclipse.jetty.http.HttpFields: java.util.Enumeration getFieldNames()>", index: result, type: "java.util.Enumeration" }
+  - { kind: call, method: "<org.eclipse.jetty.http.HttpFields: java.lang.String getStringField(org.eclipse.jetty.http.HttpHeader)>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<org.eclipse.jetty.http.HttpFields: java.lang.String get(org.eclipse.jetty.http.HttpHeader)>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<org.eclipse.jetty.http.HttpFields: java.lang.String getStringField(java.lang.String)>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<org.eclipse.jetty.http.HttpFields: java.lang.String get(java.lang.String)>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<org.eclipse.jetty.http.HttpFields: java.util.List getCSV(org.eclipse.jetty.http.HttpHeader,boolean)>", index: result, type: "java.util.List" }
+  - { kind: call, method: "<org.eclipse.jetty.http.HttpFields: java.util.List getCSV(java.lang.String,boolean)>", index: result, type: "java.util.List" }
+  - { kind: call, method: "<org.eclipse.jetty.http.HttpFields: java.util.List getQualityCSV(org.eclipse.jetty.http.HttpHeader)>", index: result, type: "java.util.List" }
+  - { kind: call, method: "<org.eclipse.jetty.http.HttpFields: java.util.List getQualityCSV(java.lang.String)>", index: result, type: "java.util.List" }
+  - { kind: call, method: "<org.eclipse.jetty.http.HttpFields: java.util.Enumeration getValues(java.lang.String)>", index: result, type: "java.util.Enumeration" }
+  - { kind: call, method: "<org.eclipse.jetty.http.HttpFields: java.util.Enumeration getValues(java.lang.String,java.lang.String)>", index: result, type: "java.util.Enumeration" }
+  - { kind: call, method: "<org.eclipse.jetty.http.HttpFields: java.lang.String valueParameters(java.lang.String,java.util.Map)>", index: result, type: "java.lang.String" }
+
+  - { kind: call, method: "<org.eclipse.jetty.http.HttpField: java.lang.String getName()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<org.eclipse.jetty.http.HttpField: java.lang.String getValue()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<org.eclipse.jetty.http.HttpField: java.lang.String[] getValues()>", index: result, type: "java.lang.String[]" }
+  - { kind: call, method: "<org.eclipse.jetty.http.HttpField: java.lang.String toString()>", index: result, type: "java.lang.String" }
+
+  - { kind: call, method: "<org.eclipse.jetty.http.HttpCookie: java.lang.String getName()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<org.eclipse.jetty.http.HttpCookie: java.lang.String getValue()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<org.eclipse.jetty.http.HttpCookie: java.lang.String asString()>", index: result, type: "java.lang.String" }
+
+  - { kind: call, method: "<org.eclipse.jetty.http.HttpURI: java.lang.String getParam()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<org.eclipse.jetty.http.HttpURI: java.lang.String getQuery()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<org.eclipse.jetty.http.HttpURI: java.lang.String getHost()>", index: result, type: "java.lang.String" }
diff --git a/src/main/resources/commonly-used-taint-config/source/injection/jetty/jetty-server/jetty-server.yml b/src/main/resources/commonly-used-taint-config/source/injection/jetty/jetty-server/jetty-server.yml
new file mode 100644
index 000000000..e20125dbc
--- /dev/null
+++ b/src/main/resources/commonly-used-taint-config/source/injection/jetty/jetty-server/jetty-server.yml
@@ -0,0 +1,26 @@
+sources:
+  - { kind: param, method: "<org.eclipse.jetty.server.Server: boolean handle(org.eclipse.jetty.server.Request,org.eclipse.jetty.server.Response,org.eclipse.jetty.util.Callback)>", index: 0, type: "org.eclipse.jetty.server.Request" }
+  - { kind: param, method: "<org.eclipse.jetty.server.SizeLimitHandler: boolean handle(org.eclipse.jetty.server.Request,org.eclipse.jetty.server.Response,org.eclipse.jetty.util.Callback)>", index: 0, type: "org.eclipse.jetty.server.Request" }
+  
+  - { kind: param, method: "<org.eclipse.jetty.server.handler.ConnectHandler: boolean handle(org.eclipse.jetty.server.Request,org.eclipse.jetty.server.Response,org.eclipse.jetty.util.Callback)>", index: 0, type: "org.eclipse.jetty.server.Request" }
+  - { kind: param, method: "<org.eclipse.jetty.server.handler.ContextHandler: boolean handle(org.eclipse.jetty.server.Request,org.eclipse.jetty.server.Response,org.eclipse.jetty.util.Callback)>", index: 0, type: "org.eclipse.jetty.server.Request" }
+  - { kind: param, method: "<org.eclipse.jetty.server.handler.ContextHandlerCollection: boolean handle(org.eclipse.jetty.server.Request,org.eclipse.jetty.server.Response,org.eclipse.jetty.util.Callback)>", index: 0, type: "org.eclipse.jetty.server.Request" }
+  - { kind: param, method: "<org.eclipse.jetty.server.handler.CrossOriginHandler: boolean handle(org.eclipse.jetty.server.Request,org.eclipse.jetty.server.Response,org.eclipse.jetty.util.Callback)>", index: 0, type: "org.eclipse.jetty.server.Request" }
+  - { kind: param, method: "<org.eclipse.jetty.server.handler.DebugHandler: boolean handle(org.eclipse.jetty.server.Request,org.eclipse.jetty.server.Response,org.eclipse.jetty.util.Callback)>", index: 0, type: "" }
+  - { kind: param, method: "<org.eclipse.jetty.server.handler.DefaultHandler: boolean handle(org.eclipse.jetty.server.Request,org.eclipse.jetty.server.Response,org.eclipse.jetty.util.Callback)>", index: 0, type: "org.eclipse.jetty.server.Request" }
+  - { kind: param, method: "<org.eclipse.jetty.server.handler.DelayedHandler: boolean handle(org.eclipse.jetty.server.Request,org.eclipse.jetty.server.Response,org.eclipse.jetty.util.Callback)>", index: 0, type: "org.eclipse.jetty.server.Request" }
+  - { kind: param, method: "<org.eclipse.jetty.server.handler.ErrorHandler: boolean handle(org.eclipse.jetty.server.Request,org.eclipse.jetty.server.Response,org.eclipse.jetty.util.Callback)>", index: 0, type: "org.eclipse.jetty.server.Request" }
+  - { kind: param, method: "<org.eclipse.jetty.server.handler.EventsHandler: boolean handle(org.eclipse.jetty.server.Request,org.eclipse.jetty.server.Response,org.eclipse.jetty.util.Callback)>", index: 0, type: "org.eclipse.jetty.server.Request" }
+  - { kind: param, method: "<org.eclipse.jetty.server.handler.GracefulHandler: boolean handle(org.eclipse.jetty.server.Request,org.eclipse.jetty.server.Response,org.eclipse.jetty.util.Callback)>", index: 0, type: "org.eclipse.jetty.server.Request" }
+  - { kind: param, method: "<org.eclipse.jetty.server.handler.HotSwapHandler: boolean handle(org.eclipse.jetty.server.Request,org.eclipse.jetty.server.Response,org.eclipse.jetty.util.Callback)>", index: 0, type: "org.eclipse.jetty.server.Request" }
+  - { kind: param, method: "<org.eclipse.jetty.server.handler.IdleTimeoutHandler: boolean handle(org.eclipse.jetty.server.Request,org.eclipse.jetty.server.Response,org.eclipse.jetty.util.Callback)>", index: 0, type: "org.eclipse.jetty.server.Request" }
+  - { kind: param, method: "<org.eclipse.jetty.server.handler.MovedContextHandler: boolean handle(org.eclipse.jetty.server.Request,org.eclipse.jetty.server.Response,org.eclipse.jetty.util.Callback)>", index: 0, type: "org.eclipse.jetty.server.Request" }
+  - { kind: param, method: "<org.eclipse.jetty.server.handler.PathMappingsHandler: boolean handle(org.eclipse.jetty.server.Request,org.eclipse.jetty.server.Response,org.eclipse.jetty.util.Callback)>", index: 0, type: "org.eclipse.jetty.server.Request" }
+  - { kind: param, method: "<org.eclipse.jetty.server.handler.ResourceHandler: boolean handle(org.eclipse.jetty.server.Request,org.eclipse.jetty.server.Response,org.eclipse.jetty.util.Callback)>", index: 0, type: "org.eclipse.jetty.server.Request" }
+  - { kind: param, method: "<org.eclipse.jetty.server.handler.SecuredRedirectHandler: boolean handle(org.eclipse.jetty.server.Request,org.eclipse.jetty.server.Response,org.eclipse.jetty.util.Callback)>", index: 0, type: "org.eclipse.jetty.server.Request" }
+  - { kind: param, method: "<org.eclipse.jetty.server.handler.ShutdownHandler: boolean handle(org.eclipse.jetty.server.Request,org.eclipse.jetty.server.Response,org.eclipse.jetty.util.Callback)>", index: 0, type: "org.eclipse.jetty.server.Request" }
+  - { kind: param, method: "<org.eclipse.jetty.server.handler.StateTrackingHandler: boolean handle(org.eclipse.jetty.server.Request,org.eclipse.jetty.server.Response,org.eclipse.jetty.util.Callback)>", index: 0, type: "org.eclipse.jetty.server.Request" }
+  - { kind: param, method: "<org.eclipse.jetty.server.handler.StatisticsHandler: boolean handle(org.eclipse.jetty.server.Request,org.eclipse.jetty.server.Response,org.eclipse.jetty.util.Callback)>", index: 0, type: "org.eclipse.jetty.server.Request" }
+  - { kind: param, method: "<org.eclipse.jetty.server.handler.TryPathsHandler: boolean handle(org.eclipse.jetty.server.Request,org.eclipse.jetty.server.Response,org.eclipse.jetty.util.Callback)>", index: 0, type: "org.eclipse.jetty.server.Request" }
+  - { kind: param, method: "<org.eclipse.jetty.server.handler.gzip.GzipHandler: boolean handle(org.eclipse.jetty.server.Request,org.eclipse.jetty.server.Response,org.eclipse.jetty.util.Callback)>", index: 0, type: "org.eclipse.jetty.server.Request" }
+ 
\ No newline at end of file
diff --git a/src/main/resources/commonly-used-taint-config/source/injection/jetty/jetty-session/jetty-session.yml b/src/main/resources/commonly-used-taint-config/source/injection/jetty/jetty-session/jetty-session.yml
new file mode 100644
index 000000000..a4c27b29b
--- /dev/null
+++ b/src/main/resources/commonly-used-taint-config/source/injection/jetty/jetty-session/jetty-session.yml
@@ -0,0 +1,2 @@
+sources:
+  - { kind: param, method: "<org.eclipse.jetty.session.SessionHandler: boolean handle(org.eclipse.jetty.server.Request,org.eclipse.jetty.server.Response,org.eclipse.jetty.util.Callback)>", index: 0, type: "org.eclipse.jetty.server.Request" }
diff --git a/src/main/resources/commonly-used-taint-config/source/injection/sonarqube/README.adoc b/src/main/resources/commonly-used-taint-config/source/injection/sonarqube/README.adoc
new file mode 100644
index 000000000..b2b48cbde
--- /dev/null
+++ b/src/main/resources/commonly-used-taint-config/source/injection/sonarqube/README.adoc
@@ -0,0 +1,7 @@
+= Description
+
+The Sources recorded in this directory primarily come from SonarQube. The source methods that can cause taint include:
+- Methods that retrieve properties from the incoming request (e.g., getParams, getValues)
+- ...
+
+These inputs are provided externally and can be spoofed.
diff --git a/src/main/resources/commonly-used-taint-config/source/injection/sonarqube/sonarqube-ws/sonarqube-ws.yml b/src/main/resources/commonly-used-taint-config/source/injection/sonarqube/sonarqube-ws/sonarqube-ws.yml
new file mode 100644
index 000000000..865a3f823
--- /dev/null
+++ b/src/main/resources/commonly-used-taint-config/source/injection/sonarqube/sonarqube-ws/sonarqube-ws.yml
@@ -0,0 +1,11 @@
+sources:
+  - { kind: call, method: "<org.sonarqube.ws.client.BaseRequest$DefaultParameters: java.lang.String getValue(java.lang.String)>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<org.sonarqube.ws.client.BaseRequest$DefaultParameters: java.util.List getValues(java.lang.String)>", index: result, type: "java.util.List" }
+  - { kind: call, method: "<org.sonarqube.ws.client.BaseRequest$DefaultParameters: java.util.Set getKeys()>", index: result, type: "java.util.Set" }
+  
+  - { kind: call, method: "<org.sonarqube.ws.client.BaseRequest$DefaultHeaders: java.util.Optional getValue(java.lang.String)>", index: result, type: "java.util.Optional" }
+  - { kind: call, method: "<org.sonarqube.ws.client.BaseRequest$DefaultHeaders: java.util.Set getNames()>", index: result, type: "java.util.Set" }
+
+  - { kind: call, method: "<org.sonarqube.ws.client.BaseRequest: java.lang.String getPath()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<org.sonarqube.ws.client.BaseRequest: java.lang.String getMediaType()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<org.sonarqube.ws.client.BaseRequest: java.util.Map getParams()>", index: result, type: "java.util.Map" }
diff --git a/src/main/resources/commonly-used-taint-config/transfer/string-transfers.yml b/src/main/resources/commonly-used-taint-config/transfer/string-transfers.yml
new file mode 100644
index 000000000..0c5bbda70
--- /dev/null
+++ b/src/main/resources/commonly-used-taint-config/transfer/string-transfers.yml
@@ -0,0 +1,179 @@
+transfers:
+  - { method: "<java.lang.String: void <init>(byte[])>", from: 0, to: base }
+  - { method: "<java.lang.String: void <init>(byte[],int)>", from: 0, to: base }
+  - { method: "<java.lang.String: void <init>(byte[],int,int)>", from: 0, to: base }
+  - { method: "<java.lang.String: void <init>(byte[],int,int,int)>", from: 0, to: base }
+  - { method: "<java.lang.String: void <init>(byte[],int,int,java.lang.String)>", from: 0, to: base }
+  - { method: "<java.lang.String: void <init>(byte[],int,int,java.nio.charset.Charset)>", from: 0, to: base }
+  - { method: "<java.lang.String: void <init>(byte[],java.lang.String)>", from: 0, to: base }
+  - { method: "<java.lang.String: void <init>(byte[],java.nio.charset.Charset)>", from: 0, to: base }
+
+  - { method: "<java.lang.String: void <init>(char[])>", from: 0, to: base }
+  - { method: "<java.lang.String: void <init>(char[],int,int)>", from: 0, to: base }
+
+  - { method: "<java.lang.String: void <init>(int[],int,int)>", from: 0, to: base }
+
+  - { method: "<java.lang.String: void <init>(java.lang.String)>", from: 0, to: base }
+  - { method: "<java.lang.String: void <init>(java.lang.StringBuilder)>", from: 0, to: base }
+  - { method: "<java.lang.String: void <init>(java.lang.StringBuffer)>", from: 0, to: base }
+
+  - { method: "<java.lang.String: char charAt(int)>", from: base, to: result }
+  - { method: "<java.lang.String: int codePointAt(int)>", from: base, to: result }
+  - { method: "<java.lang.String: int codePointBefore(int)>", from: base, to: result }
+
+  - { method: "<java.lang.String: java.lang.String concat(java.lang.String)>", from: 0, to: result }
+
+  - { method: "<java.lang.String: java.lang.String copyValueOf(char[])>", from: 0, to: result }
+  - { method: "<java.lang.String: java.lang.String copyValueOf(char[],int,int)>", from: 0, to: result }
+
+  - { method: "<java.lang.String: java.lang.String format(java.util.Locale,java.lang.String,java.lang.Object[])>", from: 1, to: result }
+  - { method: "<java.lang.String: java.lang.String format(java.util.Locale,java.lang.String,java.lang.Object[])>", from: "2[*]", to: result }
+  - { method: "<java.lang.String: java.lang.String format(java.lang.String,java.lang.Object[])>", from: 0, to: result }
+  - { method: "<java.lang.String: java.lang.String format(java.lang.String,java.lang.Object[])>", from: "1[*]", to: result }
+
+  - { method: "<java.lang.String: byte[] getBytes()>", from: base, to: result }
+  - { method: "<java.lang.String: byte[] getBytes(java.nio.charset.Charset)>", from: base, to: result }
+  - { method: "<java.lang.String: void getBytes(int,int,byte[],int)>", from: base, to: 2 }
+  - { method: "<java.lang.String: byte[] getBytes(java.lang.String)>", from: base, to: result }
+  - { method: "<java.lang.String: void getChars(int,int,char[],int)>", from: base, to: 2 }
+
+  - { method: "<java.lang.String: java.lang.String intern()>", from: base, to: result }
+
+  - { method: "<java.lang.String: java.lang.String join(java.lang.CharSequence,java.lang.CharSequence[])>", from: 0, to: result }
+  - { method: "<java.lang.String: java.lang.String join(java.lang.CharSequence,java.lang.CharSequence[])>", from: "1[*]", to: result }
+  - { method: "<java.lang.String: java.lang.String join(java.lang.CharSequence,java.lang.Iterable)>", from: 0, to: result }
+  - { method: "<java.lang.String: java.lang.String join(java.lang.CharSequence,java.lang.Iterable)>", from: 1, to: result }
+
+  - { method: "<java.lang.String: java.lang.String replace(char,char)>", from: 1, to: result }
+  - { method: "<java.lang.String: java.lang.String replace(char,char)>", from: base, to: result }
+  - { method: "<java.lang.String: java.lang.String replace(java.lang.CharSequence,java.lang.CharSequence)>", from: 1, to: result }
+  - { method: "<java.lang.String: java.lang.String replace(java.lang.CharSequence,java.lang.CharSequence)>", from: base, to: result }
+  - { method: "<java.lang.String: java.lang.String replaceAll(java.lang.String,java.lang.String)>", from: 1, to: result }
+  - { method: "<java.lang.String: java.lang.String replaceAll(java.lang.String,java.lang.String)>", from: base, to: result }
+  - { method: "<java.lang.String: java.lang.String replaceFirst(java.lang.String,java.lang.String)>", from: 1, to: result }
+  - { method: "<java.lang.String: java.lang.String replaceFirst(java.lang.String,java.lang.String)>", from: base, to: result }
+
+  - { method: "<java.lang.String: java.lang.String[] split(java.lang.String)>", from: base, to: "result[*]" }
+  - { method: "<java.lang.String: java.lang.String[] split(java.lang.String,int)>", from: base, to: "result[*]" }
+
+  - { method: "<java.lang.String: java.lang.CharSequence subSequence(int,int)>", from: base, to: result, type: "java.lang.String" }
+
+  - { method: "<java.lang.String: java.lang.String substring(int)>", from: base, to: result }
+  - { method: "<java.lang.String: java.lang.String substring(int,int)>", from: base, to: result }
+
+  - { method: "<java.lang.String: char[] toCharArray()>", from: base, to: result }
+
+  - { method: "<java.lang.String: java.lang.String toLowerCase()>", from: base, to: result }
+  - { method: "<java.lang.String: java.lang.String toLowerCase(java.util.Locale)>", from: base, to: result }
+  - { method: "<java.lang.String: java.lang.String toUpperCase()>", from: base, to: result }
+  - { method: "<java.lang.String: java.lang.String toUpperCase(java.util.Locale)>", from: base, to: result }
+
+  - { method: "<java.lang.String: java.lang.String trim()>", from: base, to: result }
+
+  - { method: "<java.lang.String: java.lang.String valueOf(boolean)>", from: 0, to: result }
+  - { method: "<java.lang.String: java.lang.String valueOf(char)>", from: 0, to: result }
+  - { method: "<java.lang.String: java.lang.String valueOf(char[])>", from: 0, to: result }
+  - { method: "<java.lang.String: java.lang.String valueOf(char[],int,int)>", from: 0, to: result }
+  - { method: "<java.lang.String: java.lang.String valueOf(double)>", from: 0, to: result }
+  - { method: "<java.lang.String: java.lang.String valueOf(float)>", from: 0, to: result }
+  - { method: "<java.lang.String: java.lang.String valueOf(int)>", from: 0, to: result }
+  - { method: "<java.lang.String: java.lang.String valueOf(long)>", from: 0, to: result }
+  - { method: "<java.lang.String: java.lang.String valueOf(java.lang.Object)>", from: 0, to: result }
+
+  - { method: "<java.lang.StringBuffer: void <init>(java.lang.String)>", from: 0, to: base }
+  - { method: "<java.lang.StringBuffer: void <init>(java.lang.CharSequence)>", from: 0, to: base }
+
+  - { method: "<java.lang.StringBuffer: java.lang.StringBuffer append(boolean)>", from: 0, to: base }
+  - { method: "<java.lang.StringBuffer: java.lang.StringBuffer append(char)>", from: 0, to: base }
+  - { method: "<java.lang.StringBuffer: java.lang.StringBuffer append(int)>", from: 0, to: base }
+  - { method: "<java.lang.StringBuffer: java.lang.StringBuffer append(long)>", from: 0, to: base }
+  - { method: "<java.lang.StringBuffer: java.lang.StringBuffer append(char[])>", from: 0, to: base }
+  - { method: "<java.lang.StringBuffer: java.lang.StringBuffer append(char[],int,int)>", from: 0, to: base }
+  - { method: "<java.lang.StringBuffer: java.lang.StringBuffer append(double)>", from: 0, to: base }
+  - { method: "<java.lang.StringBuffer: java.lang.StringBuffer append(float)>", from: 0, to: base }
+  - { method: "<java.lang.StringBuffer: java.lang.StringBuffer append(java.lang.CharSequence)>", from: 0, to: base }
+  - { method: "<java.lang.StringBuffer: java.lang.StringBuffer append(java.lang.CharSequence,int,int)>", from: 0, to: base }
+  - { method: "<java.lang.StringBuffer: java.lang.StringBuffer append(java.lang.Object)>", from: 0, to: base }
+  - { method: "<java.lang.StringBuffer: java.lang.StringBuffer append(java.lang.String)>", from: 0, to: base }
+  - { method: "<java.lang.StringBuffer: java.lang.StringBuffer append(java.lang.StringBuffer)>", from: 0, to: base }
+  - { method: "<java.lang.StringBuffer: java.lang.StringBuffer appendCodePoint(int)>", from: 0, to: base }
+
+  - { method: "<java.lang.StringBuffer: char charAt(int)>", from: base, to: result }
+
+  - { method: "<java.lang.StringBuffer: void getChars(int,int,char[],int)>", from: base, to: 2 }
+
+  - { method: "<java.lang.StringBuffer: int codePointAt(int)>", from: base, to: result }
+  - { method: "<java.lang.StringBuffer: int codePointBefore(int)>", from: base, to: result }
+
+  - { method: "<java.lang.StringBuffer: java.lang.StringBuffer insert(int,boolean)>", from: 1, to: base }
+  - { method: "<java.lang.StringBuffer: java.lang.StringBuffer insert(int,char)>", from: 1, to: base }
+  - { method: "<java.lang.StringBuffer: java.lang.StringBuffer insert(int,char[])>", from: 1, to: base }
+  - { method: "<java.lang.StringBuffer: java.lang.StringBuffer insert(int,char[],int,int)>", from: 1, to: base }
+  - { method: "<java.lang.StringBuffer: java.lang.StringBuffer insert(int,double)>", from: 1, to: base }
+  - { method: "<java.lang.StringBuffer: java.lang.StringBuffer insert(int,float)>", from: 1, to: base }
+  - { method: "<java.lang.StringBuffer: java.lang.StringBuffer insert(int,int)>", from: 1, to: base }
+  - { method: "<java.lang.StringBuffer: java.lang.StringBuffer insert(int,long)>", from: 1, to: base }
+  - { method: "<java.lang.StringBuffer: java.lang.StringBuffer insert(int,java.lang.CharSequence)>", from: 1, to: base }
+  - { method: "<java.lang.StringBuffer: java.lang.StringBuffer insert(int,java.lang.CharSequence,int,int)>", from: 1, to: base }
+  - { method: "<java.lang.StringBuffer: java.lang.StringBuffer insert(int,java.lang.Object)>", from: 1, to: base }
+  - { method: "<java.lang.StringBuffer: java.lang.StringBuffer insert(int,java.lang.String)>", from: 1, to: base }
+
+  - { method: "<java.lang.StringBuffer: java.lang.StringBuffer replace(int,int,java.lang.String)>", from: 2, to: base }
+
+  - { method: "<java.lang.StringBuffer: void setCharAt(int,char)>", from: 1, to: base }
+
+  - { method: "<java.lang.StringBuffer: java.lang.CharSequence subSequence(int,int)>", from: base, to: result, type: "java.lang.String" }
+
+  - { method: "<java.lang.StringBuffer: java.lang.String substring(int)>", from: base, to: result }
+  - { method: "<java.lang.StringBuffer: java.lang.String substring(int,int)>", from: base, to: result }
+
+  - { method: "<java.lang.StringBuffer: java.lang.String toString()>", from: base, to: result }
+
+  - { method: "<java.lang.StringBuilder: void <init>(java.lang.String)>", from: 0, to: base }
+  - { method: "<java.lang.StringBuilder: void <init>(java.lang.CharSequence)>", from: 0, to: base }
+
+  - { method: "<java.lang.StringBuilder: java.lang.StringBuilder append(boolean)>", from: 0, to: base }
+  - { method: "<java.lang.StringBuilder: java.lang.StringBuilder append(char)>", from: 0, to: base }
+  - { method: "<java.lang.StringBuilder: java.lang.StringBuilder append(int)>", from: 0, to: base }
+  - { method: "<java.lang.StringBuilder: java.lang.StringBuilder append(long)>", from: 0, to: base }
+  - { method: "<java.lang.StringBuilder: java.lang.StringBuilder append(char[])>", from: 0, to: base }
+  - { method: "<java.lang.StringBuilder: java.lang.StringBuilder append(char[],int,int)>", from: 0, to: base }
+  - { method: "<java.lang.StringBuilder: java.lang.StringBuilder append(double)>", from: 0, to: base }
+  - { method: "<java.lang.StringBuilder: java.lang.StringBuilder append(float)>", from: 0, to: base }
+  - { method: "<java.lang.StringBuilder: java.lang.StringBuilder append(java.lang.CharSequence)>", from: 0, to: base }
+  - { method: "<java.lang.StringBuilder: java.lang.StringBuilder append(java.lang.CharSequence,int,int)>", from: 0, to: base }
+  - { method: "<java.lang.StringBuilder: java.lang.StringBuilder append(java.lang.Object)>", from: 0, to: base }
+  - { method: "<java.lang.StringBuilder: java.lang.StringBuilder append(java.lang.String)>", from: 0, to: base }
+  - { method: "<java.lang.StringBuilder: java.lang.StringBuilder append(java.lang.StringBuffer)>", from: 0, to: base }
+  - { method: "<java.lang.StringBuilder: java.lang.StringBuilder appendCodePoint(int)>", from: 0, to: base }
+
+  - { method: "<java.lang.StringBuilder: char charAt(int)>", from: base, to: result }
+
+  - { method: "<java.lang.StringBuilder: void getChars(int,int,char[],int)>", from: base, to: 2 }
+
+  - { method: "<java.lang.StringBuilder: int codePointAt(int)>", from: base, to: result }
+  - { method: "<java.lang.StringBuilder: int codePointBefore(int)>", from: base, to: result }
+
+  - { method: "<java.lang.StringBuilder: java.lang.StringBuilder insert(int,boolean)>", from: 1, to: base }
+  - { method: "<java.lang.StringBuilder: java.lang.StringBuilder insert(int,char)>", from: 1, to: base }
+  - { method: "<java.lang.StringBuilder: java.lang.StringBuilder insert(int,char[])>", from: 1, to: base }
+  - { method: "<java.lang.StringBuilder: java.lang.StringBuilder insert(int,char[],int,int)>", from: 1, to: base }
+  - { method: "<java.lang.StringBuilder: java.lang.StringBuilder insert(int,double)>", from: 1, to: base }
+  - { method: "<java.lang.StringBuilder: java.lang.StringBuilder insert(int,float)>", from: 1, to: base }
+  - { method: "<java.lang.StringBuilder: java.lang.StringBuilder insert(int,int)>", from: 1, to: base }
+  - { method: "<java.lang.StringBuilder: java.lang.StringBuilder insert(int,long)>", from: 1, to: base }
+  - { method: "<java.lang.StringBuilder: java.lang.StringBuilder insert(int,java.lang.CharSequence)>", from: 1, to: base }
+  - { method: "<java.lang.StringBuilder: java.lang.StringBuilder insert(int,java.lang.CharSequence,int,int)>", from: 1, to: base }
+  - { method: "<java.lang.StringBuilder: java.lang.StringBuilder insert(int,java.lang.Object)>", from: 1, to: base }
+  - { method: "<java.lang.StringBuilder: java.lang.StringBuilder insert(int,java.lang.String)>", from: 1, to: base }
+
+  - { method: "<java.lang.StringBuilder: java.lang.StringBuilder replace(int,int,java.lang.String)>", from: 2, to: base }
+
+  - { method: "<java.lang.StringBuilder: void setCharAt(int,char)>", from: 1, to: base }
+
+  - { method: "<java.lang.StringBuilder: java.lang.CharSequence subSequence(int,int)>", from: base, to: result, type: "java.lang.String" }
+
+  - { method: "<java.lang.StringBuilder: java.lang.String substring(int)>", from: base, to: result }
+  - { method: "<java.lang.StringBuilder: java.lang.String substring(int,int)>", from: base, to: result }
+
+  - { method: "<java.lang.StringBuilder: java.lang.String toString()>", from: base, to: result }