From 679912c79a879dfc8bdf419a9df69726a873c40d Mon Sep 17 00:00:00 2001
From: Xiao Yinning <211220110@smail.nju.edu.cn>
Date: Wed, 25 Dec 2024 15:33:08 +0000
Subject: [PATCH 1/9] add taint-specification-collection

Co-authored-by: auroraberry <2507097782@qq.com>
Co-authored-by: Isla-top <211220177@smail.nju.edu.cn>
---
 .../README.adoc                               | 116 ++++++++++++
 .../infoleak/infoleak.yml                     |   5 +
 .../infoleak/sink/java-io/README.adoc         |  10 +
 .../infoleak/sink/java-io/java-io.yml         | 172 +++++++++++++++++
 .../infoleak/source/java/README.adoc          |  15 ++
 .../infoleak/source/java/java-io.yml          | 137 ++++++++++++++
 .../infoleak/source/java/java-lang-system.yml |   6 +
 .../infoleak/source/java/java-net.yml         |  45 +++++
 .../infoleak/source/java/java-sql.yml         |   5 +
 .../android/sql-injection/ContentProvider.yml |   5 +
 .../android/sql-injection/DatabaseUtils.yml   |   6 +
 .../sink/android/sql-injection/README.adoc    |  10 +
 .../android/sql-injection/SQLiteDatabase.yml  |  58 ++++++
 .../sql-injection/SQLiteQueryBuilder.yml      |  45 +++++
 .../apache-Xalan/xpath-injection/README.adoc  |  10 +
 .../apache-Xalan/xpath-injection/xpath.yml    |  10 +
 .../apache-log4j/log4j_1x/crlf/Category.yml   |  18 ++
 .../apache-log4j/log4j_1x/crlf/Logger.yml     |  20 ++
 .../apache-log4j/log4j_1x/crlf/README.adoc    |  12 ++
 .../sink/apache-log4j/log4j_2/crlf/Logger.yml | 104 ++++++++++
 .../apache-log4j/log4j_2/crlf/README.adoc     |  11 ++
 .../xpath/RAEDME.adoc                         |  11 ++
 .../xpath/xpath.yml                           |   5 +
 .../apache-struts/file-disclosure/README.adoc |  11 ++
 .../struts-file-disclosure.yml                |   6 +
 .../apache-struts/ognl-injection/OgnlUtil.yml |  20 ++
 .../apache-struts/ognl-injection/README.adoc  |  11 ++
 .../ognl-injection/TextParseUtil.yml          |  13 ++
 .../ognl-injection/reflection-relative.yml    |  29 +++
 .../sink/apache-struts/other/other.yml        |  25 +++
 .../apache-turbine/sql-injection/README.adoc  |  10 +
 .../sql-injection/sql-turbine.yml             |  14 ++
 .../attribute-injection/README.adoc           |  10 +
 .../beanutils2/attribute-injection/beans.yml  |  14 ++
 .../apahce-commons/logging/crlf/README.adoc   |  10 +
 .../apahce-commons/logging/crlf/crlf-logs.yml |  13 ++
 .../injection/sink/java/crlf/README.adoc      |  10 +
 .../injection/sink/java/crlf/crlf-logs.yml    |  89 +++++++++
 .../sink/java/path-traversal/README.adoc      |  10 +
 .../java/path-traversal/path-traversal.yml    |  36 ++++
 .../injection/sink/java/rce/README.adoc       |  10 +
 .../injection/sink/java/rce/command.yml       |  17 ++
 .../sink/java/sql-injection/sql-jdbc.yml      |  13 ++
 .../sink/java/xpath-injection/README.adoc     |  10 +
 .../sink/java/xpath-injection/xpath.yml       |  10 +
 .../injection/sink/java/xss/README.adoc       |  10 +
 .../injection/sink/java/xss/formatter.yml     |  13 ++
 .../injection/sink/java/xss/output.yml        |  23 +++
 .../sink/javax/ldap-injection/README.adoc     |  10 +
 .../sink/javax/ldap-injection/ldap.yml        |  54 ++++++
 .../injection/sink/javax/other/el.yml         |   3 +
 .../sink/javax/other/response-splitting.yml   |  13 ++
 .../sink/javax/other/script-engine.yml        |   2 +
 .../injection/sink/javax/other/smtp.yml       |   6 +
 .../javax/other/trust-boundary-violation.yml  |   6 +
 .../injection/sink/javax/other/xslt.yml       |   2 +
 .../sink/javax/sql-injection/README.adoc      |  10 +
 .../sink/javax/sql-injection/sql-jdo.yml      |  10 +
 .../sink/javax/sql-injection/sql-jpa.yml      |   7 +
 .../sink/javax/xpath-injection/README.adoc    |  10 +
 .../sink/javax/xpath-injection/xpath.yml      |   7 +
 .../injection/sink/javax/xss/README.adoc      |  10 +
 .../injection/sink/javax/xss/output.yml       |  24 +++
 .../sink/javax/xss/request-dispatcher.yml     |   3 +
 .../injection/sink/slf4j/crlf/README.adoc     |  10 +
 .../injection/sink/slf4j/crlf/crlf-logs.yml   |  91 +++++++++
 .../sink/spring-framework/beans/README.adoc   |  10 +
 .../sink/spring-framework/beans/beans.yml     |   5 +
 .../file-disclosure/README.adoc               |  10 +
 .../spring-file-disclosure.yml                |   5 +
 .../ldap-injection/README.adoc                |  10 +
 .../spring-framework/ldap-injection/ldap.yml  |  74 ++++++++
 .../spel-inejction/README.adoc                |  10 +
 .../spel-inejction/spring-expression.yml      |  10 +
 .../sql-injection/README.adoc                 |  10 +
 .../sql-injection/sql-spring.yml              |  30 +++
 .../injection/sink/tinylog/crlf/README.adoc   |  10 +
 .../injection/sink/tinylog/crlf/crlf-logs.yml |  21 ++
 .../source/apache-struts2/README.adoc         |   7 +
 .../source/apache-struts2/struts2.yml         |   2 +
 .../source/apache-wicket/README.adoc          |   7 +
 .../injection/source/apache-wicket/wicket.yml |  28 +++
 .../injection/source/dropwizard/README.adoc   |   8 +
 .../dropwizard-jersey/dropwizard-jersey.yml   |   2 +
 .../dropwizard-servlet.yml                    |  10 +
 .../injection/source/java/README.adoc         |   8 +
 .../injection/source/java/java-awt.yml        |   3 +
 .../injection/source/java/java-io.yml         |   8 +
 .../injection/source/java/java-net.yml        |  26 +++
 .../source/java/java-util-Scanner.yml         |  12 ++
 .../injection/source/javax/README.adoc        |   8 +
 .../javax/javax-portlet/PortletRequest.yml    |  18 ++
 .../javax/javax-portlet/portlet-other.yml     |  14 ++
 .../source/javax/javax-servlet/Cookie.yml     |   6 +
 .../javax-servlet/HttpServletRequest.yml      |  44 +++++
 .../HttpServletRequestWrapper.yml             |  20 ++
 .../javax/javax-servlet/ServletRequest.yml    |  11 ++
 .../javax-servlet/ServletRequestWrapper.yml   |   9 +
 .../source/javax/javax-swing/swing.yml        |   4 +
 .../injection/source/jetty/README.adoc        |   8 +
 .../source/jetty/jetty-http/jetty-http.yml    |  27 +++
 .../jetty/jetty-server/jetty-server.yml       |  26 +++
 .../jetty/jetty-session/jetty-session.yml     |   2 +
 .../injection/source/sonarqube/README.adoc    |   7 +
 .../sonarqube/sonarqube-ws/sonarqube-ws.yml   |  22 +++
 .../transfer/string-transfers.yml             | 179 ++++++++++++++++++
 106 files changed, 2282 insertions(+)
 create mode 100644 src/main/resources/taint-specification-collection/README.adoc
 create mode 100644 src/main/resources/taint-specification-collection/infoleak/infoleak.yml
 create mode 100644 src/main/resources/taint-specification-collection/infoleak/sink/java-io/README.adoc
 create mode 100644 src/main/resources/taint-specification-collection/infoleak/sink/java-io/java-io.yml
 create mode 100644 src/main/resources/taint-specification-collection/infoleak/source/java/README.adoc
 create mode 100644 src/main/resources/taint-specification-collection/infoleak/source/java/java-io.yml
 create mode 100644 src/main/resources/taint-specification-collection/infoleak/source/java/java-lang-system.yml
 create mode 100644 src/main/resources/taint-specification-collection/infoleak/source/java/java-net.yml
 create mode 100644 src/main/resources/taint-specification-collection/infoleak/source/java/java-sql.yml
 create mode 100644 src/main/resources/taint-specification-collection/injection/sink/android/sql-injection/ContentProvider.yml
 create mode 100644 src/main/resources/taint-specification-collection/injection/sink/android/sql-injection/DatabaseUtils.yml
 create mode 100644 src/main/resources/taint-specification-collection/injection/sink/android/sql-injection/README.adoc
 create mode 100644 src/main/resources/taint-specification-collection/injection/sink/android/sql-injection/SQLiteDatabase.yml
 create mode 100644 src/main/resources/taint-specification-collection/injection/sink/android/sql-injection/SQLiteQueryBuilder.yml
 create mode 100644 src/main/resources/taint-specification-collection/injection/sink/apache-Xalan/xpath-injection/README.adoc
 create mode 100644 src/main/resources/taint-specification-collection/injection/sink/apache-Xalan/xpath-injection/xpath.yml
 create mode 100644 src/main/resources/taint-specification-collection/injection/sink/apache-log4j/log4j_1x/crlf/Category.yml
 create mode 100644 src/main/resources/taint-specification-collection/injection/sink/apache-log4j/log4j_1x/crlf/Logger.yml
 create mode 100644 src/main/resources/taint-specification-collection/injection/sink/apache-log4j/log4j_1x/crlf/README.adoc
 create mode 100644 src/main/resources/taint-specification-collection/injection/sink/apache-log4j/log4j_2/crlf/Logger.yml
 create mode 100644 src/main/resources/taint-specification-collection/injection/sink/apache-log4j/log4j_2/crlf/README.adoc
 create mode 100644 src/main/resources/taint-specification-collection/injection/sink/apache-santuario-xml-security/xpath/RAEDME.adoc
 create mode 100644 src/main/resources/taint-specification-collection/injection/sink/apache-santuario-xml-security/xpath/xpath.yml
 create mode 100644 src/main/resources/taint-specification-collection/injection/sink/apache-struts/file-disclosure/README.adoc
 create mode 100644 src/main/resources/taint-specification-collection/injection/sink/apache-struts/file-disclosure/struts-file-disclosure.yml
 create mode 100644 src/main/resources/taint-specification-collection/injection/sink/apache-struts/ognl-injection/OgnlUtil.yml
 create mode 100644 src/main/resources/taint-specification-collection/injection/sink/apache-struts/ognl-injection/README.adoc
 create mode 100644 src/main/resources/taint-specification-collection/injection/sink/apache-struts/ognl-injection/TextParseUtil.yml
 create mode 100644 src/main/resources/taint-specification-collection/injection/sink/apache-struts/ognl-injection/reflection-relative.yml
 create mode 100644 src/main/resources/taint-specification-collection/injection/sink/apache-struts/other/other.yml
 create mode 100644 src/main/resources/taint-specification-collection/injection/sink/apache-turbine/sql-injection/README.adoc
 create mode 100644 src/main/resources/taint-specification-collection/injection/sink/apache-turbine/sql-injection/sql-turbine.yml
 create mode 100644 src/main/resources/taint-specification-collection/injection/sink/apahce-commons/beanutils2/attribute-injection/README.adoc
 create mode 100644 src/main/resources/taint-specification-collection/injection/sink/apahce-commons/beanutils2/attribute-injection/beans.yml
 create mode 100644 src/main/resources/taint-specification-collection/injection/sink/apahce-commons/logging/crlf/README.adoc
 create mode 100644 src/main/resources/taint-specification-collection/injection/sink/apahce-commons/logging/crlf/crlf-logs.yml
 create mode 100644 src/main/resources/taint-specification-collection/injection/sink/java/crlf/README.adoc
 create mode 100644 src/main/resources/taint-specification-collection/injection/sink/java/crlf/crlf-logs.yml
 create mode 100644 src/main/resources/taint-specification-collection/injection/sink/java/path-traversal/README.adoc
 create mode 100644 src/main/resources/taint-specification-collection/injection/sink/java/path-traversal/path-traversal.yml
 create mode 100644 src/main/resources/taint-specification-collection/injection/sink/java/rce/README.adoc
 create mode 100644 src/main/resources/taint-specification-collection/injection/sink/java/rce/command.yml
 create mode 100644 src/main/resources/taint-specification-collection/injection/sink/java/sql-injection/sql-jdbc.yml
 create mode 100644 src/main/resources/taint-specification-collection/injection/sink/java/xpath-injection/README.adoc
 create mode 100644 src/main/resources/taint-specification-collection/injection/sink/java/xpath-injection/xpath.yml
 create mode 100644 src/main/resources/taint-specification-collection/injection/sink/java/xss/README.adoc
 create mode 100644 src/main/resources/taint-specification-collection/injection/sink/java/xss/formatter.yml
 create mode 100644 src/main/resources/taint-specification-collection/injection/sink/java/xss/output.yml
 create mode 100644 src/main/resources/taint-specification-collection/injection/sink/javax/ldap-injection/README.adoc
 create mode 100644 src/main/resources/taint-specification-collection/injection/sink/javax/ldap-injection/ldap.yml
 create mode 100644 src/main/resources/taint-specification-collection/injection/sink/javax/other/el.yml
 create mode 100644 src/main/resources/taint-specification-collection/injection/sink/javax/other/response-splitting.yml
 create mode 100644 src/main/resources/taint-specification-collection/injection/sink/javax/other/script-engine.yml
 create mode 100644 src/main/resources/taint-specification-collection/injection/sink/javax/other/smtp.yml
 create mode 100644 src/main/resources/taint-specification-collection/injection/sink/javax/other/trust-boundary-violation.yml
 create mode 100644 src/main/resources/taint-specification-collection/injection/sink/javax/other/xslt.yml
 create mode 100644 src/main/resources/taint-specification-collection/injection/sink/javax/sql-injection/README.adoc
 create mode 100644 src/main/resources/taint-specification-collection/injection/sink/javax/sql-injection/sql-jdo.yml
 create mode 100644 src/main/resources/taint-specification-collection/injection/sink/javax/sql-injection/sql-jpa.yml
 create mode 100644 src/main/resources/taint-specification-collection/injection/sink/javax/xpath-injection/README.adoc
 create mode 100644 src/main/resources/taint-specification-collection/injection/sink/javax/xpath-injection/xpath.yml
 create mode 100644 src/main/resources/taint-specification-collection/injection/sink/javax/xss/README.adoc
 create mode 100644 src/main/resources/taint-specification-collection/injection/sink/javax/xss/output.yml
 create mode 100644 src/main/resources/taint-specification-collection/injection/sink/javax/xss/request-dispatcher.yml
 create mode 100644 src/main/resources/taint-specification-collection/injection/sink/slf4j/crlf/README.adoc
 create mode 100644 src/main/resources/taint-specification-collection/injection/sink/slf4j/crlf/crlf-logs.yml
 create mode 100644 src/main/resources/taint-specification-collection/injection/sink/spring-framework/beans/README.adoc
 create mode 100644 src/main/resources/taint-specification-collection/injection/sink/spring-framework/beans/beans.yml
 create mode 100644 src/main/resources/taint-specification-collection/injection/sink/spring-framework/file-disclosure/README.adoc
 create mode 100644 src/main/resources/taint-specification-collection/injection/sink/spring-framework/file-disclosure/spring-file-disclosure.yml
 create mode 100644 src/main/resources/taint-specification-collection/injection/sink/spring-framework/ldap-injection/README.adoc
 create mode 100644 src/main/resources/taint-specification-collection/injection/sink/spring-framework/ldap-injection/ldap.yml
 create mode 100644 src/main/resources/taint-specification-collection/injection/sink/spring-framework/spel-inejction/README.adoc
 create mode 100644 src/main/resources/taint-specification-collection/injection/sink/spring-framework/spel-inejction/spring-expression.yml
 create mode 100644 src/main/resources/taint-specification-collection/injection/sink/spring-framework/sql-injection/README.adoc
 create mode 100644 src/main/resources/taint-specification-collection/injection/sink/spring-framework/sql-injection/sql-spring.yml
 create mode 100644 src/main/resources/taint-specification-collection/injection/sink/tinylog/crlf/README.adoc
 create mode 100644 src/main/resources/taint-specification-collection/injection/sink/tinylog/crlf/crlf-logs.yml
 create mode 100644 src/main/resources/taint-specification-collection/injection/source/apache-struts2/README.adoc
 create mode 100644 src/main/resources/taint-specification-collection/injection/source/apache-struts2/struts2.yml
 create mode 100644 src/main/resources/taint-specification-collection/injection/source/apache-wicket/README.adoc
 create mode 100644 src/main/resources/taint-specification-collection/injection/source/apache-wicket/wicket.yml
 create mode 100644 src/main/resources/taint-specification-collection/injection/source/dropwizard/README.adoc
 create mode 100644 src/main/resources/taint-specification-collection/injection/source/dropwizard/dropwizard-jersey/dropwizard-jersey.yml
 create mode 100644 src/main/resources/taint-specification-collection/injection/source/dropwizard/dropwizard-servlets/dropwizard-servlet.yml
 create mode 100644 src/main/resources/taint-specification-collection/injection/source/java/README.adoc
 create mode 100644 src/main/resources/taint-specification-collection/injection/source/java/java-awt.yml
 create mode 100644 src/main/resources/taint-specification-collection/injection/source/java/java-io.yml
 create mode 100644 src/main/resources/taint-specification-collection/injection/source/java/java-net.yml
 create mode 100644 src/main/resources/taint-specification-collection/injection/source/java/java-util-Scanner.yml
 create mode 100644 src/main/resources/taint-specification-collection/injection/source/javax/README.adoc
 create mode 100644 src/main/resources/taint-specification-collection/injection/source/javax/javax-portlet/PortletRequest.yml
 create mode 100644 src/main/resources/taint-specification-collection/injection/source/javax/javax-portlet/portlet-other.yml
 create mode 100644 src/main/resources/taint-specification-collection/injection/source/javax/javax-servlet/Cookie.yml
 create mode 100644 src/main/resources/taint-specification-collection/injection/source/javax/javax-servlet/HttpServletRequest.yml
 create mode 100644 src/main/resources/taint-specification-collection/injection/source/javax/javax-servlet/HttpServletRequestWrapper.yml
 create mode 100644 src/main/resources/taint-specification-collection/injection/source/javax/javax-servlet/ServletRequest.yml
 create mode 100644 src/main/resources/taint-specification-collection/injection/source/javax/javax-servlet/ServletRequestWrapper.yml
 create mode 100644 src/main/resources/taint-specification-collection/injection/source/javax/javax-swing/swing.yml
 create mode 100644 src/main/resources/taint-specification-collection/injection/source/jetty/README.adoc
 create mode 100644 src/main/resources/taint-specification-collection/injection/source/jetty/jetty-http/jetty-http.yml
 create mode 100644 src/main/resources/taint-specification-collection/injection/source/jetty/jetty-server/jetty-server.yml
 create mode 100644 src/main/resources/taint-specification-collection/injection/source/jetty/jetty-session/jetty-session.yml
 create mode 100644 src/main/resources/taint-specification-collection/injection/source/sonarqube/README.adoc
 create mode 100644 src/main/resources/taint-specification-collection/injection/source/sonarqube/sonarqube-ws/sonarqube-ws.yml
 create mode 100644 src/main/resources/taint-specification-collection/transfer/string-transfers.yml

diff --git a/src/main/resources/taint-specification-collection/README.adoc b/src/main/resources/taint-specification-collection/README.adoc
new file mode 100644
index 000000000..a8ddaa8c2
--- /dev/null
+++ b/src/main/resources/taint-specification-collection/README.adoc
@@ -0,0 +1,116 @@
+= Taint Specification Collection
+
+
+== 目录
+
+* <<#什么是 Taint Specification Collection?, 什么是 Taint Specification Collection?>>
+* <<#如何使用 Taint Specification Collection?, 如何使用 Taint Specification Collection?>>
+* <<#项目结构, 项目结构>>
+* <<#示例, 示例>>
+
+
+== 什么是 Taint Specification Collection?
+
+`Taint Specification Collection` 是专为静态分析工具 `Tai-e` 中的污点分析提供的配置文件集合，旨在为常见漏洞的安全分析提供支持。该集合涵盖了多种常见漏洞类型的污点规范，具体包括 `source`、`sink` 和 `transfer`。为了方便用户查询和选择，污点规范根据软件包和相关漏洞类型进行了结构化分类，从而为污点分析提供了全面的配置方案。当前，该集合包含 406 条 `source` 配置、995 条 `sink` 配置和 138 条 `transfer` 配置，用户可以根据不同需求灵活使用和扩展。
+
+
+== 如何使用 Taint Specification Collection?
+
+`Taint Specification Collection` 中配置文件使用 `YAML` 格式（文件扩展名为 `.yaml` 或 `.yml`），便于用户阅读和编辑。用户可以直接将集合中的配置文件集成到 `Tai-e` 污点分析工具的 `taint-config.yml` 配置中，或者根据实际需求对其进行修改和扩展，从而更好地满足特定的分析需求。
+
+
+[NOTE]
+====
+* 有关如何正确配置 `Tai-e` 污点分析，请参考 link:https://tai-e.pascal-lab.net/docs/0.2.2/reference/en/taint-analysis.html#configuring-taint-analysis[Configuring Taint Analysis]。
+
+* 项目中注释的配置表示接口方法。实际使用时，请根据 `Tai-e` 污点分析配置的格式，手动填写对应实现方法的配置信息。
+====
+
+
+== 项目结构
+
+本项目的文件组织结构如下：
+
+[source]
+----
+taint-specification-collection
+|
+├─ infoleak     
+│   ├─ sink                 contains 141 sinks
+│   │   └─ java-io
+|   |
+│   └─ source               contains 158 sources
+│   |   └─ java
+|
+├─ injection                contains 854 sinks
+│   ├─ sink
+│   │   ├─ android
+│   │   │   └─ sql-injection
+│   |   |
+│   │   ├─ java
+│   │   │   ├─ crlf
+│   │   │   ├─ path-traversal
+│   │   │   ├─ rce
+│   │   │   └─ ...
+|   |   |
+│   │   └─ ...
+|   |
+│   └─ source               contains 248 sources
+│   |   ├─ apache-struts2
+|   |   |
+│   |   ├─ javax
+|   |   |   ├─ javax-portlet
+|   |   |   ├─ javax-servlet
+|   |   |   └─ javax-swing
+|   |   |
+│   |   └─ ...    
+|
+└─transfer                  contains 138 transfers about String
+----
+
+该项目首先对配置文件进行了分类，分为三个一级类别：`infoleak`、`injection` 和 `transfer`。
+
+* `infoleak` 类别：包含与信息泄露漏洞相关的配置，进一步细分为两个二级目录：
+  ** `source`：按软件包名进行分类。
+  ** `sink`：按软件包名进行分类。
+* `injection` 类别：包含与注入漏洞相关的配置，同样细分为两个二级目录：
+  ** `source`：按软件包名进行分类。
+  ** `sink`：根据漏洞类型进行分类。
+* `transfer` 类别：包含常用的 `transfer` 配置。
+
+由于 `source` 和 `sink` 的配置内容较多，为了帮助用户快速定位所需配置，我们采用了这种分类方式。除此以外，每个文件的叶子目录下还包含相应配置的 `README` 文件，供用户参考。
+
+
+
+== 示例
+
+以下是如何使用本集合配置文件的示例。假设用户需要查找与 `RCE(Remote Code Execution，CWE-94)` 类型注入漏洞相关的配置，针对使用 `Jetty` 软件库的待测试程序，可以按以下步骤修改 `taint-config.yml` 配置文件：
+
+1. 将 `taint-specification-collection/injection/source/jetty/jetty-http/jetty-http.yml` 文件中的 *Jetty 软件库* 相关的 `source` 配置添加到 `taint-config.yml`。
+2. 将 `taint-specification-collection/injection/sink/java/rce/command.yml` 文件中的 *RCE 类型注入漏洞* 相关的 `sink` 配置添加到 `taint-config.yml`。
+3. 将 `taint-specification-collection/transfer/string-transfers.yml` 文件中的关于 *String 类型* 的 `transfer` 配置添加到 `taint-config.yml`。
+
+示例 `taint-config.yml` 配置如下：
+
+```YAML
+source:
+  - { kind: call, method: "<org.eclipse.jetty.http.HttpCookie: java.lang.String getName()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<org.eclipse.jetty.http.HttpCookie: java.lang.String getValue()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<org.eclipse.jetty.http.HttpCookie: java.lang.String asString()>", index: result, type: "java.lang.String" }
+#...
+
+sinks:
+  - { method: "<java.lang.Runtime: java.lang.Process exec(java.lang.String)>", index: 0 }
+  - { method: "<java.lang.Runtime: java.lang.Process exec(java.lang.String[])>", index: 0 }
+  - { method: "<java.lang.Runtime: java.lang.Process exec(java.lang.String, java.lang.String[])>", index: 0 }
+#...
+
+transfer:
+  - { method: "<java.lang.String: java.lang.String substring(int)>", from: base, to: result }
+  - { method: "<java.lang.String: java.lang.String substring(int,int)>", from: base, to: result }
+#...
+```
+
+完成以上配置后，用户就可以使用 `Tai-e` 工具对待测试程序进行污点分析，以检测 `Jetty` 软件库作为入口导致的 `RCE` 类型漏洞。(＾▽＾)
+
+
diff --git a/src/main/resources/taint-specification-collection/infoleak/infoleak.yml b/src/main/resources/taint-specification-collection/infoleak/infoleak.yml
new file mode 100644
index 000000000..9f20e31ec
--- /dev/null
+++ b/src/main/resources/taint-specification-collection/infoleak/infoleak.yml
@@ -0,0 +1,5 @@
+- bugType: io_leak
+  severity: CRITICAL
+  description: Find potential io_leak
+  configPath: src/main/resources/security/taint/infoleak/config/sink/io.yml
+
diff --git a/src/main/resources/taint-specification-collection/infoleak/sink/java-io/README.adoc b/src/main/resources/taint-specification-collection/infoleak/sink/java-io/README.adoc
new file mode 100644
index 000000000..b208f0ef8
--- /dev/null
+++ b/src/main/resources/taint-specification-collection/infoleak/sink/java-io/README.adoc
@@ -0,0 +1,10 @@
+= Description
+
+- **Overview**: 
+    The sinks in this directory are composed of output-related APIs from the Java standard library's `io` package, primarily including the `write` functions in various output component classes.
+
+- **Common Use Cases**:
+    These APIs are commonly used to output data carried by parameters to specified locations, such as files or command lines.
+
+- **Security Risks**:
+    Information Disclosure: Attackers can use these APIs to output sensitive information to a specified location, allowing them to exploit the acquired data for illegal activities such as extortion.
\ No newline at end of file
diff --git a/src/main/resources/taint-specification-collection/infoleak/sink/java-io/java-io.yml b/src/main/resources/taint-specification-collection/infoleak/sink/java-io/java-io.yml
new file mode 100644
index 000000000..c762ad10d
--- /dev/null
+++ b/src/main/resources/taint-specification-collection/infoleak/sink/java-io/java-io.yml
@@ -0,0 +1,172 @@
+sinks:
+  - { method: "<java.io.BufferedOutputStream: void write(byte[],int,int)>", index: 0 }
+  - { method: "<java.io.BufferedOutputStream: void write(int)>", index: 0 }
+
+  - { method: "<java.io.BufferedWriter: void write(char[],int,int)>", index: 0 }
+  - { method: "<java.io.BufferedWriter: void write(int)>", index: 0 }
+  - { method: "<java.io.BufferedWriter: void write(java.lang.String,int,int)>", index: 0 }
+
+  - { method: "<java.io.ByteArrayOutputStream: void write(byte[],int,int)>", index: 0 }
+  - { method: "<java.io.ByteArrayOutputStream: void write(int)>", index: 0 }
+  - { method: "<java.io.ByteArrayOutputStream: void writeTo(java.io.OutputStream)>", index: 0 }
+
+  - { method: "<java.io.CharArrayWriter: void write(char[],int,int)>", index: 0 }
+  - { method: "<java.io.CharArrayWriter: void write(int)>", index: 0 }
+  - { method: "<java.io.CharArrayWriter: void write(java.lang.String,int,int)>", index: 0 }
+  - { method: "<java.io.CharArrayWriter: void writeTo(java.io.Writer)>", index: 0 }
+  - { method: "<java.io.CharArrayWriter: java.lang.CharSequence append(java.lang.CharSequence)>", index: 0 }
+  - { method: "<java.io.CharArrayWriter: java.lang.CharSequence append(java.lang.CharSequence,int,int)>", index: 0 }
+  - { method: "<java.io.CharArrayWriter: java.lang.CharSequence append(char)>", index: 0 }
+
+
+  - { method: "<java.io.DataOutputStream: void write(int)>", index: 0 }
+  - { method: "<java.io.DataOutputStream: void write(byte[],int,int)>", index: 0 }
+  - { method: "<java.io.DataOutputStream: void writeBoolean(boolean)>", index: 0 }
+  - { method: "<java.io.DataOutputStream: void writeByte(int)>", index: 0 }
+  - { method: "<java.io.DataOutputStream: void writeBytes(java.lang.String)>", index: 0 }
+  - { method: "<java.io.DataOutputStream: void writeChar(int)>", index: 0 }
+  - { method: "<java.io.DataOutputStream: void writeChars(java.lang.String)>", index: 0 }
+  - { method: "<java.io.DataOutputStream: void writeDouble(double)>", index: 0 }
+  - { method: "<java.io.DataOutputStream: void writeFloat(float)>", index: 0 }
+  - { method: "<java.io.DataOutputStream: void writeInt(int)>", index: 0 }
+  - { method: "<java.io.DataOutputStream: void writeLong(long)>", index: 0 }
+  - { method: "<java.io.DataOutputStream: void writeShort(int)>", index: 0 }
+  - { method: "<java.io.DataOutputStream: void writeUTF(java.lang.String)>", index: 0 }
+
+  - { method: "<java.io.FileOutputStream: void write(byte[],int,int)>", index: 0 }
+  - { method: "<java.io.FileOutputStream: void write(int)>", index: 0 }
+  - { method: "<java.io.FileOutputStream: void write(byte[])>", index: 0 }
+
+  - { method: "<java.io.FilterOutputStream: void write(byte[])>", index: 0 }
+  - { method: "<java.io.FilterOutputStream: void write(byte[],int,int)>", index: 0 }
+  - { method: "<java.io.FilterOutputStream: void write(int)>", index: 0 }
+
+  - { method: "<java.io.ObjectOutputStream: void write(int)>", index: 0 }
+  - { method: "<java.io.ObjectOutputStream: void write(byte[])>", index: 0 }
+  - { method: "<java.io.ObjectOutputStream: void write(byte[],int,int)>", index: 0 }
+  - { method: "<java.io.ObjectOutputStream: void writeBoolean(boolean)>", index: 0 }
+  - { method: "<java.io.ObjectOutputStream: void writeByte(int)>", index: 0 }
+  - { method: "<java.io.ObjectOutputStream: void writeBytes(java.lang.String)>", index: 0 }
+  - { method: "<java.io.ObjectOutputStream: void writeChar(int)>", index: 0 }
+  - { method: "<java.io.ObjectOutputStream: void writeChars(java.lang.String)>", index: 0 }
+  - { method: "<java.io.ObjectOutputStream: void writeDouble(double)>", index: 0 }
+  - { method: "<java.io.ObjectOutputStream: void writeFloat(float)>", index: 0 }
+  - { method: "<java.io.ObjectOutputStream: void writeInt(int)>", index: 0 }
+  - { method: "<java.io.ObjectOutputStream: void writeLong(long)>", index: 0 }
+  - { method: "<java.io.ObjectOutputStream: void writeObject(java.lang.Object)>", index: 0 }
+  - { method: "<java.io.ObjectOutputStream: void writeShort(int)>", index: 0 }
+  - { method: "<java.io.ObjectOutputStream: void writeUTF(java.lang.String)>", index: 0 }
+  - { method: "<java.io.ObjectOutputStream: void defaultWriteObject()>", index: 0 }
+  - { method: "<java.io.ObjectOutputStream: void writeUnshared(java.lang.Object)>", index: 0 }
+
+  - { method: "<java.io.ObjectOutputStream.PutFiled: void put(java.lang.String,boolean)>", index: 0 }
+  - { method: "<java.io.ObjectOutputStream.PutFiled: void put(java.lang.String,byte)>", index: 0 }
+  - { method: "<java.io.ObjectOutputStream.PutFiled: void put(java.lang.String,char)>", index: 0 }
+  - { method: "<java.io.ObjectOutputStream.PutFiled: void put(java.lang.String,short)>", index: 0 }
+  - { method: "<java.io.ObjectOutputStream.PutFiled: void put(java.lang.String,int)>", index: 0 }
+  - { method: "<java.io.ObjectOutputStream.PutFiled: void put(java.lang.String,long)>", index: 0 }
+  - { method: "<java.io.ObjectOutputStream.PutFiled: void put(java.lang.String,float)>", index: 0 }
+  - { method: "<java.io.ObjectOutputStream.PutFiled: void put(java.lang.String,double)>", index: 0 }
+  - { method: "<java.io.ObjectOutputStream.PutFiled: void put(java.lang.String,java.lang.Object)>", index: 0 }
+  - { method: "<java.io.ObjectOutputStream.PutFiled: void write(java.io.ObjectOutput)>", index: 0 }
+
+  - { method: "<java.io.RandomAccessFile: void write(byte[],int,int)>", index: 0 }
+  - { method: "<java.io.RandomAccessFile: void write(int)>", index: 0 }
+  - { method: "<java.io.RandomAccessFile: void write(byte[])>", index: 0 }
+
+  - { method: "<java.io.OutputStream: void write(byte[],int,int)>", index: 0 }
+  - { method: "<java.io.OutputStream: void write(byte[])>", index: 0 }
+  - { method: "<java.io.OutputStream: void write(int)>", index: 0 }
+
+  - { method: "<java.io.OutputStreamWriter: void write(java.lang.String,int,int)>", index: 0 }
+  - { method: "<java.io.OutputStreamWriter: void write(char[],int,int)>", index: 0 }
+  - { method: "<java.io.OutputStreamWriter: void write(int)>", index: 0 }
+
+  - { method: "<java.io.PipedOutputStream: void write(byte[],int,int)>", index: 0 }
+  - { method: "<java.io.PipedOutputStream: void write(int)>", index: 0 }
+
+  - { method: "<java.io.PipedWriter: void write(char[],int,int)>", index: 0 }
+  - { method: "<java.io.PipedWriter: void write(int)>", index: 0 }
+
+  - { method: "<java.io.PrintStream: void print(boolean)>", index: 0 }
+  - { method: "<java.io.PrintStream: void print(char)>", index: 0 }
+  - { method: "<java.io.PrintStream: void print(int)>", index: 0 }
+  - { method: "<java.io.PrintStream: void print(long)>", index: 0 }
+  - { method: "<java.io.PrintStream: void print(float)>", index: 0 }
+  - { method: "<java.io.PrintStream: void print(double)>", index: 0 }
+  - { method: "<java.io.PrintStream: void print(char[])>", index: 0 }
+  - { method: "<java.io.PrintStream: void print(java.lang.String)>", index: 0 }
+  - { method: "<java.io.PrintStream: void print(java.lang.Object)>", index: 0 }
+
+  - { method: "<java.io.PrintStream: void println(boolean)>", index: 0 }
+  - { method: "<java.io.PrintStream: void println(char)>", index: 0 }
+  - { method: "<java.io.PrintStream: void println(int)>", index: 0 }
+  - { method: "<java.io.PrintStream: void println(long)>", index: 0 }
+  - { method: "<java.io.PrintStream: void println(float)>", index: 0 }
+  - { method: "<java.io.PrintStream: void println(double)>", index: 0 }
+  - { method: "<java.io.PrintStream: void println(char[])>", index: 0 }
+  - { method: "<java.io.PrintStream: void println(java.lang.String)>", index: 0 }
+  - { method: "<java.io.PrintStream: void println(java.lang.Object)>", index: 0 }
+
+  - { method: "<java.io.PrintStream: java.io.PrintStream printf(java.util.Locale,java.lang.String,java.lang.Object[])>", index: 2 }
+  - { method: "<java.io.PrintStream: java.io.PrintStream printf(java.lang.String,java.lang.Object[])>", index: 1 }
+
+  - { method: "<java.io.PrintStream: java.io.PrintStream append(java.lang.CharSequence)>", index: 0 }
+  - { method: "<java.io.PrintStream: java.io.PrintStream append(java.lang.CharSequence,int,int)>", index: 0 }
+  - { method: "<java.io.PrintStream: java.io.PrintStream append(char)>", index: 0 }
+
+  - { method: "<java.io.PrintStream: java.io.PrintStream format(java.lang.String,java.lang.Object[])>", index: 1 }
+  - { method: "<java.io.PrintStream: java.io.PrintStream format(java.util.Locale,java.lang.String,java.lang.Object[])>", index: 2 }
+
+  - { method: "<java.io.PrintStream: void write(int)>", index: 0 }
+  - { method: "<java.io.PrintStream: void write(byte[],int,int)>", index: 0 }
+
+
+  - { method: "<java.io.PrintWriter: void print(boolean)>", index: 0 }
+  - { method: "<java.io.PrintWriter: void print(char)>", index: 0 }
+  - { method: "<java.io.PrintWriter: void print(int)>", index: 0 }
+  - { method: "<java.io.PrintWriter: void print(long)>", index: 0 }
+  - { method: "<java.io.PrintWriter: void print(float)>", index: 0}
+
+  - { method: "<java.io.PrintWriter: void write(char[],int,int)>", index: 0 }
+  - { method: "<java.io.PrintWriter: void write(int)>", index: 0 }
+  - { method: "<java.io.PrintWriter: void write(java.lang.String,int,int)>", index: 0 }
+  - { method: "<java.io.PrintWriter: void write(java.lang.String)>", index: 0 }
+  - { method: "<java.io.PrintWriter: void write(char[])>", index: 0 }
+
+  - { method: "<java.io.PrintWriter: void println(boolean)>", index: 0 }
+  - { method: "<java.io.PrintWriter: void println(char)>", index: 0 }
+  - { method: "<java.io.PrintWriter: void println(char[])>", index: 0 }
+  - { method: "<java.io.PrintWriter: void println(double)>", index: 0 }
+  - { method: "<java.io.PrintWriter: void println(float)>", index: 0 }
+  - { method: "<java.io.PrintWriter: void println(int)>", index: 0 }
+  - { method: "<java.io.PrintWriter: void println(long)>", index: 0 }
+  - { method: "<java.io.PrintWriter: void println(java.lang.Object)>", index: 0 }
+  - { method: "<java.io.PrintWriter: void println(java.lang.String)>", index: 0 }
+
+  - { method: "<java.io.PrintWriter: java.io.PrintWriter append(java.lang.CharSequence)>", index: 0 }
+  - { method: "<java.io.PrintWriter: java.io.PrintWriter append(java.lang.CharSequence,int,int)>", index: 0 }
+  - { method: "<java.io.PrintWriter: java.io.PrintWriter append(char)>", index: 0 }
+
+  - { method: "<java.io.PrintWrite: java.io.PrintWrite printf(java.util.Locale,java.lang.String,java.lang.Object[])>", index: 2 }
+  - { method: "<java.io.PrintWrite: java.io.PrintWrite printf(java.lang.String,java.lang.Object[])>", index: 1 }
+
+  - { method: "<java.io.StringWriter: java.io.StringWriter append(java.lang.CharSequence)>", index: 0 }
+  - { method: "<java.io.StringWriter: java.io.StringWriter append(java.lang.CharSequence,int,int)>", index: 0 }
+  - { method: "<java.io.StringWriter: java.io.StringWriter append(char)>", index: 0 }
+
+  - { method: "<java.io.StringWriter: void write(char[],int,int)>", index: 0 }
+  - { method: "<java.io.StringWriter: void write(int)>", index: 0 }
+  - { method: "<java.io.StringWriter: void write(java.lang.String,int,int)>", index: 0 }
+  - { method: "<java.io.StringWriter: void write(java.lang.String)>", index: 0 }
+  - { method: "<java.io.StringWriter: void write(char[])>", index: 0 }
+
+  - { method: "<java.io.Writer: java.io.Writer append(java.lang.CharSequence)>", index: 0 }
+  - { method: "<java.io.Writer: java.io.Writer append(java.lang.CharSequence,int,int)>", index: 0 }
+  - { method: "<java.io.Writer: java.io.Writer append(char)>", index: 0 }
+
+  - { method: "<java.io.Writer: void write(char[],int,int)>", index: 0 }
+  - { method: "<java.io.Writer: void write(int)>", index: 0 }
+  - { method: "<java.io.Writer: void write(java.lang.String,int,int)>", index: 0 }
+  - { method: "<java.io.Writer: void write(java.lang.String)>", index: 0 }
+  - { method: "<java.io.Writer: void write(char[])>", index: 0 }
diff --git a/src/main/resources/taint-specification-collection/infoleak/source/java/README.adoc b/src/main/resources/taint-specification-collection/infoleak/source/java/README.adoc
new file mode 100644
index 000000000..aa4d0144b
--- /dev/null
+++ b/src/main/resources/taint-specification-collection/infoleak/source/java/README.adoc
@@ -0,0 +1,15 @@
+= Description
+
+The sources recorded in this directory mainly come from the Java standard library. The source methods that can generate taints include:
+
+- Methods that retrieve stored data from databases (e.g., `getString` and `getNString` methods in `java.sql`).
+- Methods that retrieve data from users that need to be validated (e.g., `get` methods and `requestPasswordAuthentication` method in `java.net.Authenticator`).
+- Methods that retrieve information from connected clients (e.g., `get` methods in `java.net.ContentHandler`, `CookieHandler`, and `CookieManager`).
+- Methods that retrieve information from `DatagramSocket`/`HttpCookie` (e.g., `get` methods in `java.net.DatagramSocket`/`HttpCookie`).
+- Methods that retrieve system information from `System` (e.g., `get` methods in `java.lang.System`).
+- Methods that retrieve information from input streams (e.g., `read` methods in various `InputStream` and `Reader` classes in `java.io`).
+- Methods that retrieve specified values from persistent fields (e.g., `get` methods in `java.io.ObjectInputStream$GetField`).
+- Methods that read information from files (e.g., `read` method in `java.io.RandomAccessFile`).
+- ...
+
+*Note*: The methods referred to as `get` or `read` are those that start with "get" or "read".
diff --git a/src/main/resources/taint-specification-collection/infoleak/source/java/java-io.yml b/src/main/resources/taint-specification-collection/infoleak/source/java/java-io.yml
new file mode 100644
index 000000000..8fc26aec0
--- /dev/null
+++ b/src/main/resources/taint-specification-collection/infoleak/source/java/java-io.yml
@@ -0,0 +1,137 @@
+sources:
+  - { kind: call, method: "<java.io.BufferedInputStream: int read()>", index: result, type: "int" }
+  - { kind: call, method: "<java.io.BufferedInputStream: int read(byte[],int,int)>", index: 0, type: "byte[]" }
+
+  - { kind: call, method: "<java.io.BufferedReader: java.lang.String readLine()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<java.io.BufferedReader: int read()>", index: result, type: "int" }
+  - { kind: call, method: "<java.io.BufferedReader: int read(char[],int,int)>", index: 0, type: "char[]" }
+
+  - { kind: call, method: "<java.io.ByteArrayInputStream: int read()>", index: result, type: "int" }
+  - { kind: call, method: "<java.io.ByteArrayInputStream: int read(byte[],int,int)>", index: 0, type: "byte[]" }
+
+  - { kind: call, method: "<java.io.CharArrayReader: int read()>", index: result, type: "int" }
+  - { kind: call, method: "<java.io.CharArrayReader: int read(char[],int,int)>", index: 0, type: "char[]" }
+
+  - { kind: call, method: "<java.io.DataInputStream: int read(byte[])>", index: 0, type: "byte[]" }
+  - { kind: call, method: "<java.io.DataInputStream: int read(byte[],int,int)>", index: 0, type: "byte[]" }
+  - { kind: call, method: "<java.io.DataInputStream: void readFully(byte[])>", index: 0, type: "byte[]" }
+  - { kind: call, method: "<java.io.DataInputStream: void readFully(byte[],int,int)>", index: 0, type: "byte[]" }
+  - { kind: call, method: "<java.io.DataInputStream: boolean readBoolean()>", index: result, type: "boolean" }
+  - { kind: call, method: "<java.io.DataInputStream: byte readByte()>", index: result, type: "byte" }
+  - { kind: call, method: "<java.io.DataInputStream: int readUnsignedByte()>", index: result, type: "int" }
+  - { kind: call, method: "<java.io.DataInputStream: short readShort()>", index: result, type: "short" }
+  - { kind: call, method: "<java.io.DataInputStream: int readUnsignedShort()>", index: result, type: "int" }
+  - { kind: call, method: "<java.io.DataInputStream: char readChar()>", index: result, type: "char" }
+  - { kind: call, method: "<java.io.DataInputStream: int readInt()>", index: result, type: "int" }
+  - { kind: call, method: "<java.io.DataInputStream: long readLong()>", index: result, type: "long" }
+  - { kind: call, method: "<java.io.DataInputStream: float readFloat()>", index: result, type: "float" }
+  - { kind: call, method: "<java.io.DataInputStream: double readDouble()>", index: result, type: "double" }
+  - { kind: call, method: "<java.io.DataInputStream: java.lang.String readLine()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<java.io.DataInputStream: int readUnsignedByte()>", index: result, type: "int" }
+  - { kind: call, method: "<java.io.DataInputStream: int readUnsignedShort()>", index: result, type: "int" }
+  - { kind: call, method: "<java.io.DataInputStream: java.lang.String readUTF()>", index: result, type: "java.lang.String" }
+
+  - { kind: call, method: "<java.io.FileInputStream: int read()>", index: result, type: "int" }
+  - { kind: call, method: "<java.io.FileInputStream: int read(byte[])>", index: 0, type: "byte[]" }
+  - { kind: call, method: "<java.io.FileInputStream: int read(byte[],int,int)>", index: 0, type: "byte[]" }
+
+  - { kind: call, method: "<java.io.FilterInputStream: int read()>", index: result, type: "int" }
+  - { kind: call, method: "<java.io.FilterInputStream: int read(byte[])>", index: 0, type: "byte[]" }
+  - { kind: call, method: "<java.io.FilterInputStream: int read(byte[],int,int)>", index: 0, type: "byte[]" }
+
+  - { kind: call, method: "<java.io.FilterReader: int read()>", index: result, type: "int" }
+  - { kind: call, method: "<java.io.FilterReader: int read(char[],int,int)>", index: 0, type: "char[]" }
+
+  - { kind: call, method: "<java.io.InputStream: int read()>", index: result, type: "int" }
+  - { kind: call, method: "<java.io.InputStream: int read(byte[])>", index: 0, type: "byte[]" }
+  - { kind: call, method: "<java.io.InputStream: int read(byte[],int,int)>", index: 0, type: "byte[]" }
+
+  - { kind: call, method: "<java.io.InputStreamReader: int read()>", index: result, type: "int" }
+  - { kind: call, method: "<java.io.InputStreamReader: int read(char[],int,int)>", index: 0, type: "char[]" }
+
+  - { kind: call, method: "<java.io.LineNumberInputStream: int read()>", index: result, type: "int" }
+  - { kind: call, method: "<java.io.LineNumberInputStream: int read(byte[],int,int)>", index: 0, type: "byte[]" }
+
+  - { kind: call, method: "<java.io.LineNumberReader: java.lang.String readLine()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<java.io.LineNumberReader: int read()>", index: result, type: "int" }
+  - { kind: call, method: "<java.io.LineNumberReader: int read(char[],int,int)>", index: 0, type: "char[]" }
+
+
+  - { kind: call, method: "<java.io.ObjectInputStream: int read()>", index: result, type: "int" }
+  - { kind: call, method: "<java.io.ObjectInputStream: int read(byte[],int,int)>", index: 0, type: "byte[]" }
+  - { kind: call, method: "<java.io.ObjectInputStream: boolean readBoolean()>", index: result, type: "boolean" }
+  - { kind: call, method: "<java.io.ObjectInputStream: byte readByte()>", index: result, type: "byte" }
+  - { kind: call, method: "<java.io.ObjectInputStream: char readChar()>", index: result, type: "char" }
+  - { kind: call, method: "<java.io.ObjectInputStream: double readDouble()>", index: result, type: "double" }
+  - { kind: call, method: "<java.io.ObjectInputStream: float readFloat()>", index: result, type: "float" }
+  - { kind: call, method: "<java.io.ObjectInputStream: void readFully(byte[])>", index: 0, type: "byte[]" }
+  - { kind: call, method: "<java.io.ObjectInputStream: void readFully(byte[],int,int)>", index: 0, type: "byte[]" }
+  - { kind: call, method: "<java.io.ObjectInputStream: int readInt()>", index: result, type: "int" }
+  - { kind: call, method: "<java.io.ObjectInputStream: java.lang.String readLine()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<java.io.ObjectInputStream: long readLong()>", index: result, type: "long" }
+  - { kind: call, method: "<java.io.ObjectInputStream: java.lang.Object readObject()>", index: result, type: "java.lang.Object" }
+  - { kind: call, method: "<java.io.ObjectInputStream: java.lang.Object readObjectOverride()>", index: result, type: "java.lang.Object" }
+  - { kind: call, method: "<java.io.ObjectInputStream: java.lang.Object readUnshared()>", index: result, type: "java.lang.Object" }
+  - { kind: call, method: "<java.io.ObjectInputStream: short readShort()>", index: result, type: "short" }
+  - { kind: call, method: "<java.io.ObjectInputStream: int readUnsignedByte()>", index: result, type: "int" }
+  - { kind: call, method: "<java.io.ObjectInputStream: int readUnsignedShort()>", index: result, type: "int" }
+  - { kind: call, method: "<java.io.ObjectInputStream: java.lang.String readUTF()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<java.io.ObjectInputStream: java.io.ObjectInputStream$GetField readFields()>", index: result, type: "java.io.ObjectInputStream$GetField" }
+
+  - { kind: call, method: "<java.io.ObjectInputStream$GetField: boolean defaulted(java.lang.String)>", index: result, type: "boolean" }
+  - { kind: call, method: "<java.io.ObjectInputStream$GetField: boolean get(java.lang.String,boolean)>", index: result, type: "boolean" }
+  - { kind: call, method: "<java.io.ObjectInputStream$GetField: byte get(java.lang.String,byte)>", index: result, type: "byte" }
+  - { kind: call, method: "<java.io.ObjectInputStream$GetField: char get(java.lang.String,char)>", index: result, type: "char" }
+  - { kind: call, method: "<java.io.ObjectInputStream$GetField: double get(java.lang.String,double)>", index: result, type: "double" }
+  - { kind: call, method: "<java.io.ObjectInputStream$GetField: float get(java.lang.String,float)>", index: result, type: "float" }
+  - { kind: call, method: "<java.io.ObjectInputStream$GetField: int get(java.lang.String,int)>", index: result, type: "int" }
+  - { kind: call, method: "<java.io.ObjectInputStream$GetField: java.lang.Object get(java.lang.String,java.lang.Object)>", index: result, type: "java.lang.Object" }
+  - { kind: call, method: "<java.io.ObjectInputStream$GetField: long get(java.lang.String,long)>", index: result, type: "long" }
+  - { kind: call, method: "<java.io.ObjectInputStream$GetField: short get(java.lang.String,short)>", index: result, type: "short" }
+
+
+  - { kind: call, method: "<java.io.PipedInputStream: int read()>", index: result, type: "int" }
+  - { kind: call, method: "<java.io.PipedInputStream: int read(byte[],int,int)>", index: result, type: "int" }
+
+  - { kind: call, method: "<java.io.PipedReader: int read()>", index: result, type: "int" }
+  - { kind: call, method: "<java.io.PipedReader: int read(char[], int, int)>", index: result, type: "int" }
+
+  - { kind: call, method: "<java.io.PushbackInputStream: int read()>", index: result, type: "int" }
+  - { kind: call, method: "<java.io.PushbackInputStream: int read(byte[], int, int)>", index: result, type: "int" }
+
+  - { kind: call, method: "<java.io.PushbackReader: int read()>", index: result, type: "int" }
+  - { kind: call, method: "<java.io.PushbackReader: int read(char[], int, int)>", index: result, type: "int" }
+
+  - { kind: call, method: "<java.io.RandomAccessFile: int read()>", index: result, type: "int" }
+  - { kind: call, method: "<java.io.RandomAccessFile: int read(byte[], int, int)>", index: result, type: "int" }
+  - { kind: call, method: "<java.io.RandomAccessFile: int read(byte[])>", index: result, type: "int" }
+  - { kind: call, method: "<java.io.RandomAccessFile: void readFully(byte[])>", index: 0, type: "byte[]" }
+  - { kind: call, method: "<java.io.RandomAccessFile: void readFully(byte[],int,int)>", index: 0, type: "byte[]" }
+  - { kind: call, method: "<java.io.RandomAccessFile: boolean readBoolean()>", index: result, type: "boolean" }
+  - { kind: call, method: "<java.io.RandomAccessFile: byte readByte()>", index: result, type: "byte" }
+  - { kind: call, method: "<java.io.RandomAccessFile: int readUnsignedByte()>", index: result, type: "int" }
+  - { kind: call, method: "<java.io.RandomAccessFile: short readShort()>", index: result, type: "short" }
+  - { kind: call, method: "<java.io.RandomAccessFile: int readUnsignedShort()>", index: result, type: "int" }
+  - { kind: call, method: "<java.io.RandomAccessFile: char readChar()>", index: result, type: "char" }
+  - { kind: call, method: "<java.io.RandomAccessFile: int readInt()>", index: result, type: "int" }
+  - { kind: call, method: "<java.io.RandomAccessFile: long readLong()>", index: result, type: "long" }
+  - { kind: call, method: "<java.io.RandomAccessFile: float readFloat()>", index: result, type: "float" }
+  - { kind: call, method: "<java.io.RandomAccessFile: double readDouble()>", index: result, type: "double" }
+  - { kind: call, method: "<java.io.RandomAccessFile: java.lang.String readLine()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<java.io.RandomAccessFile: int readUnsignedByte()>", index: result, type: "int" }
+  - { kind: call, method: "<java.io.RandomAccessFile: int readUnsignedShort()>", index: result, type: "int" }
+  - { kind: call, method: "<java.io.RandomAccessFile: java.lang.String readUTF()>", index: result, type: "java.lang.String" }
+
+  - { kind: call, method: "<java.io.Reader: int read()>", index: result, type: "int" }
+  - { kind: call, method: "<java.io.Reader: int read(char[], int, int)>", index: result, type: "int" }
+  - { kind: call, method: "<java.io.Reader: int read(char[])>", index: result, type: "int" }
+  - { kind: call, method: "<java.io.Reader: int read(java.nio.CharBuffer)>", index: result, type: "int" }
+
+  - { kind: call, method: "<java.io.SequenceInputStream: int read()>", index: result, type: "int" }
+  - { kind: call, method: "<java.io.SequenceInputStream: int read(byte[],int,int)>", index: result, type: "int" }
+
+  - { kind: call, method: "<java.io.StringBufferInputStream: int read()>", index: result, type: "int" }
+  - { kind: call, method: "<java.io.StringBufferInputStream: int read(byte[],int,int)>", index: result, type: "int" }
+
+  - { kind: call, method: "<java.io.StringReader: int read()>", index: result, type: "int" }
+  - { kind: call, method: "<java.io.StringReader: int read(char[],int,int)>", index: result, type: "int" }
diff --git a/src/main/resources/taint-specification-collection/infoleak/source/java/java-lang-system.yml b/src/main/resources/taint-specification-collection/infoleak/source/java/java-lang-system.yml
new file mode 100644
index 000000000..d23970ad2
--- /dev/null
+++ b/src/main/resources/taint-specification-collection/infoleak/source/java/java-lang-system.yml
@@ -0,0 +1,6 @@
+sources:
+  - { kind: call, method: "<java.lang.System: java.lang.String clearProperty(java.lang.String)>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<java.lang.System: java.util.Map getenv()>", index: result, type: "java.util.Map" }
+  - { kind: call, method: "<java.lang.System: java.lang.String getenv(java.lang.String)>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<java.lang.System: java.lang.String getProperty(java.lang.String)>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<java.lang.System: java.lang.String getProperty(java.lang.String,java.lang.String)>", index: result, type: "java.lang.String" }
diff --git a/src/main/resources/taint-specification-collection/infoleak/source/java/java-net.yml b/src/main/resources/taint-specification-collection/infoleak/source/java/java-net.yml
new file mode 100644
index 000000000..3f43469a7
--- /dev/null
+++ b/src/main/resources/taint-specification-collection/infoleak/source/java/java-net.yml
@@ -0,0 +1,45 @@
+sources:
+  - { kind: call, method: "<java.net.Authenticator: java.net.PasswordAuthentication getPasswordAuthentication()>", index: result, type: "java.net.PasswordAuthentication" }
+  - { kind: call, method: "<java.net.Authenticator: java.lang.String getRequestingHost()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<java.net.Authenticator: int getRequestingPort()>", index: result, type: "int" }
+  - { kind: call, method: "<java.net.Authenticator: java.lang.String getRequestingProtocol()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<java.net.Authenticator: java.lang.String getRequestingPrompt()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<java.net.Authenticator: java.net.InetAddress getRequestingSite()>", index: result, type: "java.net.InetAddress" }
+  - { kind: call, method: "<java.net.Authenticator: java.net.URL getRequestingURL()>", index: result, type: "java.net.URL" }
+  - { kind: call, method: "<java.net.Authenticator: java.lang.String getRequestingScheme()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<java.net.Authenticator: java.net.Authenticator.RequestorType getRequestorType()>", index: result, type: "java.net.Authenticator$RequestorType" }
+  - { kind: call, method: "<java.net.Authenticator: java.net.PasswordAuthentication requestPasswordAuthentication(java.net.InetAddress,int,java.lang.String,java.lang.String,java.lang.String)>", index: result, type: "java.net.PasswordAuthentication" }
+  - { kind: call, method: "<java.net.Authenticator: java.net.PasswordAuthentication requestPasswordAuthentication(java.lang.String,java.net.InetAddress,int,java.lang.String,java.lang.String,java.lang.String)>", index: result, type: "java.net.PasswordAuthentication" }
+  - { kind: call, method: "<java.net.Authenticator: java.net.PasswordAuthentication requestPasswordAuthentication(java.lang.String,java.net.InetAddress,int,java.lang.String,java.lang.String,java.lang.String,java.net.URL,java.net.Authenticator$RequestorType)>", index: result, type: "java.net.PasswordAuthentication" }
+
+  - { kind: call, method: "<java.net.ContentHandler: java.lang.Object getContent(java.net.URLConnection)>", index: result, type: "java.lang.Object" } #interface
+  - { kind: call, method: "<java.net.ContentHandler: java.lang.Object getContent(java.net.URLConnection,java.lang.Class[])>", index: result, type: "java.lang.Object" }
+
+  - { kind: call, method: "<java.net.CookieHandler: java.util.Map get(java.net.URI,java.util.Map)>", index: result, type: "java.util.Map" }
+
+  - { kind: call, method: "<java.net.CookieManager: java.util.Map get(java.net.URI,java.util.Map)>", index: result, type: "java.util.Map" }
+
+  - { kind: call, method: "<java.net.DatagramPacket: java.net.InetAddress getAddress()>", index: result, type: "java.net.InetAddress" }
+  - { kind: call, method: "<java.net.DatagramPacket: byte[] getData()>", index: result, type: "byte[]" }
+  - { kind: call, method: "<java.net.DatagramPacket: java.net.SocketAddress getSocketAddress()>", index: result, type: "java.net.SocketAddress" }
+  - { kind: call, method: "<java.net.DatagramPacket: int getPort()>", index: result, type: "int" }
+
+  - { kind: call, method: "<java.net.DatagramSocket: java.net.InetAddress getLocalAddress()>", index: result, type: "java.net.InetAddress" }
+  - { kind: call, method: "<java.net.DatagramSocket: java.net.SocketAddress getLocalSocketAddress()>", index: result, type: "java.net.SocketAddress" }
+  - { kind: call, method: "<java.net.DatagramSocket: java.net.SocketAddress getRemoteSocketAddress()>", index: result, type: "java.net.SocketAddress" }
+  - { kind: call, method: "<java.net.DatagramSocket: java.net.DatagramChannel getChannel()>", index: result, type: "java.net.DatagramChannel" }
+  - { kind: call, method: "<java.net.DatagramSocket: java.net.InetAddress getInetAddress()>", index: result, type: "java.net.InetAddress" }
+  - { kind: call, method: "<java.net.DatagramSocket: int getPort()>", index: result, type: "int" }
+
+  - { kind: call, method: "<java.net.HttpCookie: java.lang.String getComment()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<java.net.HttpCookie: java.lang.String getCommentURL()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<java.net.HttpCookie: boolean getDiscard()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<java.net.HttpCookie: java.lang.String getDomain()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<java.net.HttpCookie: int getMaxAge()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<java.net.HttpCookie: java.lang.String getPath()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<java.net.HttpCookie: java.lang.String getPortlist()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<java.net.HttpCookie: java.lang.String getSecure()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<java.net.HttpCookie: java.lang.String getValue()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<java.net.HttpCookie: int getVersion()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<java.net.HttpCookie: java.lang.String getName()>", index: result, type: "java.lang.String" }
+
diff --git a/src/main/resources/taint-specification-collection/infoleak/source/java/java-sql.yml b/src/main/resources/taint-specification-collection/infoleak/source/java/java-sql.yml
new file mode 100644
index 000000000..6475623e8
--- /dev/null
+++ b/src/main/resources/taint-specification-collection/infoleak/source/java/java-sql.yml
@@ -0,0 +1,5 @@
+sources:
+  - { kind: call, method: "<java.sql.ResultSet: java.lang.String getNString(int)>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<java.sql.ResultSet: java.lang.String getNString(java.lang.String)>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<java.sql.ResultSet: java.lang.String getString(int)>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<java.sql.ResultSet: java.lang.String getString(java.lang.String)>", index: result, type: "java.lang.String" }
diff --git a/src/main/resources/taint-specification-collection/injection/sink/android/sql-injection/ContentProvider.yml b/src/main/resources/taint-specification-collection/injection/sink/android/sql-injection/ContentProvider.yml
new file mode 100644
index 000000000..351c9845f
--- /dev/null
+++ b/src/main/resources/taint-specification-collection/injection/sink/android/sql-injection/ContentProvider.yml
@@ -0,0 +1,5 @@
+sinks:
+  - { method: "<android.content.ContentProvider: android.database.Cursor query(android.net.Uri,java.lang.String[],java.lang.String[],java.lang.String,java.lang.String)>", index: 2 }
+  - { method: "<android.content.ContentProvider: android.database.Cursor query(android.net.Uri,java.lang.String[],java.lang.String[],java.lang.String,java.lang.String,android.os.CancellationSignal)>", index: 3 }
+  - { method: "<android.content.ContentProvider: int delete(android.net.Uri,java.lang.String,java.lang.String[])>", index: 1 }
+  - { method: "<android.content.ContentProvider: int update(android.net.Uri,android.content.ContentValues,java.lang.String,java.lang.String[])>", index: 1 }
diff --git a/src/main/resources/taint-specification-collection/injection/sink/android/sql-injection/DatabaseUtils.yml b/src/main/resources/taint-specification-collection/injection/sink/android/sql-injection/DatabaseUtils.yml
new file mode 100644
index 000000000..3e4ead79a
--- /dev/null
+++ b/src/main/resources/taint-specification-collection/injection/sink/android/sql-injection/DatabaseUtils.yml
@@ -0,0 +1,6 @@
+sinks:
+  - { method: "<android.database.DatabaseUtils: long longForQuery(android.database.sqlite.SQLiteDatabase,java.lang.String,java.lang.String[])>", index: 1 }
+  - { method: "<android.database.DatabaseUtils: java.lang.String stringForQuery(android.database.sqlite.SQLiteDatabase,java.lang.String,java.lang.String[])>", index: 1 }
+  - { method: "<android.database.DatabaseUtils: android.os.ParcelFileDescriptor blobFileDescriptorForQuery(android.database.sqlite.SQLiteDatabase,java.lang.String,java.lang.String[])>", index: 1 }
+  - { method: "<android.database.DatabaseUtils: void createDbFromSqlStatements(android.content.Context,java.lang.String,int,java.lang.String)>", index: 0 }
+
diff --git a/src/main/resources/taint-specification-collection/injection/sink/android/sql-injection/README.adoc b/src/main/resources/taint-specification-collection/injection/sink/android/sql-injection/README.adoc
new file mode 100644
index 000000000..2edb66c65
--- /dev/null
+++ b/src/main/resources/taint-specification-collection/injection/sink/android/sql-injection/README.adoc
@@ -0,0 +1,10 @@
+= Description
+
+- **Overview**: 
+    The sinks in this directory consist of Android database SQL-related APIs, including but not limited to `query`, `update`, `delete`, and other methods. Their main functionality is to perform database queries and update operations.
+
+- **Common Use Cases**:
+    These APIs are commonly used for handling user-inputted data for queries, data insertion, data updates, data deletion, and SQL statement execution. Users typically have some level of control over the parameters.
+
+- **Security Risks**:
+    SQL Injection: Attackers can exploit these APIs by constructing malicious input to inject SQL commands, thereby gaining control over the database.
\ No newline at end of file
diff --git a/src/main/resources/taint-specification-collection/injection/sink/android/sql-injection/SQLiteDatabase.yml b/src/main/resources/taint-specification-collection/injection/sink/android/sql-injection/SQLiteDatabase.yml
new file mode 100644
index 000000000..49d80f38a
--- /dev/null
+++ b/src/main/resources/taint-specification-collection/injection/sink/android/sql-injection/SQLiteDatabase.yml
@@ -0,0 +1,58 @@
+sinks:
+  - { method: "<android.database.sqlite.SQLiteDatabase: android.database.sqlite.SQLiteStatement compileStatement(java.lang.String)>", index: 0 }
+
+  - { method: "<android.database.sqlite.SQLiteDatabase: android.database.Cursor query(boolean,java.lang.String,java.lang.String[],java.lang.String,java.lang.String[],java.lang.String,java.lang.String,java.lang.String,java.lang.String)>", index: 0 }
+  - { method: "<android.database.sqlite.SQLiteDatabase: android.database.Cursor query(boolean,java.lang.String,java.lang.String[],java.lang.String,java.lang.String[],java.lang.String,java.lang.String,java.lang.String,java.lang.String)>", index: 1 }
+  - { method: "<android.database.sqlite.SQLiteDatabase: android.database.Cursor query(boolean,java.lang.String,java.lang.String[],java.lang.String,java.lang.String[],java.lang.String,java.lang.String,java.lang.String,java.lang.String)>", index: 2 }
+  - { method: "<android.database.sqlite.SQLiteDatabase: android.database.Cursor query(boolean,java.lang.String,java.lang.String[],java.lang.String,java.lang.String[],java.lang.String,java.lang.String,java.lang.String,java.lang.String)>", index: 3 }
+  - { method: "<android.database.sqlite.SQLiteDatabase: android.database.Cursor query(boolean,java.lang.String,java.lang.String[],java.lang.String,java.lang.String[],java.lang.String,java.lang.String,java.lang.String,java.lang.String)>", index: 5 }
+  - { method: "<android.database.sqlite.SQLiteDatabase: android.database.Cursor query(boolean,java.lang.String,java.lang.String[],java.lang.String,java.lang.String[],java.lang.String,java.lang.String,java.lang.String,java.lang.String)>", index: 7 }
+  - { method: "<android.database.sqlite.SQLiteDatabase: android.database.Cursor query(boolean,java.lang.String,java.lang.String[],java.lang.String,java.lang.String[],java.lang.String,java.lang.String,java.lang.String,java.lang.String,android.os.CancellationSignal)>", index: 1 }
+  - { method: "<android.database.sqlite.SQLiteDatabase: android.database.Cursor query(boolean,java.lang.String,java.lang.String[],java.lang.String,java.lang.String[],java.lang.String,java.lang.String,java.lang.String,java.lang.String,android.os.CancellationSignal)>", index: 2 }
+  - { method: "<android.database.sqlite.SQLiteDatabase: android.database.Cursor query(boolean,java.lang.String,java.lang.String[],java.lang.String,java.lang.String[],java.lang.String,java.lang.String,java.lang.String,java.lang.String,android.os.CancellationSignal)>", index: 3 }
+  - { method: "<android.database.sqlite.SQLiteDatabase: android.database.Cursor query(boolean,java.lang.String,java.lang.String[],java.lang.String,java.lang.String[],java.lang.String,java.lang.String,java.lang.String,java.lang.String,android.os.CancellationSignal)>", index: 4 }
+  - { method: "<android.database.sqlite.SQLiteDatabase: android.database.Cursor query(boolean,java.lang.String,java.lang.String[],java.lang.String,java.lang.String[],java.lang.String,java.lang.String,java.lang.String,java.lang.String,android.os.CancellationSignal)>", index: 6 }
+  - { method: "<android.database.sqlite.SQLiteDatabase: android.database.Cursor query(boolean,java.lang.String,java.lang.String[],java.lang.String,java.lang.String[],java.lang.String,java.lang.String,java.lang.String,java.lang.String,android.os.CancellationSignal)>", index: 8 }
+
+  - { method: "<android.database.sqlite.SQLiteDatabase: android.database.Cursor queryWithFactory(android.database.sqlite.SQLiteDatabase$CursorFactory,boolean,java.lang.String,java.lang.String[],java.lang.String,java.lang.String[],java.lang.String,java.lang.String,java.lang.String,java.lang.String)>", index: 0 }
+  - { method: "<android.database.sqlite.SQLiteDatabase: android.database.Cursor queryWithFactory(android.database.sqlite.SQLiteDatabase$CursorFactory,boolean,java.lang.String,java.lang.String[],java.lang.String,java.lang.String[],java.lang.String,java.lang.String,java.lang.String,java.lang.String)>", index: 1 }
+  - { method: "<android.database.sqlite.SQLiteDatabase: android.database.Cursor queryWithFactory(android.database.sqlite.SQLiteDatabase$CursorFactory,boolean,java.lang.String,java.lang.String[],java.lang.String,java.lang.String[],java.lang.String,java.lang.String,java.lang.String,java.lang.String)>", index: 2 }
+  - { method: "<android.database.sqlite.SQLiteDatabase: android.database.Cursor queryWithFactory(android.database.sqlite.SQLiteDatabase$CursorFactory,boolean,java.lang.String,java.lang.String[],java.lang.String,java.lang.String[],java.lang.String,java.lang.String,java.lang.String,java.lang.String)>", index: 3 }
+  - { method: "<android.database.sqlite.SQLiteDatabase: android.database.Cursor queryWithFactory(android.database.sqlite.SQLiteDatabase$CursorFactory,boolean,java.lang.String,java.lang.String[],java.lang.String,java.lang.String[],java.lang.String,java.lang.String,java.lang.String,java.lang.String)>", index: 5 }
+  - { method: "<android.database.sqlite.SQLiteDatabase: android.database.Cursor queryWithFactory(android.database.sqlite.SQLiteDatabase$CursorFactory,boolean,java.lang.String,java.lang.String[],java.lang.String,java.lang.String[],java.lang.String,java.lang.String,java.lang.String,java.lang.String)>", index: 7 }
+  - { method: "<android.database.sqlite.SQLiteDatabase: android.database.Cursor queryWithFactory(android.database.sqlite.SQLiteDatabase$CursorFactory,boolean,java.lang.String,java.lang.String[],java.lang.String,java.lang.String[],java.lang.String,java.lang.String,java.lang.String,java.lang.String,android.os.CancellationSignal)>", index: 1 }
+  - { method: "<android.database.sqlite.SQLiteDatabase: android.database.Cursor queryWithFactory(android.database.sqlite.SQLiteDatabase$CursorFactory,boolean,java.lang.String,java.lang.String[],java.lang.String,java.lang.String[],java.lang.String,java.lang.String,java.lang.String,java.lang.String,android.os.CancellationSignal)>", index: 2 }
+  - { method: "<android.database.sqlite.SQLiteDatabase: android.database.Cursor queryWithFactory(android.database.sqlite.SQLiteDatabase$CursorFactory,boolean,java.lang.String,java.lang.String[],java.lang.String,java.lang.String[],java.lang.String,java.lang.String,java.lang.String,java.lang.String,android.os.CancellationSignal)>", index: 3 }
+  - { method: "<android.database.sqlite.SQLiteDatabase: android.database.Cursor queryWithFactory(android.database.sqlite.SQLiteDatabase$CursorFactory,boolean,java.lang.String,java.lang.String[],java.lang.String,java.lang.String[],java.lang.String,java.lang.String,java.lang.String,java.lang.String,android.os.CancellationSignal)>", index: 4 }
+  - { method: "<android.database.sqlite.SQLiteDatabase: android.database.Cursor queryWithFactory(android.database.sqlite.SQLiteDatabase$CursorFactory,boolean,java.lang.String,java.lang.String[],java.lang.String,java.lang.String[],java.lang.String,java.lang.String,java.lang.String,java.lang.String,android.os.CancellationSignal)>", index: 6 }
+  - { method: "<android.database.sqlite.SQLiteDatabase: android.database.Cursor queryWithFactory(android.database.sqlite.SQLiteDatabase$CursorFactory,boolean,java.lang.String,java.lang.String[],java.lang.String,java.lang.String[],java.lang.String,java.lang.String,java.lang.String,java.lang.String,android.os.CancellationSignal)>", index: 8 }
+
+  - { method: "<android.database.sqlite.SQLiteDatabase: android.database.Cursor query(java.lang.String,java.lang.String[],java.lang.String,java.lang.String[],java.lang.String,java.lang.String,java.lang.String)>", index: 0 }
+  - { method: "<android.database.sqlite.SQLiteDatabase: android.database.Cursor query(java.lang.String,java.lang.String[],java.lang.String,java.lang.String[],java.lang.String,java.lang.String,java.lang.String)>", index: 1 }
+  - { method: "<android.database.sqlite.SQLiteDatabase: android.database.Cursor query(java.lang.String,java.lang.String[],java.lang.String,java.lang.String[],java.lang.String,java.lang.String,java.lang.String)>", index: 2 }
+  - { method: "<android.database.sqlite.SQLiteDatabase: android.database.Cursor query(java.lang.String,java.lang.String[],java.lang.String,java.lang.String[],java.lang.String,java.lang.String,java.lang.String)>", index: 4 }
+  - { method: "<android.database.sqlite.SQLiteDatabase: android.database.Cursor query(java.lang.String,java.lang.String[],java.lang.String,java.lang.String[],java.lang.String,java.lang.String,java.lang.String)>", index: 6 }
+  - { method: "<android.database.sqlite.SQLiteDatabase: android.database.Cursor query(java.lang.String,java.lang.String[],java.lang.String,java.lang.String[],java.lang.String,java.lang.String,java.lang.String,java.lang.String)>", index: 0 }
+  - { method: "<android.database.sqlite.SQLiteDatabase: android.database.Cursor query(java.lang.String,java.lang.String[],java.lang.String,java.lang.String[],java.lang.String,java.lang.String,java.lang.String,java.lang.String)>", index: 1 }
+  - { method: "<android.database.sqlite.SQLiteDatabase: android.database.Cursor query(java.lang.String,java.lang.String[],java.lang.String,java.lang.String[],java.lang.String,java.lang.String,java.lang.String,java.lang.String)>", index: 2 }
+  - { method: "<android.database.sqlite.SQLiteDatabase: android.database.Cursor query(java.lang.String,java.lang.String[],java.lang.String,java.lang.String[],java.lang.String,java.lang.String,java.lang.String,java.lang.String)>", index: 3 }
+  - { method: "<android.database.sqlite.SQLiteDatabase: android.database.Cursor query(java.lang.String,java.lang.String[],java.lang.String,java.lang.String[],java.lang.String,java.lang.String,java.lang.String,java.lang.String)>", index: 5 }
+  - { method: "<android.database.sqlite.SQLiteDatabase: android.database.Cursor query(java.lang.String,java.lang.String[],java.lang.String,java.lang.String[],java.lang.String,java.lang.String,java.lang.String,java.lang.String)>", index: 7 }
+
+  - { method: "<android.database.sqlite.SQLiteDatabase: android.database.Cursor rawQuery(java.lang.String,java.lang.String[])>", index: 1 }
+  - { method: "<android.database.sqlite.SQLiteDatabase: android.database.Cursor rawQuery(java.lang.String,java.lang.String[],android.os.CancellationSignal)>", index: 2 }
+
+  - { method: "<android.database.sqlite.SQLiteDatabase: android.database.Cursor rawQueryWithFactory(android.database.sqlite.SQLiteDatabase$CursorFactory,java.lang.String,java.lang.String[],java.lang.String)>", index: 0 }
+  - { method: "<android.database.sqlite.SQLiteDatabase: android.database.Cursor rawQueryWithFactory(android.database.sqlite.SQLiteDatabase$CursorFactory,java.lang.String,java.lang.String[],java.lang.String)>", index: 2 }
+  - { method: "<android.database.sqlite.SQLiteDatabase: android.database.Cursor rawQueryWithFactory(android.database.sqlite.SQLiteDatabase$CursorFactory,java.lang.String,java.lang.String[],java.lang.String,android.os.CancellationSignal)>", index: 1 }
+  - { method: "<android.database.sqlite.SQLiteDatabase: android.database.Cursor rawQueryWithFactory(android.database.sqlite.SQLiteDatabase$CursorFactory,java.lang.String,java.lang.String[],java.lang.String,android.os.CancellationSignal)>", index: 3 }
+
+  - { method: "<android.database.sqlite.SQLiteDatabase: int delete(java.lang.String,java.lang.String,java.lang.String[])>", index: 1 }
+  - { method: "<android.database.sqlite.SQLiteDatabase: int delete(java.lang.String,java.lang.String,java.lang.String[])>", index: 2 }
+  - { method: "<android.database.sqlite.SQLiteDatabase: int update(java.lang.String,android.content.ContentValues,java.lang.String,java.lang.String[])>", index: 1 }
+  - { method: "<android.database.sqlite.SQLiteDatabase: int update(java.lang.String,android.content.ContentValues,java.lang.String,java.lang.String[])>", index: 3 }
+  - { method: "<android.database.sqlite.SQLiteDatabase: int updateWithOnConflict(java.lang.String,android.content.ContentValues,java.lang.String,java.lang.String[],int)>", index: 2 }
+  - { method: "<android.database.sqlite.SQLiteDatabase: int updateWithOnConflict(java.lang.String,android.content.ContentValues,java.lang.String,java.lang.String[],int)>", index: 4 }
+
+  - { method: "<android.database.sqlite.SQLiteDatabase: void execSQL(java.lang.String)>", index: 0 }
+  - { method: "<android.database.sqlite.SQLiteDatabase: void execSQL(java.lang.String,java.lang.Object[])>", index: 1 }
diff --git a/src/main/resources/taint-specification-collection/injection/sink/android/sql-injection/SQLiteQueryBuilder.yml b/src/main/resources/taint-specification-collection/injection/sink/android/sql-injection/SQLiteQueryBuilder.yml
new file mode 100644
index 000000000..103856665
--- /dev/null
+++ b/src/main/resources/taint-specification-collection/injection/sink/android/sql-injection/SQLiteQueryBuilder.yml
@@ -0,0 +1,45 @@
+sinks:
+  - { method: "<android.database.sqlite.SQLiteQueryBuilder: void appendWhere(java.lang.CharSequence)>", index: 0 }
+
+  - { method: "<android.database.sqlite.SQLiteQueryBuilder: java.lang.String buildQueryString(boolean,java.lang.String,java.lang.String[],java.lang.String,java.lang.String,java.lang.String,java.lang.String,java.lang.String)>", index: 0 }
+  - { method: "<android.database.sqlite.SQLiteQueryBuilder: java.lang.String buildQueryString(boolean,java.lang.String,java.lang.String[],java.lang.String,java.lang.String,java.lang.String,java.lang.String,java.lang.String)>", index: 1 }
+  - { method: "<android.database.sqlite.SQLiteQueryBuilder: java.lang.String buildQueryString(boolean,java.lang.String,java.lang.String[],java.lang.String,java.lang.String,java.lang.String,java.lang.String,java.lang.String)>", index: 2 }
+  - { method: "<android.database.sqlite.SQLiteQueryBuilder: java.lang.String buildQueryString(boolean,java.lang.String,java.lang.String[],java.lang.String,java.lang.String,java.lang.String,java.lang.String,java.lang.String)>", index: 3 }
+  - { method: "<android.database.sqlite.SQLiteQueryBuilder: java.lang.String buildQueryString(boolean,java.lang.String,java.lang.String[],java.lang.String,java.lang.String,java.lang.String,java.lang.String,java.lang.String)>", index: 4 }
+  - { method: "<android.database.sqlite.SQLiteQueryBuilder: java.lang.String buildQueryString(boolean,java.lang.String,java.lang.String[],java.lang.String,java.lang.String,java.lang.String,java.lang.String,java.lang.String)>", index: 6 }
+
+  - { method: "<android.database.sqlite.SQLiteQueryBuilder: android.database.Cursor query(android.database.sqlite.SQLiteDatabase,java.lang.String[],java.lang.String,java.lang.String[],java.lang.String,java.lang.String,java.lang.String)>", index: 0 }
+  - { method: "<android.database.sqlite.SQLiteQueryBuilder: android.database.Cursor query(android.database.sqlite.SQLiteDatabase,java.lang.String[],java.lang.String,java.lang.String[],java.lang.String,java.lang.String,java.lang.String)>", index: 1 }
+  - { method: "<android.database.sqlite.SQLiteQueryBuilder: android.database.Cursor query(android.database.sqlite.SQLiteDatabase,java.lang.String[],java.lang.String,java.lang.String[],java.lang.String,java.lang.String,java.lang.String)>", index: 2 }
+  - { method: "<android.database.sqlite.SQLiteQueryBuilder: android.database.Cursor query(android.database.sqlite.SQLiteDatabase,java.lang.String[],java.lang.String,java.lang.String[],java.lang.String,java.lang.String,java.lang.String)>", index: 4 }
+  - { method: "<android.database.sqlite.SQLiteQueryBuilder: android.database.Cursor query(android.database.sqlite.SQLiteDatabase,java.lang.String[],java.lang.String,java.lang.String[],java.lang.String,java.lang.String,java.lang.String,java.lang.String)>", index: 0 }
+  - { method: "<android.database.sqlite.SQLiteQueryBuilder: android.database.Cursor query(android.database.sqlite.SQLiteDatabase,java.lang.String[],java.lang.String,java.lang.String[],java.lang.String,java.lang.String,java.lang.String,java.lang.String)>", index: 1 }
+  - { method: "<android.database.sqlite.SQLiteQueryBuilder: android.database.Cursor query(android.database.sqlite.SQLiteDatabase,java.lang.String[],java.lang.String,java.lang.String[],java.lang.String,java.lang.String,java.lang.String,java.lang.String)>", index: 2 }
+  - { method: "<android.database.sqlite.SQLiteQueryBuilder: android.database.Cursor query(android.database.sqlite.SQLiteDatabase,java.lang.String[],java.lang.String,java.lang.String[],java.lang.String,java.lang.String,java.lang.String,java.lang.String)>", index: 3 }
+  - { method: "<android.database.sqlite.SQLiteQueryBuilder: android.database.Cursor query(android.database.sqlite.SQLiteDatabase,java.lang.String[],java.lang.String,java.lang.String[],java.lang.String,java.lang.String,java.lang.String,java.lang.String)>", index: 5 }
+  - { method: "<android.database.sqlite.SQLiteQueryBuilder: android.database.Cursor query(android.database.sqlite.SQLiteDatabase,java.lang.String[],java.lang.String,java.lang.String[],java.lang.String,java.lang.String,java.lang.String,java.lang.String,android.os.CancellationSignal)>", index: 1 }
+  - { method: "<android.database.sqlite.SQLiteQueryBuilder: android.database.Cursor query(android.database.sqlite.SQLiteDatabase,java.lang.String[],java.lang.String,java.lang.String[],java.lang.String,java.lang.String,java.lang.String,java.lang.String,android.os.CancellationSignal)>", index: 2 }
+  - { method: "<android.database.sqlite.SQLiteQueryBuilder: android.database.Cursor query(android.database.sqlite.SQLiteDatabase,java.lang.String[],java.lang.String,java.lang.String[],java.lang.String,java.lang.String,java.lang.String,java.lang.String,android.os.CancellationSignal)>", index: 3 }
+  - { method: "<android.database.sqlite.SQLiteQueryBuilder: android.database.Cursor query(android.database.sqlite.SQLiteDatabase,java.lang.String[],java.lang.String,java.lang.String[],java.lang.String,java.lang.String,java.lang.String,java.lang.String,android.os.CancellationSignal)>", index: 4 }
+  - { method: "<android.database.sqlite.SQLiteQueryBuilder: android.database.Cursor query(android.database.sqlite.SQLiteDatabase,java.lang.String[],java.lang.String,java.lang.String[],java.lang.String,java.lang.String,java.lang.String,java.lang.String,android.os.CancellationSignal)>", index: 6 }
+
+  - { method: "<android.database.sqlite.SQLiteQueryBuilder: java.lang.String buildQuery(java.lang.String[],java.lang.String,java.lang.String,java.lang.String,java.lang.String,java.lang.String)>", index: 0 }
+  - { method: "<android.database.sqlite.SQLiteQueryBuilder: java.lang.String buildQuery(java.lang.String[],java.lang.String,java.lang.String,java.lang.String,java.lang.String,java.lang.String)>", index: 1 }
+  - { method: "<android.database.sqlite.SQLiteQueryBuilder: java.lang.String buildQuery(java.lang.String[],java.lang.String,java.lang.String,java.lang.String,java.lang.String,java.lang.String)>", index: 2 }
+  - { method: "<android.database.sqlite.SQLiteQueryBuilder: java.lang.String buildQuery(java.lang.String[],java.lang.String,java.lang.String,java.lang.String,java.lang.String,java.lang.String)>", index: 3 }
+  - { method: "<android.database.sqlite.SQLiteQueryBuilder: java.lang.String buildQuery(java.lang.String[],java.lang.String,java.lang.String,java.lang.String,java.lang.String,java.lang.String)>", index: 4 }
+  - { method: "<android.database.sqlite.SQLiteQueryBuilder: java.lang.String buildQuery(java.lang.String[],java.lang.String,java.lang.String[],java.lang.String,java.lang.String,java.lang.String,java.lang.String)>", index: 0 }
+  - { method: "<android.database.sqlite.SQLiteQueryBuilder: java.lang.String buildQuery(java.lang.String[],java.lang.String,java.lang.String[],java.lang.String,java.lang.String,java.lang.String,java.lang.String)>", index: 1 }
+  - { method: "<android.database.sqlite.SQLiteQueryBuilder: java.lang.String buildQuery(java.lang.String[],java.lang.String,java.lang.String[],java.lang.String,java.lang.String,java.lang.String,java.lang.String)>", index: 2 }
+  - { method: "<android.database.sqlite.SQLiteQueryBuilder: java.lang.String buildQuery(java.lang.String[],java.lang.String,java.lang.String[],java.lang.String,java.lang.String,java.lang.String,java.lang.String)>", index: 3 }
+  - { method: "<android.database.sqlite.SQLiteQueryBuilder: java.lang.String buildQuery(java.lang.String[],java.lang.String,java.lang.String[],java.lang.String,java.lang.String,java.lang.String,java.lang.String)>", index: 5 }
+
+  - { method: "<android.database.sqlite.SQLiteQueryBuilder: java.lang.String buildUnionSubQuery(java.lang.String,java.lang.String[],java.util.Set,int,java.lang.String,java.lang.String,java.lang.String,java.lang.String)>", index: 0 }
+  - { method: "<android.database.sqlite.SQLiteQueryBuilder: java.lang.String buildUnionSubQuery(java.lang.String,java.lang.String[],java.util.Set,int,java.lang.String,java.lang.String,java.lang.String,java.lang.String)>", index: 1 }
+  - { method: "<android.database.sqlite.SQLiteQueryBuilder: java.lang.String buildUnionSubQuery(java.lang.String,java.lang.String[],java.util.Set,int,java.lang.String,java.lang.String,java.lang.String,java.lang.String)>", index: 2 }
+  - { method: "<android.database.sqlite.SQLiteQueryBuilder: java.lang.String buildUnionSubQuery(java.lang.String,java.lang.String[],java.util.Set,int,java.lang.String,java.lang.String,java.lang.String[],java.lang.String,java.lang.String)>", index: 0 }
+  - { method: "<android.database.sqlite.SQLiteQueryBuilder: java.lang.String buildUnionSubQuery(java.lang.String,java.lang.String[],java.util.Set,int,java.lang.String,java.lang.String,java.lang.String[],java.lang.String,java.lang.String)>", index: 1 }
+  - { method: "<android.database.sqlite.SQLiteQueryBuilder: java.lang.String buildUnionSubQuery(java.lang.String,java.lang.String[],java.util.Set,int,java.lang.String,java.lang.String,java.lang.String[],java.lang.String,java.lang.String)>", index: 3 }
+  - { method: "<android.database.sqlite.SQLiteQueryBuilder: java.lang.String buildUnionQuery(java.lang.String[],java.lang.String,java.lang.String)>", index: 0 }
+  - { method: "<android.database.sqlite.SQLiteQueryBuilder: java.lang.String buildUnionQuery(java.lang.String[],java.lang.String,java.lang.String)>", index: 1 }
+  - { method: "<android.database.sqlite.SQLiteQueryBuilder: java.lang.String buildUnionQuery(java.lang.String[],java.lang.String,java.lang.String)>", index: 2 }
\ No newline at end of file
diff --git a/src/main/resources/taint-specification-collection/injection/sink/apache-Xalan/xpath-injection/README.adoc b/src/main/resources/taint-specification-collection/injection/sink/apache-Xalan/xpath-injection/README.adoc
new file mode 100644
index 000000000..514a937bd
--- /dev/null
+++ b/src/main/resources/taint-specification-collection/injection/sink/apache-Xalan/xpath-injection/README.adoc
@@ -0,0 +1,10 @@
+= Description
+
+- **Overview**: 
+    Apache Xalan provides a set of methods for evaluating XPath expressions and selecting nodes within XML documents. These methods enable developers to easily locate, filter, and process specific nodes and data within XML documents.
+
+- **Common Use Cases**:
+    These APIs are commonly used to parse and execute XPath expressions, returning corresponding results based on the content of XML documents.
+
+- **Security Risks**:
+    XPath Injection: Similar to SQL injection attacks, attackers can craft malicious XPath expressions to reveal the structure of XML data or access data that would normally be restricted. If the XML data is used for user authentication, attackers could even escalate their privileges.
diff --git a/src/main/resources/taint-specification-collection/injection/sink/apache-Xalan/xpath-injection/xpath.yml b/src/main/resources/taint-specification-collection/injection/sink/apache-Xalan/xpath-injection/xpath.yml
new file mode 100644
index 000000000..85961226f
--- /dev/null
+++ b/src/main/resources/taint-specification-collection/injection/sink/apache-Xalan/xpath-injection/xpath.yml
@@ -0,0 +1,10 @@
+sinks:
+  - { method: "<org.apache.xpath.XPathAPI: org.apache.xpath.objects.XObject eval(org.w3c.dom.Node,java.lang.String)>", index: 0 }
+  - { method: "<org.apache.xpath.XPathAPI: org.apache.xpath.objects.XObject eval(org.w3c.dom.Node,java.lang.String,org.w3c.dom.Node)>", index: 1 }
+  - { method: "<org.apache.xpath.XPathAPI: org.apache.xpath.objects.XObject eval(org.w3c.dom.Node,java.lang.String,org.apache.xml.utils.PrefixResolver)>", index: 1 }
+  - { method: "<org.apache.xpath.XPathAPI: org.w3c.dom.traversal.NodeIterator selectNodeIterator(org.w3c.dom.Node,java.lang.String)>", index: 0 }
+  - { method: "<org.apache.xpath.XPathAPI: org.w3c.dom.traversal.NodeIterator selectNodeIterator(org.w3c.dom.Node,java.lang.String,org.w3c.dom.Node)>", index: 1 }
+  - { method: "<org.apache.xpath.XPathAPI: org.w3c.dom.NodeList selectNodeList(org.w3c.dom.Node,java.lang.String)>", index: 0 }
+  - { method: "<org.apache.xpath.XPathAPI: org.w3c.dom.NodeList selectNodeList(org.w3c.dom.Node,java.lang.String,org.w3c.dom.Node)>", index: 1 }
+  - { method: "<org.apache.xpath.XPathAPI: org.w3c.dom.Node selectSingleNode(org.w3c.dom.Node,java.lang.String)>", index: 0 }
+  - { method: "<org.apache.xpath.XPathAPI: org.w3c.dom.Node selectSingleNode(org.w3c.dom.Node,java.lang.String,org.w3c.dom.Node)>", index: 1 }
diff --git a/src/main/resources/taint-specification-collection/injection/sink/apache-log4j/log4j_1x/crlf/Category.yml b/src/main/resources/taint-specification-collection/injection/sink/apache-log4j/log4j_1x/crlf/Category.yml
new file mode 100644
index 000000000..6e72952f6
--- /dev/null
+++ b/src/main/resources/taint-specification-collection/injection/sink/apache-log4j/log4j_1x/crlf/Category.yml
@@ -0,0 +1,18 @@
+sinks:
+  - { method: "<org.apache.log4j.Category: void debug(java.lang.Object)>", index: 0 }
+  - { method: "<org.apache.log4j.Category: void debug(java.lang.Object,java.lang.Throwable)>", index: 1 }
+  - { method: "<org.apache.log4j.Category: void error(java.lang.Object)>", index: 0 }
+  - { method: "<org.apache.log4j.Category: void error(java.lang.Object,java.lang.Throwable)>", index: 1 }
+  - { method: "<org.apache.log4j.Category: void fatal(java.lang.Object)>", index: 0 }
+  - { method: "<org.apache.log4j.Category: void fatal(java.lang.Object,java.lang.Throwable)>", index: 1 }
+  - { method: "<org.apache.log4j.Category: void info(java.lang.Object)>", index: 0 }
+  - { method: "<org.apache.log4j.Category: void info(java.lang.Object,java.lang.Throwable)>", index: 1 }
+  - { method: "<org.apache.log4j.Category: void l7dlog(org.apache.log4j.Priority,java.lang.String,java.lang.Object[],java.lang.Throwable)>", index: 1 }
+  - { method: "<org.apache.log4j.Category: void l7dlog(org.apache.log4j.Priority,java.lang.String,java.lang.Object[],java.lang.Throwable)>", index: 2 }
+  - { method: "<org.apache.log4j.Category: void l7dlog(org.apache.log4j.Priority,java.lang.String,java.lang.Throwable)>", index: 1 }
+  - { method: "<org.apache.log4j.Category: void log(org.apache.log4j.Priority,java.lang.Object)>", index: 0 }
+  - { method: "<org.apache.log4j.Category: void log(org.apache.log4j.Priority,java.lang.Object,java.lang.Throwable)>", index: 1 }
+  - { method: "<org.apache.log4j.Category: void log(java.lang.String,org.apache.log4j.Priority,java.lang.Object,java.lang.Throwable)>", index: 1 }
+  - { method: "<org.apache.log4j.Category: void log(java.lang.String,org.apache.log4j.Priority,java.lang.Object java.lang.Throwable)>", index: 3 }
+  - { method: "<org.apache.log4j.Category: void warn(java.lang.Object)>", index: 0 }
+  - { method: "<org.apache.log4j.Category: void warn(java.lang.Object,java.lang.Throwable)>", index: 1 }
diff --git a/src/main/resources/taint-specification-collection/injection/sink/apache-log4j/log4j_1x/crlf/Logger.yml b/src/main/resources/taint-specification-collection/injection/sink/apache-log4j/log4j_1x/crlf/Logger.yml
new file mode 100644
index 000000000..c6d8c1004
--- /dev/null
+++ b/src/main/resources/taint-specification-collection/injection/sink/apache-log4j/log4j_1x/crlf/Logger.yml
@@ -0,0 +1,20 @@
+sinks:
+  - { method: "<org.apache.log4j.Logger: void debug(java.lang.Object)>", index: 0 }
+  - { method: "<org.apache.log4j.Logger: void debug(java.lang.Object,java.lang.Throwable)>", index: 1 }
+  - { method: "<org.apache.log4j.Logger: void error(java.lang.Object)>", index: 0 }
+  - { method: "<org.apache.log4j.Logger: void error(java.lang.Object,java.lang.Throwable)>", index: 1 }
+  - { method: "<org.apache.log4j.Logger: void fatal(java.lang.Object)>", index: 0 }
+  - { method: "<org.apache.log4j.Logger: void fatal(java.lang.Object,java.lang.Throwable)>", index: 1 }
+  - { method: "<org.apache.log4j.Logger: void info(java.lang.Object)>", index: 0 }
+  - { method: "<org.apache.log4j.Logger: void info(java.lang.Object,java.lang.Throwable)>", index: 1 }
+  - { method: "<org.apache.log4j.Logger: void l7dlog(org.apache.log4j.Priority,java.lang.String,java.lang.Object[],java.lang.Throwable)>", index: 1 }
+  - { method: "<org.apache.log4j.Logger: void l7dlog(org.apache.log4j.Priority,java.lang.String,java.lang.Object[],java.lang.Throwable)>", index: 2 }
+  - { method: "<org.apache.log4j.Logger: void l7dlog(org.apache.log4j.Priority,java.lang.String,java.lang.Throwable)>", index: 1 }
+  - { method: "<org.apache.log4j.Logger: void log(org.apache.log4j.Priority,java.lang.Object)>", index: 0 }
+  - { method: "<org.apache.log4j.Logger: void log(org.apache.log4j.Priority,java.lang.Object,java.lang.Throwable)>", index: 1 }
+  - { method: "<org.apache.log4j.Logger: void log(java.lang.String,org.apache.log4j.Priority,java.lang.Object,java.lang.Throwable)>", index: 1 }
+  - { method: "<org.apache.log4j.Logger: void log(java.lang.String,org.apache.log4j.Priority,java.lang.Object,java.lang.Throwable)>", index: 3 }
+  - { method: "<org.apache.log4j.Logger: void warn(java.lang.Object)>", index: 0 }
+  - { method: "<org.apache.log4j.Logger: void warn(java.lang.Object,java.lang.Throwable)>", index: 1 }
+  - { method: "<org.apache.log4j.Logger: void trace(java.lang.Object)>", index: 0 }
+  - { method: "<org.apache.log4j.Logger: void trace(java.lang.Object,java.lang.Throwable)>", index: 1 }
\ No newline at end of file
diff --git a/src/main/resources/taint-specification-collection/injection/sink/apache-log4j/log4j_1x/crlf/README.adoc b/src/main/resources/taint-specification-collection/injection/sink/apache-log4j/log4j_1x/crlf/README.adoc
new file mode 100644
index 000000000..c6474d293
--- /dev/null
+++ b/src/main/resources/taint-specification-collection/injection/sink/apache-log4j/log4j_1x/crlf/README.adoc
@@ -0,0 +1,12 @@
+= Description
+
+- **Overview**: 
+    Apache Log4j is a logging library for Java applications. The APIs in this directory provide various methods to log different levels of log information, including debug, info, warning, error, and fatal errors.
+
+- **Common Use Cases**:
+    These APIs are typically used to log various types of information, such as recording errors and exceptions, tracking runtime information, issuing warnings, and integrating with log auditing systems.
+
+- **Security Risks**:
+    CRLF Injection: Attackers can exploit these APIs by constructing malicious input with CRLF (Carriage Return and Line Feed) sequences to forge log messages, mislead monitoring personnel, or even affect the auditing system. Attackers can also flood logs with errors or irrelevant information, potentially damaging the log integrity.
+
+*Note*: Apache Log4j version 1.x is no longer maintained.
\ No newline at end of file
diff --git a/src/main/resources/taint-specification-collection/injection/sink/apache-log4j/log4j_2/crlf/Logger.yml b/src/main/resources/taint-specification-collection/injection/sink/apache-log4j/log4j_2/crlf/Logger.yml
new file mode 100644
index 000000000..74edb348b
--- /dev/null
+++ b/src/main/resources/taint-specification-collection/injection/sink/apache-log4j/log4j_2/crlf/Logger.yml
@@ -0,0 +1,104 @@
+sinks:
+  - { method: "<org.apache.logging.log4j.Logger: void debug(org.apache.logging.log4j.Marker,java.lang.Object)>", index: 0 }
+  - { method: "<org.apache.logging.log4j.Logger: void debug(org.apache.logging.log4j.Marker,java.lang.Object,java.lang.Throwable)>", index: 1 }
+  - { method: "<org.apache.logging.log4j.Logger: void debug(org.apache.logging.log4j.Marker,java.lang.String)>", index: 0 }
+  - { method: "<org.apache.logging.log4j.Logger: void debug(org.apache.logging.log4j.Marker,java.lang.String,java.lang.Object[])>", index: 0 }
+  - { method: "<org.apache.logging.log4j.Logger: void debug(org.apache.logging.log4j.Marker,java.lang.String,java.lang.Object[])>", index: 1 }
+  - { method: "<org.apache.logging.log4j.Logger: void debug(org.apache.logging.log4j.Marker,java.lang.String,org.apache.logging.log4j.util.Supplier)>", index: 1 }
+  - { method: "<org.apache.logging.log4j.Logger: void debug(org.apache.logging.log4j.Marker,java.lang.String,java.lang.Throwable)>", index: 1 }
+  - { method: "<org.apache.logging.log4j.Logger: void debug(java.lang.Object)>", index: 0 }
+  - { method: "<org.apache.logging.log4j.Logger: void debug(java.lang.Object,java.lang.Throwable)>", index: 1 }
+  - { method: "<org.apache.logging.log4j.Logger: void debug(java.lang.String)>", index: 0 }
+  - { method: "<org.apache.logging.log4j.Logger: void debug(java.lang.String,java.lang.Object)>", index: 0 }
+  - { method: "<org.apache.logging.log4j.Logger: void debug(java.lang.String,java.lang.Object)>", index: 1 }
+  - { method: "<org.apache.logging.log4j.Logger: void debug(java.lang.String,org.apache.logging.log4j.util.Supplier)>", index: 1 }
+  - { method: "<org.apache.logging.log4j.Logger: void debug(java.lang.String,java.lang.Throwable)>", index: 1 }
+  - { method: "<org.apache.logging.log4j.Logger: void entry(java.lang.Object[])>", index: 0 }
+  - { method: "<org.apache.logging.log4j.Logger: void error(org.apache.logging.log4j.Marker,java.lang.Object)>", index: 0 }
+  - { method: "<org.apache.logging.log4j.Logger: void error(org.apache.logging.log4j.Marker,java.lang.Object,java.lang.Throwable)>", index: 1 }
+  - { method: "<org.apache.logging.log4j.Logger: void error(org.apache.logging.log4j.Marker,java.lang.String)>", index: 0 }
+  - { method: "<org.apache.logging.log4j.Logger: void error(org.apache.logging.log4j.Marker,java.lang.String,java.lang.Object[])>", index: 0 }
+  - { method: "<org.apache.logging.log4j.Logger: void error(org.apache.logging.log4j.Marker,java.lang.String,java.lang.Object[])>", index: 1 }
+  - { method: "<org.apache.logging.log4j.Logger: void error(org.apache.logging.log4j.Marker,java.lang.String,org.apache.logging.log4j.util.Supplier)>", index: 1 }
+  - { method: "<org.apache.logging.log4j.Logger: void error(org.apache.logging.log4j.Marker,java.lang.String,java.lang.Throwable)>", index: 1 }
+  - { method: "<org.apache.logging.log4j.Logger: void error(java.lang.Object)>", index: 0 }
+  - { method: "<org.apache.logging.log4j.Logger: void error(java.lang.Object,java.lang.Throwable)>", index: 1 }
+  - { method: "<org.apache.logging.log4j.Logger: void error(java.lang.String)>", index: 0 }
+  - { method: "<org.apache.logging.log4j.Logger: void error(java.lang.String,java.lang.Object[])>", index: 0 }
+  - { method: "<org.apache.logging.log4j.Logger: void error(java.lang.String,java.lang.Object[])>", index: 1 }
+  - { method: "<org.apache.logging.log4j.Logger: void error(java.lang.String,org.apache.logging.log4j.util.Supplier)>", index: 1 }
+  - { method: "<org.apache.logging.log4j.Logger: void error(java.lang.String,java.lang.Throwable)>", index: 1 }
+  - { method: "<org.apache.logging.log4j.Logger: void fatal(org.apache.logging.log4j.Marker,java.lang.Object)>", index: 0 }
+  - { method: "<org.apache.logging.log4j.Logger: void fatal(org.apache.logging.log4j.Marker,java.lang.Object, java.lang.Throwable)>", index: 1 }
+  - { method: "<org.apache.logging.log4j.Logger: void fatal(org.apache.logging.log4j.Marker,java.lang.String)>", index: 0 }
+  - { method: "<org.apache.logging.log4j.Logger: void fatal(org.apache.logging.log4j.Marker,java.lang.String,java.lang.Object[])>", index: 0 }
+  - { method: "<org.apache.logging.log4j.Logger: void fatal(org.apache.logging.log4j.Marker,java.lang.String,java.lang.Object[])>", index: 1 }
+  - { method: "<org.apache.logging.log4j.Logger: void fatal(org.apache.logging.log4j.Marker,java.lang.String,org.apache.logging.log4j.util.Supplier)>", index: 1 }
+  - { method: "<org.apache.logging.log4j.Logger: void fatal(org.apache.logging.log4j.Marker,java.lang.String,java.lang.Throwable)>", index: 1 }
+  - { method: "<org.apache.logging.log4j.Logger: void fatal(java.lang.Object)>", index: 0 }
+  - { method: "<org.apache.logging.log4j.Logger: void fatal(java.lang.Object,java.lang.Throwable)>", index: 1 }
+  - { method: "<org.apache.logging.log4j.Logger: void fatal(java.lang.String)>", index: 0 }
+  - { method: "<org.apache.logging.log4j.Logger: void fatal(java.lang.String,java.lang.Object[])>", index: 0 }
+  - { method: "<org.apache.logging.log4j.Logger: void fatal(java.lang.String,java.lang.Object[])>", index: 1 }
+  - { method: "<org.apache.logging.log4j.Logger: void fatal(java.lang.String,org.apache.logging.log4j.util.Supplier)>", index: 1 }
+  - { method: "<org.apache.logging.log4j.Logger: void fatal(java.lang.String,java.lang.Throwable)>", index: 1 }
+  - { method: "<org.apache.logging.log4j.Logger: void info(org.apache.logging.log4j.Marker,java.lang.Object)>", index: 0 }
+  - { method: "<org.apache.logging.log4j.Logger: void info(org.apache.logging.log4j.Marker,java.lang.Object,java.lang.Throwable)>", index: 1 }
+  - { method: "<org.apache.logging.log4j.Logger: void info(org.apache.logging.log4j.Marker,java.lang.String)>", index: 0 }
+  - { method: "<org.apache.logging.log4j.Logger: void info(org.apache.logging.log4j.Marker,java.lang.String,java.lang.Object[])>", index: 0 }
+  - { method: "<org.apache.logging.log4j.Logger: void info(org.apache.logging.log4j.Marker,java.lang.String,java.lang.Object[])>", index: 1 }
+  - { method: "<org.apache.logging.log4j.Logger: void info(org.apache.logging.log4j.Marker,java.lang.String,org.apache.logging.log4j.util.Supplier)>", index: 1 }
+  - { method: "<org.apache.logging.log4j.Logger: void info(org.apache.logging.log4j.Marker,java.lang.String,java.lang.Throwable)>", index: 1 }
+  - { method: "<org.apache.logging.log4j.Logger: void info(java.lang.Object)>", index: 0 }
+  - { method: "<org.apache.logging.log4j.Logger: void info(java.lang.Object,java.lang.Throwable)>", index: 1 }
+  - { method: "<org.apache.logging.log4j.Logger: void info(java.lang.String)>", index: 0 }
+  - { method: "<org.apache.logging.log4j.Logger: void info(java.lang.String,java.lang.Object[])>", index: 0 }
+  - { method: "<org.apache.logging.log4j.Logger: void info(java.lang.String,java.lang.Object[])>", index: 1 }
+  - { method: "<org.apache.logging.log4j.Logger: void info(java.lang.String,org.apache.logging.log4j.util.Supplier)>", index: 1 }
+  - { method: "<org.apache.logging.log4j.Logger: void info(java.lang.String,java.lang.Throwable)>", index: 1 }
+  - { method: "<org.apache.logging.log4j.Logger: void log(org.apache.logging.log4j.Level,org.slf4j.Marker,java.lang.Object)>", index: 0 }
+  - { method: "<org.apache.logging.log4j.Logger: void log(org.apache.logging.log4j.Level,org.slf4j.Marker,java.lang.Object,java.lang.Throwable)>", index: 1 }
+  - { method: "<org.apache.logging.log4j.Logger: void log(org.apache.logging.log4j.Level,org.apache.logging.log4j.Marker,java.lang.String)>", index: 0 }
+  - { method: "<org.apache.logging.log4j.Logger: void log(org.apache.logging.log4j.Level,org.apache.logging.log4j.Marker,java.lang.String,java.lang.Object[])>", index: 0 }
+  - { method: "<org.apache.logging.log4j.Logger: void log(org.apache.logging.log4j.Level,org.apache.logging.log4j.Marker,java.lang.String,java.lang.Object[])>", index: 1 }
+  - { method: "<org.apache.logging.log4j.Logger: void log(org.apache.logging.log4j.Level,org.apache.logging.log4j.Marker,java.lang.String,org.apache.logging.log4j.util.Supplier)>", index: 1 }
+  - { method: "<org.apache.logging.log4j.Logger: void log(org.apache.logging.log4j.Level,org.apache.logging.log4j.Marker,java.lang.String,java.lang.Throwable)>", index: 1 }
+  - { method: "<org.apache.logging.log4j.Logger: void log(org.apache.logging.log4j.Level,java.lang.Object)>", index: 0 }
+  - { method: "<org.apache.logging.log4j.Logger: void log(org.apache.logging.log4j.Level,java.lang.Object,java.lang.Throwable)>", index: 1 }
+  - { method: "<org.apache.logging.log4j.Logger: void log(org.apache.logging.log4j.Level,java.lang.String)>", index: 0 }
+  - { method: "<org.apache.logging.log4j.Logger: void log(org.apache.logging.log4j.Level,java.lang.String,java.lang.Object[])>", index: 0 }
+  - { method: "<org.apache.logging.log4j.Logger: void log(org.apache.logging.log4j.Level,java.lang.String,java.lang.Object[])>", index: 1 }
+  - { method: "<org.apache.logging.log4j.Logger: void log(org.apache.logging.log4j.Level,java.lang.String,org.apache.logging.log4j.util.Supplier)>", index: 1 }
+  - { method: "<org.apache.logging.log4j.Logger: void log(org.apache.logging.log4j.Level,java.lang.String,java.lang.Throwable)>", index: 1 }
+  - { method: "<org.apache.logging.log4j.Logger: void printf(org.apache.logging.log4j.Level,org.apache.logging.log4j.Marker, java.lang.String, java.lang.Object[])>", index: 0 }
+  - { method: "<org.apache.logging.log4j.Logger: void printf(org.apache.logging.log4j.Level,org.apache.logging.log4j.Marker, java.lang.String, java.lang.Object[])>", index: 1 }
+  - { method: "<org.apache.logging.log4j.Logger: void printf(org.apache.logging.log4j.Level,java.lang.String,java.lang.Object[])>", index: 0 }
+  - { method: "<org.apache.logging.log4j.Logger: void printf(org.apache.logging.log4j.Level,java.lang.String,java.lang.Object[])>", index: 1 }
+  - { method: "<org.apache.logging.log4j.Logger: void trace(org.apache.logging.log4j.Marker,java.lang.Object)>", index: 0 }
+  - { method: "<org.apache.logging.log4j.Logger: void trace(org.apache.logging.log4j.Marker,java.lang.Object,java.lang.Throwable)>", index: 1 }
+  - { method: "<org.apache.logging.log4j.Logger: void trace(org.apache.logging.log4j.Marker,java.lang.String)>", index: 0 }
+  - { method: "<org.apache.logging.log4j.Logger: void trace(org.apache.logging.log4j.Marker,java.lang.String,java.lang.Object[])>", index: 0 }
+  - { method: "<org.apache.logging.log4j.Logger: void trace(org.apache.logging.log4j.Marker,java.lang.String,java.lang.Object[])>", index: 1 }
+  - { method: "<org.apache.logging.log4j.Logger: void trace(org.apache.logging.log4j.Marker,java.lang.String,org.apache.logging.log4j.util.Supplier)>", index: 1 }
+  - { method: "<org.apache.logging.log4j.Logger: void trace(org.apache.logging.log4j.Marker,java.lang.String,java.lang.Throwable)>", index: 1 }
+  - { method: "<org.apache.logging.log4j.Logger: void trace(java.lang.Object)>", index: 0 }
+  - { method: "<org.apache.logging.log4j.Logger: void trace(java.lang.Object,java.lang.Throwable)>", index: 1 }
+  - { method: "<org.apache.logging.log4j.Logger: void trace(java.lang.String)>", index: 0 }
+  - { method: "<org.apache.logging.log4j.Logger: void trace(java.lang.String,java.lang.Object[])>", index: 0 }
+  - { method: "<org.apache.logging.log4j.Logger: void trace(java.lang.String,java.lang.Object[])>", index: 1 }
+  - { method: "<org.apache.logging.log4j.Logger: void trace(java.lang.String,org.apache.logging.log4j.util.Supplier)>", index: 1 }
+  - { method: "<org.apache.logging.log4j.Logger: void trace(java.lang.String,java.lang.Throwable)>", index: 1 }
+  - { method: "<org.apache.logging.log4j.Logger: void warn(org.apache.logging.log4j.Marker,java.lang.Object)>", index: 0 }
+  - { method: "<org.apache.logging.log4j.Logger: void warn(org.apache.logging.log4j.Marker,java.lang.Object,java.lang.Throwable)>", index: 1 }
+  - { method: "<org.apache.logging.log4j.Logger: void warn(org.apache.logging.log4j.Marker,java.lang.String)>", index: 0 }
+  - { method: "<org.apache.logging.log4j.Logger: void warn(org.apache.logging.log4j.Marker,java.lang.String,java.lang.Object[])>", index: 0 }
+  - { method: "<org.apache.logging.log4j.Logger: void warn(org.apache.logging.log4j.Marker,java.lang.String,java.lang.Object[])>", index: 1 }
+  - { method: "<org.apache.logging.log4j.Logger: void warn(org.apache.logging.log4j.Marker,java.lang.String,org.apache.logging.log4j.util.Supplier)>", index: 1 }
+  - { method: "<org.apache.logging.log4j.Logger: void warn(org.apache.logging.log4j.Marker,java.lang.String,java.lang.Throwable)>", index: 1 }
+  - { method: "<org.apache.logging.log4j.Logger: void warn(java.lang.Object)>", index: 0 }
+  - { method: "<org.apache.logging.log4j.Logger: void warn(java.lang.Object,java.lang.Throwable)>", index: 1 }
+  - { method: "<org.apache.logging.log4j.Logger: void warn(java.lang.String)>", index: 0 }
+  - { method: "<org.apache.logging.log4j.Logger: void warn(java.lang.String,java.lang.Object[])>", index: 0 }
+  - { method: "<org.apache.logging.log4j.Logger: void warn(java.lang.String,java.lang.Object[])>", index: 1 }
+  - { method: "<org.apache.logging.log4j.Logger: void warn(java.lang.String,org.apache.logging.log4j.util.Supplier)>", index: 1 }
+  - { method: "<org.apache.logging.log4j.Logger: void warn(java.lang.String,java.lang.Throwable)>", index: 1 }
diff --git a/src/main/resources/taint-specification-collection/injection/sink/apache-log4j/log4j_2/crlf/README.adoc b/src/main/resources/taint-specification-collection/injection/sink/apache-log4j/log4j_2/crlf/README.adoc
new file mode 100644
index 000000000..eeff6ec37
--- /dev/null
+++ b/src/main/resources/taint-specification-collection/injection/sink/apache-log4j/log4j_2/crlf/README.adoc
@@ -0,0 +1,11 @@
+= Description
+
+- **Overview**: 
+    Apache Log4j is a logging library for Java applications. The APIs in this directory offer various methods to log different levels of information, including debug, info, warning, error, and fatal errors.
+
+- **Common Use Cases**:
+    These APIs are commonly used for logging various types of information, such as recording errors and exceptions, tracking runtime information, issuing warnings, and integrating with log auditing systems.
+
+- **Security Risks**:
+    CRLF Injection: Attackers can exploit these APIs by crafting malicious input containing CRLF (Carriage Return and Line Feed) sequences to forge log entries, mislead monitoring personnel, and even affect auditing systems. Additionally, attackers can flood logs with excessive errors or irrelevant information, potentially corrupting the log data.
+
diff --git a/src/main/resources/taint-specification-collection/injection/sink/apache-santuario-xml-security/xpath/RAEDME.adoc b/src/main/resources/taint-specification-collection/injection/sink/apache-santuario-xml-security/xpath/RAEDME.adoc
new file mode 100644
index 000000000..5c0618ac7
--- /dev/null
+++ b/src/main/resources/taint-specification-collection/injection/sink/apache-santuario-xml-security/xpath/RAEDME.adoc
@@ -0,0 +1,11 @@
+= Description
+
+- **Overview**: 
+    The Apache XML Security API provides functionality for processing XPath expressions within XML documents. This primarily involves two classes: `XPathAPI` and `JDKXPathAPI`, which are used to evaluate XPath expressions and select node lists within XML documents.
+
+- **Common Use Cases**:
+    These APIs are commonly used to parse and execute XPath expressions, returning corresponding results based on the content of XML documents.
+
+- **Security Risks**:
+    XPath Injection: Similar to SQL injection attacks, attackers can craft malicious XPath expressions to gain insights into the structure of XML data or access data that is normally restricted. If the XML data is used for user authentication, attackers could even escalate their privileges.
+
diff --git a/src/main/resources/taint-specification-collection/injection/sink/apache-santuario-xml-security/xpath/xpath.yml b/src/main/resources/taint-specification-collection/injection/sink/apache-santuario-xml-security/xpath/xpath.yml
new file mode 100644
index 000000000..24d9fcbcd
--- /dev/null
+++ b/src/main/resources/taint-specification-collection/injection/sink/apache-santuario-xml-security/xpath/xpath.yml
@@ -0,0 +1,5 @@
+sinks:
+  - { method: "<org.apache.xml.security.utils.XPathAPI: boolean evaluate(org.w3c.dom.Node,org.w3c.dom.Node,java.lang.String,org.w3c.dom.Node)>", index: 1 }
+  - { method: "<org.apache.xml.security.utils.XPathAPI: org.w3c.dom.NodeList selectNodeList(org.w3c.dom.Node,org.w3c.dom.Node,java.lang.String,org.w3c.dom.Node)>", index: 1 }
+  - { method: "<org.apache.xml.security.utils.JDKXPathAPI: boolean evaluate(org.w3c.dom.Node,org.w3c.dom.Node,java.lang.String,org.w3c.dom.Node)>", index: 1 }
+  - { method: "<org.apache.xml.security.utils.JDKXPathAPI: org.w3c.dom.NodeList selectNodeList(org.w3c.dom.Node,org.w3c.dom.Node,java.lang.String,org.w3c.dom.Node)>", index: 1 }
diff --git a/src/main/resources/taint-specification-collection/injection/sink/apache-struts/file-disclosure/README.adoc b/src/main/resources/taint-specification-collection/injection/sink/apache-struts/file-disclosure/README.adoc
new file mode 100644
index 000000000..0ab4da0d9
--- /dev/null
+++ b/src/main/resources/taint-specification-collection/injection/sink/apache-struts/file-disclosure/README.adoc
@@ -0,0 +1,11 @@
+= Description
+
+- **Overview**: 
+    These APIs are methods from the Apache Struts framework, used for creating and manipulating `ActionForward` objects. `ActionForward` is a class in Apache Struts used to specify the forwarding path for a request.
+
+- **Common Use Cases**:
+    These APIs are commonly used to create and manipulate `ActionForward` objects, specifying forwarding paths and determining whether a redirect is needed.
+
+- **Security Risks**:
+    File Disclosure: Once an attacker can control the creation of `ActionForward` objects, they can craft malicious requests to modify the forwarding path, potentially gaining access to sensitive files such as configuration files, application class files, or JAR files.
+
diff --git a/src/main/resources/taint-specification-collection/injection/sink/apache-struts/file-disclosure/struts-file-disclosure.yml b/src/main/resources/taint-specification-collection/injection/sink/apache-struts/file-disclosure/struts-file-disclosure.yml
new file mode 100644
index 000000000..dbc8e5999
--- /dev/null
+++ b/src/main/resources/taint-specification-collection/injection/sink/apache-struts/file-disclosure/struts-file-disclosure.yml
@@ -0,0 +1,6 @@
+sinks:
+  - { method: "<org.apache.struts.action.ActionForward: void <init>(java.lang.String)>", index: 0 }
+  - { method: "<org.apache.struts.action.ActionForward: void <init>(java.lang.String,boolean)>", index: 1 }
+  - { method: "<org.apache.struts.action.ActionForward: void <init>(java.lang.String,java.lang.String,boolean)>", index: 1 }
+  - { method: "<org.apache.struts.action.ActionForward: void <init>(java.lang.String,java.lang.String,boolean,boolean)>", index: 2 }
+  - { method: "<org.apache.struts.action.ActionForward: void setPath(java.lang.String)>", index: 0 }
diff --git a/src/main/resources/taint-specification-collection/injection/sink/apache-struts/ognl-injection/OgnlUtil.yml b/src/main/resources/taint-specification-collection/injection/sink/apache-struts/ognl-injection/OgnlUtil.yml
new file mode 100644
index 000000000..59f99b6ef
--- /dev/null
+++ b/src/main/resources/taint-specification-collection/injection/sink/apache-struts/ognl-injection/OgnlUtil.yml
@@ -0,0 +1,20 @@
+sink:
+  - { method: "<com.opensymphony.xwork2.util.TextParser: java.lang.Object evaluate(char[],java.lang.String,com.opensymphony.xwork2.util.TextParseUtil$ParsedValueEvaluator,int)>", index: 2 }
+  - { method: "<com.opensymphony.xwork2.util.OgnlTextParser: java.lang.Object evaluate(char[],java.lang.String,com.opensymphony.xwork2.util.TextParseUtil$ParsedValueEvaluator,int)>", index: 2 }
+
+  - { method: "<com.opensymphony.xwork2.ognl.OgnlUtil: void setProperties(java.util.Map,java.lang.Object,java.util.Map)>", index: 2 }
+  - { method: "<com.opensymphony.xwork2.ognl.OgnlUtil: void setProperties(java.util.Map,java.lang.Object,java.util.Map,boolean)>", index: 3 }
+  - { method: "<com.opensymphony.xwork2.ognl.OgnlUtil: void setProperties(java.util.Map,java.lang.Object)>", index: 1 }
+  - { method: "<com.opensymphony.xwork2.ognl.OgnlUtil: void setProperties(java.util.Map,java.lang.Object,boolean)>", index: 2 }
+  - { method: "<com.opensymphony.xwork2.ognl.OgnlUtil: void setProperty(java.lang.String,java.lang.Object,java.lang.Object,java.util.Map)>", index: 3 }
+  - { method: "<com.opensymphony.xwork2.ognl.OgnlUtil: void setProperty(java.lang.String,java.lang.Object,java.lang.Object,java.util.Map,boolean)>", index: 4 }
+  - { method: "<com.opensymphony.xwork2.ognl.OgnlUtil: void setValue(java.lang.String,java.util.Map,java.lang.Object,java.lang.Object)>", index: 3 }
+  - { method: "<com.opensymphony.xwork2.ognl.OgnlUtil: java.lang.Object getValue(java.lang.String,java.util.Map,java.lang.Object)>", index: 2 }
+  - { method: "<com.opensymphony.xwork2.ognl.OgnlUtil: java.lang.Object callMethod(java.lang.String,java.util.Map,java.lang.Object)>", index: 2 }
+  - { method: "<com.opensymphony.xwork2.ognl.OgnlUtil: java.lang.Object getValue(java.lang.String,java.util.Map,java.lang.Object,java.lang.Class)>", index: 3 }
+
+  - { method: "<com.opensymphony.xwork2.ognl.OgnlUtil: java.lang.Object compile(java.lang.String)>", index: 0 }
+  - { method: "<com.opensymphony.xwork2.ognl.OgnlUtil: java.lang.Object compileAndExecute(java.lang.String,java.util.Map,com.opensymphony.xwork2.ognl.OgnlTask)>", index: 2 }
+  - { method: "<com.opensymphony.xwork2.ognl.OgnlUtil: java.lang.Object compileAndExecuteMethod(java.lang.String,java.util.Map,com.opensymphony.xwork2.ognl.OgnlTask)>", index: 2 }
+  - { method: "<com.opensymphony.xwork2.ognl.OgnlUtil: java.lang.Object compile(java.lang.String,java.util.Map)>", index: 1 }
+
diff --git a/src/main/resources/taint-specification-collection/injection/sink/apache-struts/ognl-injection/README.adoc b/src/main/resources/taint-specification-collection/injection/sink/apache-struts/ognl-injection/README.adoc
new file mode 100644
index 000000000..61a524b27
--- /dev/null
+++ b/src/main/resources/taint-specification-collection/injection/sink/apache-struts/ognl-injection/README.adoc
@@ -0,0 +1,11 @@
+= Description
+
+- **Overview**: 
+    OGNL (Object-Graph Navigation Language) is a language designed to provide a higher-level syntax for navigating Java object graphs. 
+    OGNL can access static methods, properties, and object methods, including classes such as `java.lang.Runtime` that can perform malicious actions like command execution. When OGNL expressions are externally controllable, attackers can craft malicious OGNL expressions to make the program perform malicious operations, which is the basis of the OGNL injection vulnerability.
+
+- **Common Use Cases**:
+    These APIs are commonly used to parse and execute OGNL expressions, replace variables in text, and set class member variables and methods.
+
+- **Security Risks**:
+    Remote Command Execution: When OGNL expressions are externally controllable, attackers can craft OGNL expressions to trigger reverse shells, execute system commands, and perform other malicious actions.
diff --git a/src/main/resources/taint-specification-collection/injection/sink/apache-struts/ognl-injection/TextParseUtil.yml b/src/main/resources/taint-specification-collection/injection/sink/apache-struts/ognl-injection/TextParseUtil.yml
new file mode 100644
index 000000000..a237c823e
--- /dev/null
+++ b/src/main/resources/taint-specification-collection/injection/sink/apache-struts/ognl-injection/TextParseUtil.yml
@@ -0,0 +1,13 @@
+sink:
+  - { method: "<com.opensymphony.xwork2.util.TextParseUtil: java.lang.String translateVariables(java.lang.String,com.opensymphony.xwork2.util.ValueStack)>", index: 1 }
+  - { method: "<com.opensymphony.xwork2.util.TextParseUtil: java.lang.String translateVariables(java.lang.String,com.opensymphony.xwork2.util.ValueStack,com.opensymphony.xwork2.util.TextParseUtil$ParsedValueEvaluator)>", index: 2 }
+  - { method: "<com.opensymphony.xwork2.util.TextParseUtil: java.lang.String translateVariables(char,java.lang.String,com.opensymphony.xwork2.util.ValueStack)>", index: 1 }
+  - { method: "<com.opensymphony.xwork2.util.TextParseUtil: java.lang.Object translateVariables(char,java.lang.String,com.opensymphony.xwork2.util.ValueStack,java.lang.Class)>", index: 2 }
+  - { method: "<com.opensymphony.xwork2.util.TextParseUtil: java.lang.Object translateVariables(char,java.lang.String,com.opensymphony.xwork2.util.ValueStack,java.lang.Class,com.opensymphony.xwork2.util.TextParseUtil$ParsedValueEvaluator)>", index: 3 }
+  - { method: "<com.opensymphony.xwork2.util.TextParseUtil: java.lang.Object translateVariables(char[],java.lang.String,com.opensymphony.xwork2.util.ValueStack,java.lang.Class,com.opensymphony.xwork2.util.TextParseUtil$ParsedValueEvaluator)>", index: 3 }
+  - { method: "<com.opensymphony.xwork2.util.TextParseUtil: java.lang.Object translateVariables(char,java.lang.String,com.opensymphony.xwork2.util.ValueStack,java.lang.Class,com.opensymphony.xwork2.util.TextParseUtil$ParsedValueEvaluator,int)>", index: 4 }
+  - { method: "<com.opensymphony.xwork2.util.TextParseUtil: java.lang.Object translateVariables(char[],java.lang.String,com.opensymphony.xwork2.util.ValueStack,java.lang.Class,com.opensymphony.xwork2.util.TextParseUtil$ParsedValueEvaluator,int)>", index: 4 }
+  - { method: "<com.opensymphony.xwork2.util.TextParseUtil: com.opensymphony.xwork2.util.Collection translateVariablesCollection(java.lang.String,com.opensymphony.xwork2.util.ValueStack,boolean,com.opensymphony.xwork2.util.TextParseUtil$ParsedValueEvaluator)>", index: 3 }
+  - { method: "<com.opensymphony.xwork2.util.TextParseUtil: com.opensymphony.xwork2.util.Collection translateVariablesCollection(char[],java.lang.String,com.opensymphony.xwork2.util.ValueStack,boolean,com.opensymphony.xwork2.util.TextParseUtil$ParsedValueEvaluator,int)>", index: 4 }
+  - { method: "<com.opensymphony.xwork2.util.TextParseUtil: boolean shallBeIncluded(java.lang.String,boolean)>", index: 1 }
+  - { method: "<com.opensymphony.xwork2.util.TextParseUtil: com.opensymphony.xwork2.util.Set commaDelimitedStringToSet(java.lang.String)>", index: 0 }
\ No newline at end of file
diff --git a/src/main/resources/taint-specification-collection/injection/sink/apache-struts/ognl-injection/reflection-relative.yml b/src/main/resources/taint-specification-collection/injection/sink/apache-struts/ognl-injection/reflection-relative.yml
new file mode 100644
index 000000000..3b5b1f075
--- /dev/null
+++ b/src/main/resources/taint-specification-collection/injection/sink/apache-struts/ognl-injection/reflection-relative.yml
@@ -0,0 +1,29 @@
+sinks:
+  - { method: "<com.opensymphony.xwork2.ognl.OgnlReflectionProvider: java.lang.reflect.Method getGetMethod(java.lang.Class,java.lang.String)>", index: 0 }
+  - { method: "<com.opensymphony.xwork2.ognl.OgnlReflectionProvider: java.lang.reflect.Method getSetMethod(java.lang.Class,java.lang.String)>", index: 0 }
+  - { method: "<com.opensymphony.xwork2.ognl.OgnlReflectionProvider: java.lang.reflect.Field getField(java.lang.Class,java.lang.String)>", index: 0 }
+  - { method: "<com.opensymphony.xwork2.ognl.OgnlReflectionProvider: void setProperties(java.util.Map,java.lang.Object,java.util.Map)>", index: 2 }
+  - { method: "<com.opensymphony.xwork2.ognl.OgnlReflectionProvider: void setProperties(java.util.Map,java.lang.Object,java.util.Map,boolean)>", index: 3 }
+  - { method: "<com.opensymphony.xwork2.ognl.OgnlReflectionProvider: void setProperties(java.util.Map,java.lang.Object)>", index: 1 }
+  - { method: "<com.opensymphony.xwork2.ognl.OgnlReflectionProvider: java.beans.PropertyDescriptor getPropertyDescriptor(java.lang.Class,java.lang.String)>", index: 0 }
+  - { method: "<com.opensymphony.xwork2.ognl.OgnlReflectionProvider: java.lang.Object getRealTarget(java.lang.String,java.util.Map,java.lang.Object)>", index: 2 }
+  - { method: "<com.opensymphony.xwork2.ognl.OgnlReflectionProvider: void setProperty(java.lang.String,java.lang.Object,java.lang.Object,java.util.Map)>", index: 3 }
+  - { method: "<com.opensymphony.xwork2.ognl.OgnlReflectionProvider: void setProperty(java.lang.String,java.lang.Object,java.lang.Object,java.util.Map,boolean)>", index: 4 }
+  - { method: "<com.opensymphony.xwork2.ognl.OgnlReflectionProvider: java.lang.Object getValue(java.lang.String,java.util.Map,java.lang.Object)>", index: 2 }
+  - { method: "<com.opensymphony.xwork2.ognl.OgnlReflectionProvider: void setValue(java.lang.String,java.util.Map,java.lang.Object,java.lang.Object)>", index: 3 }
+
+  - { method: "<com.opensymphony.xwork2.util.reflection.ReflectionProvider: java.lang.reflect.Method getGetMethod(java.lang.Class,java.lang.String)>", index: 0 }
+  - { method: "<com.opensymphony.xwork2.util.reflection.ReflectionProvider: java.lang.reflect.Method getSetMethod(java.lang.Class,java.lang.String)>", index: 0 }
+  - { method: "<com.opensymphony.xwork2.util.reflection.ReflectionProvider: java.lang.reflect.Field getField(java.lang.Class,java.lang.String)>", index: 0 }
+  - { method: "<com.opensymphony.xwork2.util.reflection.ReflectionProvider: void setProperties(java.util.Map,java.lang.Object,java.util.Map)>", index: 2 }
+  - { method: "<com.opensymphony.xwork2.util.reflection.ReflectionProvider: void setProperties(java.util.Map,java.lang.Object,java.util.Map,boolean)>", index: 3 }
+  - { method: "<com.opensymphony.xwork2.util.reflection.ReflectionProvider: void setProperties(java.util.Map,java.lang.Object)>", index: 1 }
+  - { method: "<com.opensymphony.xwork2.util.reflection.ReflectionProvider: java.beans.PropertyDescriptor getPropertyDescriptor(java.lang.Class,java.lang.String)>", index: 0 }
+  - { method: "<com.opensymphony.xwork2.util.reflection.ReflectionProvider: void copy(java.lang.Object,java.lang.Object,java.util.Map,java.util.Collection,java.util.Collection)>", index: 4 }
+  - { method: "<com.opensymphony.xwork2.util.reflection.ReflectionProvider: java.lang.Object getRealTarget(java.lang.String,java.util.Map,java.lang.Object)>", index: 2 }
+  - { method: "<com.opensymphony.xwork2.util.reflection.ReflectionProvider: void setProperty(java.lang.String,java.lang.Object,java.lang.Object,java.util.Map,boolean)>", index: 4 }
+  - { method: "<com.opensymphony.xwork2.util.reflection.ReflectionProvider: void setProperty(java.lang.String,java.lang.Object,java.lang.Object,java.util.Map)>", index: 3 }
+  - { method: "<com.opensymphony.xwork2.util.reflection.ReflectionProvider: java.util.Map getBeanMap(com.opensymphony.xwork2.util.reflection.Object)>", index: 0 }
+  - { method: "<com.opensymphony.xwork2.util.reflection.ReflectionProvider: java.lang.Object getValue(java.lang.String,java.util.Map,java.lang.Object)>", index: 2 }
+  - { method: "<com.opensymphony.xwork2.util.reflection.ReflectionProvider: void setValue(java.lang.String,java.util.Map,java.lang.Object,java.lang.Object)>", index: 3 }
+  - { method: "<com.opensymphony.xwork2.util.reflection.ReflectionProvider: java.beans.PropertyDescriptor[] getPropertyDescriptors(java.lang.Object)>", index: 0 }
\ No newline at end of file
diff --git a/src/main/resources/taint-specification-collection/injection/sink/apache-struts/other/other.yml b/src/main/resources/taint-specification-collection/injection/sink/apache-struts/other/other.yml
new file mode 100644
index 000000000..2f3000870
--- /dev/null
+++ b/src/main/resources/taint-specification-collection/injection/sink/apache-struts/other/other.yml
@@ -0,0 +1,25 @@
+sinks:
+  - { method: "<org.apache.struts2.util.VelocityStrutsUtil: java.lang.String evaluate(java.lang.String)>", index: 0 }
+  - { method: "<org.apache.struts2.util.StrutsUtil: org.apache.struts2.util.Object bean(org.apache.struts2.util.Object)>", index: 0 }
+  - { method: "<org.apache.struts2.util.StrutsUtil: boolean isTrue(java.lang.String)>", index: 0 }
+  - { method: "<org.apache.struts2.util.StrutsUtil: org.apache.struts2.util.Object findString(java.lang.String)>", index: 0 }
+  - { method: "<org.apache.struts2.util.StrutsUtil: java.lang.String include(org.apache.struts2.util.Object)>", index: 0 }
+  - { method: "<org.apache.struts2.util.StrutsUtil: java.lang.String urlEncode(java.lang.String)>", index: 0 }
+  - { method: "<org.apache.struts2.util.StrutsUtil: org.apache.struts2.util.Object findValue(java.lang.String,java.lang.String)>", index: 1 }
+  - { method: "<org.apache.struts2.util.StrutsUtil: java.lang.String getText(java.lang.String)>", index: 0 }
+  - { method: "<org.apache.struts2.util.StrutsUtil: java.lang.String translateVariables(java.lang.String)>", index: 0 }
+  - { method: "<org.apache.struts2.util.StrutsUtil: org.apache.struts2.util.List makeSelectList(java.lang.String,java.lang.String,java.lang.String,java.lang.String)>", index: 0 }
+  - { method: "<org.apache.struts2.util.StrutsUtil: org.apache.struts2.util.List makeSelectList(java.lang.String,java.lang.String,java.lang.String,java.lang.String)>", index: 1 }
+  - { method: "<org.apache.struts2.util.StrutsUtil: org.apache.struts2.util.List makeSelectList(java.lang.String,java.lang.String,java.lang.String,java.lang.String)>", index: 2 }
+  - { method: "<org.apache.struts2.util.StrutsUtil: org.apache.struts2.util.List makeSelectList(java.lang.String,java.lang.String,java.lang.String,java.lang.String)>", index: 3 }
+  - { method: "<org.apache.struts2.views.jsp.ui.OgnlTool: org.apache.struts2.views.jsp.ui.Object findValue(java.lang.String,org.apache.struts2.views.jsp.ui.Object)>", index: 1 }
+
+  - { method: "<com.opensymphony.xwork2.util.ValueStack: java.lang.String findString(java.lang.String)>", index: 0 }
+  - { method: "<com.opensymphony.xwork2.util.ValueStack: java.lang.String findString(java.lang.String,boolean)>", index: 1 }
+  - { method: "<com.opensymphony.xwork2.util.ValueStack: java.lang.Object findValue(java.lang.String)>", index: 0 }
+  - { method: "<com.opensymphony.xwork2.util.ValueStack: java.lang.Object findValue(java.lang.String,boolean)>", index: 1 }
+  - { method: "<com.opensymphony.xwork2.util.ValueStack: java.lang.Object findValue(java.lang.String,java.lang.Class)>", index: 1 }
+  - { method: "<com.opensymphony.xwork2.util.ValueStack: java.lang.Object findValue(java.lang.String,java.lang.Class,boolean)>", index: 2 }
+  - { method: "<com.opensymphony.xwork2.util.ValueStack: void setValue(java.lang.String,java.lang.Object)>", index: 1 }
+  - { method: "<com.opensymphony.xwork2.util.ValueStack: void setValue(java.lang.String,java.lang.Object,boolean)>", index: 2 }
+  - { method: "<com.opensymphony.xwork2.util.ValueStack: void setParameter(java.lang.String,java.lang.Object)>", index: 1 }
\ No newline at end of file
diff --git a/src/main/resources/taint-specification-collection/injection/sink/apache-turbine/sql-injection/README.adoc b/src/main/resources/taint-specification-collection/injection/sink/apache-turbine/sql-injection/README.adoc
new file mode 100644
index 000000000..1c57cea19
--- /dev/null
+++ b/src/main/resources/taint-specification-collection/injection/sink/apache-turbine/sql-injection/README.adoc
@@ -0,0 +1,10 @@
+= Description
+
+- **Overview**: 
+    The APIs in this directory provide multiple ways to execute SQL queries and return results. These methods are used to interact with databases by executing SQL queries to retrieve data.
+
+- **Common Use Cases**:
+    These APIs are commonly used for handling user-input data queries and executing SQL statements. Users typically have some level of control over the parameters.
+
+- **Security Risks**:
+    SQL Injection: Attackers can exploit these APIs by crafting malicious input to inject SQL commands, allowing them to manipulate the database.
diff --git a/src/main/resources/taint-specification-collection/injection/sink/apache-turbine/sql-injection/sql-turbine.yml b/src/main/resources/taint-specification-collection/injection/sink/apache-turbine/sql-injection/sql-turbine.yml
new file mode 100644
index 000000000..b0dc213d0
--- /dev/null
+++ b/src/main/resources/taint-specification-collection/injection/sink/apache-turbine/sql-injection/sql-turbine.yml
@@ -0,0 +1,14 @@
+sinks:
+  - { method: "<org.apache.turbine.om.peer.BasePeer: java.util.Vector executeQuery(java.lang.String)>", index: 0 }
+  - { method: "<org.apache.turbine.om.peer.BasePeer: java.util.Vector executeQuery(java.lang.String,java.lang.String)>", index: 1 }
+  - { method: "<org.apache.turbine.om.peer.BasePeer: java.util.Vector executeQuery(java.lang.String,java.lang.String,boolean)>", index: 2 }
+  - { method: "<org.apache.turbine.om.peer.BasePeer: java.util.Vector executeQuery(java.lang.String,boolean,org.apache.turbine.util.db.pool.DBConnection)>", index: 2 }
+  - { method: "<org.apache.turbine.om.peer.BasePeer: java.util.Vector executeQuery(java.lang.String,int,int,boolean,org.apache.turbine.util.db.pool.DBConnection)>", index: 4 }
+  - { method: "<org.apache.turbine.om.peer.BasePeer: java.util.Vector executeQuery(java.lang.String,int,int,java.lang.String,boolean)>", index: 4 }
+
+  - { method: "<org.apache.torque.util.BasePeer: java.util.Vector executeQuery(java.lang.String)>", index: 0 }
+  - { method: "<org.apache.torque.util.BasePeer: java.util.Vector executeQuery(java.lang.String,java.lang.String)>", index: 1 }
+  - { method: "<org.apache.torque.util.BasePeer: java.util.Vector executeQuery(java.lang.String,java.lang.String,boolean)>", index: 2 }
+  - { method: "<org.apache.torque.util.BasePeer: java.util.Vector executeQuery(java.lang.String,boolean,org.apache.turbine.util.db.pool.DBConnection)>", index: 2 }
+  - { method: "<org.apache.torque.util.BasePeer: java.util.Vector executeQuery(java.lang.String,int,int,boolean,org.apache.turbine.util.db.pool.DBConnection)>", index: 4 }
+  - { method: "<org.apache.torque.util.BasePeer: java.util.Vector executeQuery(java.lang.String,int,int,java.lang.String,boolean)>", index: 4 }
diff --git a/src/main/resources/taint-specification-collection/injection/sink/apahce-commons/beanutils2/attribute-injection/README.adoc b/src/main/resources/taint-specification-collection/injection/sink/apahce-commons/beanutils2/attribute-injection/README.adoc
new file mode 100644
index 000000000..81f5ad374
--- /dev/null
+++ b/src/main/resources/taint-specification-collection/injection/sink/apahce-commons/beanutils2/attribute-injection/README.adoc
@@ -0,0 +1,10 @@
+= Description
+
+- **Overview**: 
+    Apache Commons BeanUtils provides a set of utility methods for manipulating Java Beans. The APIs in this directory can be used for common tasks such as property copying, property setting, and object population.
+
+- **Common Use Cases**:
+    These APIs are commonly used for copying, populating, and setting properties of Java Bean objects.
+
+- **Security Risks**:
+    Property Injection: If an attacker gains control over the objects being populated or the property names being set, they can inject unexpected and malicious property values, leading to property injection vulnerabilities.
diff --git a/src/main/resources/taint-specification-collection/injection/sink/apahce-commons/beanutils2/attribute-injection/beans.yml b/src/main/resources/taint-specification-collection/injection/sink/apahce-commons/beanutils2/attribute-injection/beans.yml
new file mode 100644
index 000000000..f4d465d4f
--- /dev/null
+++ b/src/main/resources/taint-specification-collection/injection/sink/apahce-commons/beanutils2/attribute-injection/beans.yml
@@ -0,0 +1,14 @@
+sinks:
+  - { method: "<org.apache.commons.beanutils2.BeanUtils: void copyProperties(java.lang.Object,java.lang.Object)>", index: 0 }
+  - { method: "<org.apache.commons.beanutils2.BeanUtils: void copyProperty(java.lang.Object,java.lang.String,java.lang.Object)>", index: 0 }
+  - { method: "<org.apache.commons.beanutils2.BeanUtils: void copyProperty(java.lang.Object,java.lang.String,java.lang.Object)>", index: 1 }
+  - { method: "<org.apache.commons.beanutils2.BeanUtils: void populate(java.lang.Object,java.util.Map)>", index: 0 }
+  - { method: "<org.apache.commons.beanutils2.BeanUtils: void setProperty(java.lang.Object,java.lang.String,java.lang.Object)>", index: 0 }
+  - { method: "<org.apache.commons.beanutils2.BeanUtils: void setProperty(java.lang.Object,java.lang.String,java.lang.Object)>", index: 1 }
+
+  - { method: "<org.apache.commons.beanutils2.BeanUtilsBean: void copyProperties(java.lang.Object,java.lang.Object)>", index: 0 }
+  - { method: "<org.apache.commons.beanutils2.BeanUtilsBean: void copyProperty(java.lang.Object,java.lang.String,java.lang.Object)>", index: 0 }
+  - { method: "<org.apache.commons.beanutils2.BeanUtilsBean: void copyProperty(java.lang.Object,java.lang.String,java.lang.Object)>", index: 1 }
+  - { method: "<org.apache.commons.beanutils2.BeanUtilsBean: void populate(java.lang.Object,java.util.Map)>", index: 0 }
+  - { method: "<org.apache.commons.beanutils2.BeanUtilsBean: void setProperty(java.lang.Object,java.lang.String,java.lang.Object)>", index: 0 }
+  - { method: "<org.apache.commons.beanutils2.BeanUtilsBean: void setProperty(java.lang.Object,java.lang.String,java.lang.Object)>", index: 1 }
\ No newline at end of file
diff --git a/src/main/resources/taint-specification-collection/injection/sink/apahce-commons/logging/crlf/README.adoc b/src/main/resources/taint-specification-collection/injection/sink/apahce-commons/logging/crlf/README.adoc
new file mode 100644
index 000000000..5ba66c731
--- /dev/null
+++ b/src/main/resources/taint-specification-collection/injection/sink/apahce-commons/logging/crlf/README.adoc
@@ -0,0 +1,10 @@
+= Description
+
+- **Overview**: 
+    The APIs in this directory are interfaces from the Apache Commons Logging library, used for logging. They provide various methods to log different levels of information, including debug, info, warning, and error.
+
+- **Common Use Cases**:
+    These APIs are commonly used to log various types of information, such as recording errors and exceptions, tracking runtime information, issuing warnings, and integrating with log auditing systems.
+
+- **Security Risks**:
+    CRLF Injection: Attackers can exploit these APIs by crafting malicious input containing CRLF (Carriage Return and Line Feed) sequences to forge log entries, mislead monitoring personnel, and even affect auditing systems. Additionally, attackers can flood logs with excessive errors or irrelevant information, potentially corrupting the log data.
diff --git a/src/main/resources/taint-specification-collection/injection/sink/apahce-commons/logging/crlf/crlf-logs.yml b/src/main/resources/taint-specification-collection/injection/sink/apahce-commons/logging/crlf/crlf-logs.yml
new file mode 100644
index 000000000..cfc98acc8
--- /dev/null
+++ b/src/main/resources/taint-specification-collection/injection/sink/apahce-commons/logging/crlf/crlf-logs.yml
@@ -0,0 +1,13 @@
+sinks:
+  - { method: "<org.apache.commons.logging.Log: void debug(java.lang.Object)>", index: 0 }
+  - { method: "<org.apache.commons.logging.Log: void debug(java.lang.Object,java.lang.Throwable)>", index: 1 }
+  - { method: "<org.apache.commons.logging.Log: void error(java.lang.Object)>", index: 0 }
+  - { method: "<org.apache.commons.logging.Log: void error(java.lang.Object,java.lang.Throwable)>", index: 1 }
+  - { method: "<org.apache.commons.logging.Log: void fatal(java.lang.Object)>", index: 0 }
+  - { method: "<org.apache.commons.logging.Log: void fatal(java.lang.Object,java.lang.Throwable)>", index: 1 }
+  - { method: "<org.apache.commons.logging.Log: void info(java.lang.Object)>", index: 0 }
+  - { method: "<org.apache.commons.logging.Log: void info(java.lang.Object,java.lang.Throwable)>", index: 1 }
+  - { method: "<org.apache.commons.logging.Log: void trace(java.lang.Object)>", index: 0 }
+  - { method: "<org.apache.commons.logging.Log: void trace(java.lang.Object,java.lang.Throwable)>", index: 1 }
+  - { method: "<org.apache.commons.logging.Log: void warn(java.lang.Object)>", index: 0 }
+  - { method: "<org.apache.commons.logging.Log: void warn(java.lang.Object,java.lang.Throwable)>", index: 1 }
\ No newline at end of file
diff --git a/src/main/resources/taint-specification-collection/injection/sink/java/crlf/README.adoc b/src/main/resources/taint-specification-collection/injection/sink/java/crlf/README.adoc
new file mode 100644
index 000000000..e90b33d1d
--- /dev/null
+++ b/src/main/resources/taint-specification-collection/injection/sink/java/crlf/README.adoc
@@ -0,0 +1,10 @@
+= Description
+
+- **Overview**: 
+    The APIs in this directory are from the Java standard library's logging utilities, used to generate, record, and manage application logs. They provide various methods to log messages at different levels, support formatting log content, record exception information, and output logs to various targets.
+
+- **Common Use Cases**:
+    These APIs are commonly used for logging various types of information, such as recording errors and exceptions, tracking runtime information, issuing warnings, and integrating with log auditing systems.
+
+- **Security Risks**:
+    CRLF Injection: Attackers can exploit these APIs by crafting malicious input containing CRLF (Carriage Return and Line Feed) sequences to forge log entries, mislead monitoring personnel, and even affect auditing systems. Additionally, attackers can flood logs with excessive errors or irrelevant information, potentially corrupting the log data.
diff --git a/src/main/resources/taint-specification-collection/injection/sink/java/crlf/crlf-logs.yml b/src/main/resources/taint-specification-collection/injection/sink/java/crlf/crlf-logs.yml
new file mode 100644
index 000000000..7122e7001
--- /dev/null
+++ b/src/main/resources/taint-specification-collection/injection/sink/java/crlf/crlf-logs.yml
@@ -0,0 +1,89 @@
+sinks:
+  - { method: "<java.util.logging.Logger: void config(java.lang.String)>", index: 0 }
+  - { method: "<java.util.logging.Logger: void entering(java.lang.String,java.lang.String)>", index: 0 }
+  - { method: "<java.util.logging.Logger: void entering(java.lang.String,java.lang.String)>", index: 1 }
+  - { method: "<java.util.logging.Logger: void entering(java.lang.String,java.lang.String,java.lang.Object)>", index: 0 }
+  - { method: "<java.util.logging.Logger: void entering(java.lang.String,java.lang.String,java.lang.Object)>", index: 1 }
+  - { method: "<java.util.logging.Logger: void entering(java.lang.String,java.lang.String,java.lang.Object)>", index: 2 }
+  - { method: "<java.util.logging.Logger: void entering(java.lang.String,java.lang.String,java.lang.Object[])>", index: 0 }
+  - { method: "<java.util.logging.Logger: void entering(java.lang.String,java.lang.String,java.lang.Object[])>", index: 1 }
+  - { method: "<java.util.logging.Logger: void entering(java.lang.String,java.lang.String,java.lang.Object[])>", index: 2 }
+  - { method: "<java.util.logging.Logger: void exiting(java.lang.String,java.lang.String)>", index: 0 }
+  - { method: "<java.util.logging.Logger: void exiting(java.lang.String,java.lang.String,java.lang.Object)>", index: 0 }
+  - { method: "<java.util.logging.Logger: void exiting(java.lang.String,java.lang.String,java.lang.Object)>", index: 1 }
+  - { method: "<java.util.logging.Logger: void exiting(java.lang.String,java.lang.String,java.lang.Object)>", index: 2 }
+  - { method: "<java.util.logging.Logger: void fine(java.lang.String)>", index: 0 }
+  - { method: "<java.util.logging.Logger: void finer(java.lang.String)>", index: 0 }
+  - { method: "<java.util.logging.Logger: void finest(java.lang.String)>", index: 0 }
+  - { method: "<java.util.logging.Logger: void info(java.lang.String)>", index: 0 }
+
+  - { method: "<java.util.logging.Logger: void log(java.util.logging.Level,java.lang.String)>", index: 0 }
+  - { method: "<java.util.logging.Logger: void log(java.util.logging.Level,java.lang.String,java.lang.Object)>", index: 0 }
+  - { method: "<java.util.logging.Logger: void log(java.util.logging.Level,java.lang.String,java.lang.Object)>", index: 1 }
+  - { method: "<java.util.logging.Logger: void log(java.util.logging.Level,java.lang.String,java.lang.Object[])>", index: 0 }
+  - { method: "<java.util.logging.Logger: void log(java.util.logging.Level,java.lang.String,java.lang.Object[])>", index: 1 }
+  - { method: "<java.util.logging.Logger: void log(java.util.logging.Level,java.lang.String,java.lang.Throwable)>", index: 1 }
+  - { method: "<java.util.logging.Logger: void logp(java.util.logging.Level,java.lang.String,java.lang.String,java.lang.String)>", index: 0 }
+  - { method: "<java.util.logging.Logger: void logp(java.util.logging.Level,java.lang.String,java.lang.String,java.lang.String)>", index: 1 }
+  - { method: "<java.util.logging.Logger: void logp(java.util.logging.Level,java.lang.String,java.lang.String,java.lang.String)>", index: 2 }
+  - { method: "<java.util.logging.Logger: void logp(java.util.logging.Level,java.lang.String,java.lang.String,java.lang.String,java.lang.Object)>", index: 0 }
+  - { method: "<java.util.logging.Logger: void logp(java.util.logging.Level,java.lang.String,java.lang.String,java.lang.String,java.lang.Object)>", index: 1 }
+  - { method: "<java.util.logging.Logger: void logp(java.util.logging.Level,java.lang.String,java.lang.String,java.lang.String,java.lang.Object)>", index: 2 }
+  - { method: "<java.util.logging.Logger: void logp(java.util.logging.Level,java.lang.String,java.lang.String,java.lang.String,java.lang.Object)>", index: 3 }
+  - { method: "<java.util.logging.Logger: void logp(java.util.logging.Level,java.lang.String,java.lang.String,java.lang.String,java.lang.Object[])>", index: 0 }
+  - { method: "<java.util.logging.Logger: void logp(java.util.logging.Level,java.lang.String,java.lang.String,java.lang.String,java.lang.Object[])>", index: 1 }
+  - { method: "<java.util.logging.Logger: void logp(java.util.logging.Level,java.lang.String,java.lang.String,java.lang.String,java.lang.Object[])>", index: 2 }
+  - { method: "<java.util.logging.Logger: void logp(java.util.logging.Level,java.lang.String,java.lang.String,java.lang.String,java.lang.Object[])>", index: 3 }
+  - { method: "<java.util.logging.Logger: void logp(java.util.logging.Level,java.lang.String,java.lang.String,java.lang.String,java.lang.Throwable)>", index: 1 }
+  - { method: "<java.util.logging.Logger: void logp(java.util.logging.Level,java.lang.String,java.lang.String,java.lang.String,java.lang.Throwable)>", index: 2 }
+  - { method: "<java.util.logging.Logger: void logp(java.util.logging.Level,java.lang.String,java.lang.String,java.lang.String,java.lang.Throwable)>", index: 3 }
+  - { method: "<java.util.logging.Logger: void logp(java.util.logging.Level,java.lang.String,java.lang.String,java.util.function.Supplier)>", index: 1 } # no <java.lang.String> in Supplier?
+  - { method: "<java.util.logging.Logger: void logp(java.util.logging.Level,java.lang.String,java.lang.String,java.util.function.Supplier)>", index: 2 }
+  - { method: "<java.util.logging.Logger: void logp(java.util.logging.Level,java.lang.String,java.lang.String,java.lang.Throwable,java.util.function.Supplier)>", index: 2 }
+  - { method: "<java.util.logging.Logger: void logp(java.util.logging.Level,java.lang.String,java.lang.String,java.lang.Throwable,java.util.function.Supplier)>", index: 3 }
+  - { method: "<java.util.logging.Logger: void logrb(java.util.logging.Level,java.lang.String,java.lang.String,java.util.ResourceBundle,java.lang.String,java.lang.Object[])>", index: 0 }
+  - { method: "<java.util.logging.Logger: void logrb(java.util.logging.Level,java.lang.String,java.lang.String,java.util.ResourceBundle,java.lang.String,java.lang.Object[])>", index: 1 }
+  - { method: "<java.util.logging.Logger: void logrb(java.util.logging.Level,java.lang.String,java.lang.String,java.util.ResourceBundle,java.lang.String,java.lang.Object[])>", index: 3 }
+  - { method: "<java.util.logging.Logger: void logrb(java.util.logging.Level,java.lang.String,java.lang.String,java.util.ResourceBundle,java.lang.String,java.lang.Object[])>", index: 4 }
+  - { method: "<java.util.logging.Logger: void logrb(java.util.logging.Level,java.lang.String,java.lang.String,java.util.ResourceBundle,java.lang.String,java.lang.Throwable)>", index: 1 }
+  - { method: "<java.util.logging.Logger: void logrb(java.util.logging.Level,java.lang.String,java.lang.String,java.util.ResourceBundle,java.lang.String,java.lang.Throwable)>", index: 3 }
+  - { method: "<java.util.logging.Logger: void logrb(java.util.logging.Level,java.lang.String,java.lang.String,java.util.ResourceBundle,java.lang.String,java.lang.Throwable)>", index: 4 }
+  - { method: "<java.util.logging.Logger: void logrb(java.util.logging.Level,java.lang.String,java.lang.String,java.lang.String,java.lang.String)>", index: 0 }
+  - { method: "<java.util.logging.Logger: void logrb(java.util.logging.Level,java.lang.String,java.lang.String,java.lang.String,java.lang.String)>", index: 2 }
+  - { method: "<java.util.logging.Logger: void logrb(java.util.logging.Level,java.lang.String,java.lang.String,java.lang.String,java.lang.String)>", index: 3 }
+  - { method: "<java.util.logging.Logger: void logrb(java.util.logging.Level,java.lang.String,java.lang.String,java.lang.String,java.lang.String,java.lang.Object)>", index: 0 }
+  - { method: "<java.util.logging.Logger: void logrb(java.util.logging.Level,java.lang.String,java.lang.String,java.lang.String,java.lang.String,java.lang.Object)>", index: 1 }
+  - { method: "<java.util.logging.Logger: void logrb(java.util.logging.Level,java.lang.String,java.lang.String,java.lang.String,java.lang.String,java.lang.Object)>", index: 3 }
+  - { method: "<java.util.logging.Logger: void logrb(java.util.logging.Level,java.lang.String,java.lang.String,java.lang.String,java.lang.String,java.lang.Object)>", index: 4 }
+  - { method: "<java.util.logging.Logger: void logrb(java.util.logging.Level,java.lang.String,java.lang.String,java.lang.String,java.lang.String,java.lang.Object[])>", index: 0 }
+  - { method: "<java.util.logging.Logger: void logrb(java.util.logging.Level,java.lang.String,java.lang.String,java.lang.String,java.lang.String,java.lang.Object[])>", index: 1 }
+  - { method: "<java.util.logging.Logger: void logrb(java.util.logging.Level,java.lang.String,java.lang.String,java.lang.String,java.lang.String,java.lang.Object[])>", index: 3 }
+  - { method: "<java.util.logging.Logger: void logrb(java.util.logging.Level,java.lang.String,java.lang.String,java.lang.String,java.lang.String,java.lang.Object[])>", index: 4 }
+  - { method: "<java.util.logging.Logger: void logrb(java.util.logging.Level,java.lang.String,java.lang.String,java.lang.String,java.lang.String,java.lang.Throwable)>", index: 1 }
+  - { method: "<java.util.logging.Logger: void logrb(java.util.logging.Level,java.lang.String,java.lang.String,java.lang.String,java.lang.String,java.lang.Throwable)>", index: 3 }
+  - { method: "<java.util.logging.Logger: void logrb(java.util.logging.Level,java.lang.String,java.lang.String,java.lang.String,java.lang.String,java.lang.Throwable)>", index: 4 }
+
+  - { method: "<java.util.logging.Logger: void severe(java.lang.String)>", index: 0 }
+  - { method: "<java.util.logging.Logger: void throwing(java.lang.String,java.lang.String,java.lang.Throwable)>", index: 1 }
+  - { method: "<java.util.logging.Logger: void throwing(java.lang.String,java.lang.String,java.lang.Throwable)>", index: 2 }
+  - { method: "<java.util.logging.Logger: void warning(java.lang.String)>", index: 0 }
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
+
diff --git a/src/main/resources/taint-specification-collection/injection/sink/java/path-traversal/README.adoc b/src/main/resources/taint-specification-collection/injection/sink/java/path-traversal/README.adoc
new file mode 100644
index 000000000..9f5f12e3e
--- /dev/null
+++ b/src/main/resources/taint-specification-collection/injection/sink/java/path-traversal/README.adoc
@@ -0,0 +1,10 @@
+= Description
+
+- **Overview**: 
+    The APIs in this directory involve file operations from the Java standard library, including file creation, reading, writing, and path handling. These classes and methods allow developers to perform various file operations, such as creating temporary files, reading file content, and writing data to files. If the parameters are unconstrained and controlled externally, attackers can exploit path traversal vulnerabilities to read and write arbitrary files.
+
+- **Common Use Cases**:
+    These APIs are commonly used for creating files and directories, reading files, writing files, and handling file paths.
+
+- **Security Risks**:
+    Path Traversal: Attackers can exploit malicious input to perform arbitrary file operations or access unsafe locations, potentially leading to unauthorized file read and write access.
diff --git a/src/main/resources/taint-specification-collection/injection/sink/java/path-traversal/path-traversal.yml b/src/main/resources/taint-specification-collection/injection/sink/java/path-traversal/path-traversal.yml
new file mode 100644
index 000000000..c82164eb0
--- /dev/null
+++ b/src/main/resources/taint-specification-collection/injection/sink/java/path-traversal/path-traversal.yml
@@ -0,0 +1,36 @@
+sinks:
+  # in
+  - { method: "<java.io.File: void <init>(java.lang.String)>", index: 0 }
+  - { method: "<java.io.File: void <init>(java.lang.String,java.lang.String)>", index: 0 }
+  - { method: "<java.io.File: void <init>(java.lang.String,java.lang.String)>", index: 1 }
+  - { method: "<java.io.File: void <init>(java.io.File,java.lang.String)>", index: 0 }
+  - { method: "<java.io.File: void <init>(java.net.URI)>", index: 0 }
+  - { method: "<java.io.RandomAccessFile: void <init>(java.lang.String,java.lang.String)>", index: 1 }
+
+  - { method: "<java.io.FileReader: void <init>(java.lang.String)>", index: 0 }
+  - { method: "<java.io.FileInputStream: void <init>(java.lang.String)>", index: 0 }
+
+  - { method: "<java.nio.file.Paths: java.nio.file.Path get(java.lang.String,java.lang.String[])>", index: 0 }
+  - { method: "<java.nio.file.Paths: java.nio.file.Path get(java.lang.String,java.lang.String[])>", index: 1 }
+  - { method: "<java.nio.file.Paths: java.nio.file.Path get(java.net.URI)>", index: 0 }
+
+  - { method: "<java.io.File: java.io.File createTempFile(java.lang.String,java.lang.String)>", index: 0 }
+  - { method: "<java.io.File: java.io.File createTempFile(java.lang.String,java.lang.String)>", index: 1 }
+  - { method: "<java.io.File: java.io.File createTempFile(java.lang.String,java.lang.String,java.io.File)>", index: 0 }
+  - { method: "<java.io.File: java.io.File createTempFile(java.lang.String,java.lang.String,java.io.File)>", index: 1 }
+  - { method: "<java.io.File: java.io.File createTempFile(java.lang.String,java.lang.String,java.io.File)>", index: 2 }
+
+  - { method: "<javax.activation.FileDataSource: void <init>(java.lang.String)>", index: 0 }
+
+  - { method: "<java.nio.file.Files: java.nio.file.Path createTempFile(java.nio.file.Path,java.lang.String,java.lang.String,java.nio.file.attribute.FileAttribute[])>", index: 1 }
+  - { method: "<java.nio.file.Files: java.nio.file.Path createTempFile(java.nio.file.Path,java.lang.String,java.lang.String,java.nio.file.attribute.FileAttribute[])>", index: 2 }
+  - { method: "<java.nio.file.Files: java.nio.file.Path createTempFile(java.lang.String,java.lang.String,java.nio.file.attribute.FileAttribute[])>", index: 1 }
+  - { method: "<java.nio.file.Files: java.nio.file.Path createTempFile(java.lang.String,java.lang.String,java.nio.file.attribute.FileAttribute[])>", index: 2 }
+  - { method: "<java.nio.file.Files: java.nio.file.Path createTempDirectory(java.nio.file.Path,java.lang.String,java.nio.file.attribute.FileAttribute[])>", index: 1 }
+  - { method: "<java.nio.file.Files: java.nio.file.Path createTempDirectory(java.lang.String,java.nio.file.attribute.FileAttribute[])>", index: 1 }
+
+  # out
+  - { method: "<java.io.FileWriter: void <init>(java.lang.String)>", index: 0 }
+  - { method: "<java.io.FileWriter: void <init>(java.lang.String,boolean)>", index: 1 }
+  - { method: "<java.io.FileOutputStream: void <init>(java.lang.String)>", index: 0 }
+  - { method: "<java.io.FileOutputStream: void <init>(java.lang.String,boolean)>", index: 1 }
diff --git a/src/main/resources/taint-specification-collection/injection/sink/java/rce/README.adoc b/src/main/resources/taint-specification-collection/injection/sink/java/rce/README.adoc
new file mode 100644
index 000000000..19dfff8ec
--- /dev/null
+++ b/src/main/resources/taint-specification-collection/injection/sink/java/rce/README.adoc
@@ -0,0 +1,10 @@
+= Description
+
+- **Overview**: 
+    The APIs in this directory involve operations for creating and managing processes in Java. They are used to start and control external processes, suitable for various scenarios such as executing system commands and launching external applications. If their parameters are subject to unlimited external input, attackers can execute arbitrary commands on the local machine.
+
+- **Common Use Cases**:
+    These APIs are commonly used to create and manage processes, and to execute system commands.
+
+- **Security Risks**:
+    Command Injection: Attackers can exploit these methods to execute arbitrary commands on the local machine, potentially compromising the system and accessing confidential information.
diff --git a/src/main/resources/taint-specification-collection/injection/sink/java/rce/command.yml b/src/main/resources/taint-specification-collection/injection/sink/java/rce/command.yml
new file mode 100644
index 000000000..6c09b9388
--- /dev/null
+++ b/src/main/resources/taint-specification-collection/injection/sink/java/rce/command.yml
@@ -0,0 +1,17 @@
+sinks:
+  - { method: "<java.lang.Runtime: java.lang.Process exec(java.lang.String)>", index: 0 }
+  - { method: "<java.lang.Runtime: java.lang.Process exec(java.lang.String[])>", index: 0 }
+  - { method: "<java.lang.Runtime: java.lang.Process exec(java.lang.String,java.lang.String[])>", index: 0 }
+  - { method: "<java.lang.Runtime: java.lang.Process exec(java.lang.String,java.lang.String[])>", index: 1 }
+  - { method: "<java.lang.Runtime: java.lang.Process exec(java.lang.String[],java.lang.String[])>", index: 0 }
+  - { method: "<java.lang.Runtime: java.lang.Process exec(java.lang.String[],java.lang.String[])>", index: 1 }
+  - { method: "<java.lang.Runtime: java.lang.Process exec(java.lang.String,java.lang.String[],java.io.File)>", index: 1 }
+  - { method: "<java.lang.Runtime: java.lang.Process exec(java.lang.String,java.lang.String[],java.io.File)>", index: 2 }
+  - { method: "<java.lang.Runtime: java.lang.Process exec(java.lang.String[],java.lang.String[],java.io.File)>", index: 1 }
+  - { method: "<java.lang.Runtime: java.lang.Process exec(java.lang.String[],java.lang.String[],java.io.File)>", index: 2 }
+
+  - { method: "<java.lang.ProcessBuilder: void <init>(java.lang.String[])>", index: 0 }
+  - { method: "<java.lang.ProcessBuilder: void <init>(java.util.List)>", index: 0 }
+  - { method: "<java.lang.ProcessBuilder: java.lang.ProcessBuilder command(java.lang.String[])>", index: 0 }
+  - { method: "<java.lang.ProcessBuilder: java.lang.ProcessBuilder command(java.util.List)>", index: 0 }
+
diff --git a/src/main/resources/taint-specification-collection/injection/sink/java/sql-injection/sql-jdbc.yml b/src/main/resources/taint-specification-collection/injection/sink/java/sql-injection/sql-jdbc.yml
new file mode 100644
index 000000000..a3ac57d77
--- /dev/null
+++ b/src/main/resources/taint-specification-collection/injection/sink/java/sql-injection/sql-jdbc.yml
@@ -0,0 +1,13 @@
+sinks:
+  # interface
+  # - { method: "<java.sql.PreparedStatement: void addBatch(java.lang.String)>", index: 0 }
+  # - { method: "<java.sql.Connection: java.sql.CallableStatement prepareCall(java.lang.String)>", index: 0 }
+  # - { method: "<java.sql.Connection: java.sql.CallableStatement prepareCall(java.lang.String,int,int)>", index: 2 }
+  # - { method: "<java.sql.Connection: java.sql.CallableStatement prepareCall(java.lang.String,int,int,int)>", index: 3 }
+  # - { method: "<java.sql.Connection: java.sql.PreparedStatement prepareStatement(java.lang.String)>", index: 0 }
+  # - { method: "<java.sql.Connection: java.sql.PreparedStatement prepareStatement(java.lang.String,int)>", index: 1 }
+  # - { method: "<java.sql.Connection: java.sql.PreparedStatement prepareStatement(java.lang.String,int,int)>", index: 2 }
+  # - { method: "<java.sql.Connection: java.sql.PreparedStatement prepareStatement(java.lang.String,int,int,int)>", index: 3 }
+  # - { method: "<java.sql.Connection: java.sql.PreparedStatement prepareStatement(java.lang.String,int[])>", index: 1 }
+  # - { method: "<java.sql.Connection: java.sql.PreparedStatement prepareStatement(java.lang.String,java.lang.String[])>", index: 1 }
+  # - { method: "<java.sql.Connection: java.lang.String nativeSQL(java.lang.String)>", index: 0 }
diff --git a/src/main/resources/taint-specification-collection/injection/sink/java/xpath-injection/README.adoc b/src/main/resources/taint-specification-collection/injection/sink/java/xpath-injection/README.adoc
new file mode 100644
index 000000000..992fb6bb9
--- /dev/null
+++ b/src/main/resources/taint-specification-collection/injection/sink/java/xpath-injection/README.adoc
@@ -0,0 +1,10 @@
+= Description
+
+- **Overview**: 
+    The Java standard library provides a set of methods for evaluating XPath expressions and selecting nodes within XML documents. Using these methods, developers can easily locate, filter, and process specific nodes and data within XML documents.
+
+- **Common Use Cases**:
+    These APIs are commonly used to parse and execute XPath expressions, returning corresponding results based on the content of XML documents.
+
+- **Security Risks**:
+    XPath Injection: Similar to SQL injection attacks, attackers can craft malicious XPath expressions to reveal the structure of XML data or access data that is normally restricted. If the XML data is used for user authentication, attackers could even escalate their privileges.
diff --git a/src/main/resources/taint-specification-collection/injection/sink/java/xpath-injection/xpath.yml b/src/main/resources/taint-specification-collection/injection/sink/java/xpath-injection/xpath.yml
new file mode 100644
index 000000000..0c0ca312d
--- /dev/null
+++ b/src/main/resources/taint-specification-collection/injection/sink/java/xpath-injection/xpath.yml
@@ -0,0 +1,10 @@
+sinks:
+  - { method: "<com.sun.org.apache.xpath.internal.XPathAPI: com.sun.org.apache.xpath.internal.objects.XObject eval(org.w3c.dom.Node,java.lang.String)>", index: 0 }
+  - { method: "<com.sun.org.apache.xpath.internal.XPathAPI: com.sun.org.apache.xpath.internal.objects.XObject eval(org.w3c.dom.Node,java.lang.String,org.w3c.dom.Node)>", index: 1 }
+  - { method: "<com.sun.org.apache.xpath.internal.XPathAPI: com.sun.org.apache.xpath.internal.objects.XObject eval(org.w3c.dom.Node,java.lang.String,com.sun.org.apache.xml.internal.utils.PrefixResolver)>", index: 1 }
+  - { method: "<com.sun.org.apache.xpath.internal.XPathAPI: org.w3c.dom.traversal.NodeIterator selectNodeIterator(org.w3c.dom.Node,java.lang.String)>", index: 0 }
+  - { method: "<com.sun.org.apache.xpath.internal.XPathAPI: org.w3c.dom.traversal.NodeIterator selectNodeIterator(org.w3c.dom.Node,java.lang.String,org.w3c.dom.Node)>", index: 1 }
+  - { method: "<com.sun.org.apache.xpath.internal.XPathAPI: org.w3c.dom.NodeList selectNodeList(org.w3c.dom.Node,java.lang.String)>", index: 0 }
+  - { method: "<com.sun.org.apache.xpath.internal.XPathAPI: org.w3c.dom.NodeList selectNodeList(org.w3c.dom.Node,java.lang.String,org.w3c.dom.Node)>", index: 1 }
+  - { method: "<com.sun.org.apache.xpath.internal.XPathAPI: org.w3c.dom.Node selectSingleNode(org.w3c.dom.Node,java.lang.String)>", index: 0 }
+  - { method: "<com.sun.org.apache.xpath.internal.XPathAPI: org.w3c.dom.Node selectSingleNode(org.w3c.dom.Node,java.lang.String,org.w3c.dom.Node)>", index: 1 }
diff --git a/src/main/resources/taint-specification-collection/injection/sink/java/xss/README.adoc b/src/main/resources/taint-specification-collection/injection/sink/java/xss/README.adoc
new file mode 100644
index 000000000..e4ba95a5b
--- /dev/null
+++ b/src/main/resources/taint-specification-collection/injection/sink/java/xss/README.adoc
@@ -0,0 +1,10 @@
+= Description
+
+- **Overview**: 
+    The Java standard library provides a set of formatting and output APIs that are used to format data into specific string forms and output these strings to various targets.
+
+- **Common Use Cases**:
+    These APIs are commonly used to format strings, write text to output streams, and other similar tasks.
+
+- **Security Risks**:
+    XSS (Cross-Site Scripting) Attacks: If the formatted string or parameters include user input data and are not properly encoded, it may lead to XSS vulnerabilities. For example, if user input contains a `<script>` tag, it may be rendered and executed.
diff --git a/src/main/resources/taint-specification-collection/injection/sink/java/xss/formatter.yml b/src/main/resources/taint-specification-collection/injection/sink/java/xss/formatter.yml
new file mode 100644
index 000000000..0f3b531f8
--- /dev/null
+++ b/src/main/resources/taint-specification-collection/injection/sink/java/xss/formatter.yml
@@ -0,0 +1,13 @@
+sinks:
+  - { method: "<java.util.Formatter: java.util.Formatter format(java.lang.String,java.lang.Object[])>", index: 1 }
+  - { method: "<java.util.Formatter: java.util.Formatter format(java.util.Locale,java.lang.String,java.lang.Object[])>", index: 1 }
+
+  - { method: "<java.io.PrintStream: java.io.PrintStream format(java.lang.String,java.lang.Object[])>", index: 1 }
+  - { method: "<java.io.PrintStream: java.io.PrintStream format(java.util.Locale,java.lang.String,java.lang.Object[])>", index: 1 }
+  - { method: "<java.lang.String: java.lang.String format(java.lang.String,java.lang.Object[])>", index: 1 }
+  - { method: "<java.lang.String: java.lang.String format(java.util.Locale,java.lang.String,java.lang.Object[])>", index: 1 }
+
+  - { method: "<java.io.PrintWriter: java.io.PrintWriter format(java.util.Locale,java.lang.String,java.lang.Object[])>", index: 0 }
+  - { method: "<java.io.PrintWriter: java.io.PrintWriter format(java.util.Locale,java.lang.String,java.lang.Object[])>", index: 1 }
+  - { method: "<java.io.PrintWriter: java.io.PrintWriter format(java.lang.String,java.lang.Object[])>", index: 0 }
+  - { method: "<java.io.PrintWriter: java.io.PrintWriter format(java.lang.String,java.lang.Object[])>", index: 1 }
\ No newline at end of file
diff --git a/src/main/resources/taint-specification-collection/injection/sink/java/xss/output.yml b/src/main/resources/taint-specification-collection/injection/sink/java/xss/output.yml
new file mode 100644
index 000000000..a2a384b22
--- /dev/null
+++ b/src/main/resources/taint-specification-collection/injection/sink/java/xss/output.yml
@@ -0,0 +1,23 @@
+sinks:
+  - { method: "<java.io.PrintWriter: void write(java.lang.String)>", index: 0 }
+  - { method: "<java.io.PrintWriter: void write(java.lang.String,int,int)>", index: 2 }
+  - { method: "<java.io.PrintWriter: void write(char[])>", index: 0 }
+  - { method: "<java.io.PrintWriter: void write(char[],int,int)>", index: 2 }
+
+  - { method: "<java.io.PrintWriter: void print(char[])>", index: 0 }
+  - { method: "<java.io.PrintWriter: void print(java.lang.String)>", index: 0 }
+  - { method: "<java.io.PrintWriter: void print(java.lang.Object)>", index: 0 }
+  - { method: "<java.io.PrintWriter: void print(char)>", index: 0 }
+  - { method: "<java.io.PrintWriter: void println(char[])>", index: 0 }
+  - { method: "<java.io.PrintWriter: void println(java.lang.String)>", index: 0 }
+  - { method: "<java.io.PrintWriter: void println(java.lang.Object)>", index: 0 }
+  - { method: "<java.io.PrintWriter: void println(char)>", index: 0 }
+  - { method: "<java.io.PrintWriter: java.io.PrintWriter printf(java.util.Locale,java.lang.String,java.lang.Object[])>", index: 0 }
+  - { method: "<java.io.PrintWriter: java.io.PrintWriter printf(java.util.Locale,java.lang.String,java.lang.Object[])>", index: 1 }
+  - { method: "<java.io.PrintWriter: java.io.PrintWriter printf(java.lang.String,java.lang.Object[])>", index: 0 }
+  - { method: "<java.io.PrintWriter: java.io.PrintWriter printf(java.lang.String,java.lang.Object[])>", index: 1 }
+  - { method: "<java.io.PrintWriter: java.io.PrintWriter append(java.lang.CharSequence)>", index: 0 }
+  - { method: "<java.io.PrintWriter: java.io.PrintWriter append(java.lang.CharSequence,int,int)>", index: 2 }
+  - { method: "<java.io.PrintWriter: java.io.PrintWriter append(char)>", index: 0 }
+  - { method: "<java.io.PrintStream: java.io.PrintStream printf(java.lang.String,java.lang.Object[])>", index: 1 }
+  - { method: "<java.io.PrintStream: java.io.PrintStream printf(java.util.Locale,java.lang.String,java.lang.Object[])>", index: 1 }
\ No newline at end of file
diff --git a/src/main/resources/taint-specification-collection/injection/sink/javax/ldap-injection/README.adoc b/src/main/resources/taint-specification-collection/injection/sink/javax/ldap-injection/README.adoc
new file mode 100644
index 000000000..c8d366edb
--- /dev/null
+++ b/src/main/resources/taint-specification-collection/injection/sink/javax/ldap-injection/README.adoc
@@ -0,0 +1,10 @@
+= Description
+
+- **Overview**: 
+    LDAP (Lightweight Directory Access Protocol) is a protocol used for accessing and maintaining distributed directory information services. Web applications commonly use LDAP to manage users and permissions.
+
+- **Common Use Cases**:
+    These APIs are commonly used to search, query, and list entries in an LDAP directory.
+
+- **Security Risks**:
+    Unauthorized Access: When applications construct LDAP queries using user input, and if proper input validation is not performed, attackers can modify the LDAP query through crafted input, leading to unauthorized access or data manipulation.
diff --git a/src/main/resources/taint-specification-collection/injection/sink/javax/ldap-injection/ldap.yml b/src/main/resources/taint-specification-collection/injection/sink/javax/ldap-injection/ldap.yml
new file mode 100644
index 000000000..cc253f9a0
--- /dev/null
+++ b/src/main/resources/taint-specification-collection/injection/sink/javax/ldap-injection/ldap.yml
@@ -0,0 +1,54 @@
+sinks:
+  - { method: "<javax.naming.ldap.LdapName: void <init>(java.lang.String)>", index: 0 }
+  - { method: "<javax.naming.Context: java.lang.Object lookup(java.lang.String)>", index: 0 }
+
+  - { method: "<javax.naming.directory.DirContext: java.lang.Object lookup(java.lang.String)>", index: 0 }
+  - { method: "<javax.naming.directory.DirContext: javax.naming.NamingEnumeration search(javax.naming.Name,java.lang.String,javax.naming.directory.SearchControls)>", index: 1 }
+  - { method: "<javax.naming.directory.DirContext: javax.naming.NamingEnumeration search(javax.naming.Name,java.lang.String,java.lang.Object[],javax.naming.directory.SearchControls)>", index: 2 }
+  - { method: "<javax.naming.directory.DirContext: javax.naming.NamingEnumeration search(java.lang.String,java.lang.String,javax.naming.directory.SearchControls)>", index: 1 }
+  - { method: "<javax.naming.directory.DirContext: javax.naming.NamingEnumeration search(java.lang.String,java.lang.String,javax.naming.directory.SearchControls)>", index: 2 }
+  - { method: "<javax.naming.directory.DirContext: javax.naming.NamingEnumeration search(java.lang.String,java.lang.String,java.lang.Object[],javax.naming.directory.SearchControls)>", index: 2 }
+  - { method: "<javax.naming.directory.DirContext: javax.naming.NamingEnumeration search(java.lang.String,java.lang.String,java.lang.Object[],javax.naming.directory.SearchControls)>", index: 3 }
+
+  - { method: "<javax.naming.directory.InitialDirContext: java.lang.Object lookup(java.lang.String)>", index: 0 }
+  - { method: "<javax.naming.directory.InitialDirContext: javax.naming.NamingEnumeration search(javax.naming.Name,java.lang.String,javax.naming.directory.SearchControls)>", index: 1 }
+  - { method: "<javax.naming.directory.InitialDirContext: javax.naming.NamingEnumeration search(javax.naming.Name,java.lang.String,java.lang.Object[],javax.naming.directory.SearchControls)>", index: 2 }
+  - { method: "<javax.naming.directory.InitialDirContext: javax.naming.NamingEnumeration search(java.lang.String,java.lang.String,javax.naming.directory.SearchControls)>", index: 1 }
+  - { method: "<javax.naming.directory.InitialDirContext: javax.naming.NamingEnumeration search(java.lang.String,java.lang.String,javax.naming.directory.SearchControls)>", index: 2 }
+  - { method: "<javax.naming.directory.InitialDirContext: javax.naming.NamingEnumeration search(java.lang.String,java.lang.String,java.lang.Object[],javax.naming.directory.SearchControls)>", index: 2 }
+  - { method: "<javax.naming.directory.InitialDirContext: javax.naming.NamingEnumeration search(java.lang.String,java.lang.String,java.lang.Object[],javax.naming.directory.SearchControls)>", index: 3 }
+
+  - { method: "<javax.naming.ldap.LdapContext: java.lang.Object lookup(java.lang.String)>", index: 0 }
+  - { method: "<javax.naming.ldap.LdapContext: javax.naming.NamingEnumeration search(javax.naming.Name,java.lang.String,javax.naming.directory.SearchControls)>", index: 1 }
+  - { method: "<javax.naming.ldap.LdapContext: javax.naming.NamingEnumeration search(javax.naming.Name,java.lang.String,java.lang.Object[],javax.naming.directory.SearchControls)>", index: 2 }
+  - { method: "<javax.naming.ldap.LdapContext: javax.naming.NamingEnumeration search(java.lang.String,java.lang.String,javax.naming.directory.SearchControls)>", index: 1 }
+  - { method: "<javax.naming.ldap.LdapContext: javax.naming.NamingEnumeration search(java.lang.String,java.lang.String,javax.naming.directory.SearchControls)>", index: 2 }
+  - { method: "<javax.naming.ldap.LdapContext: javax.naming.NamingEnumeration search(java.lang.String,java.lang.String,java.lang.Object[],javax.naming.directory.SearchControls)>", index: 2 }
+  - { method: "<javax.naming.ldap.LdapContext: javax.naming.NamingEnumeration search(java.lang.String,java.lang.String,java.lang.Object[],javax.naming.directory.SearchControls)>", index: 3 }
+
+  - { method: "<javax.naming.ldap.InitialLdapContext: java.lang.Object lookup(java.lang.String)>", index: 0 }
+  - { method: "<javax.naming.ldap.InitialLdapContext: javax.naming.NamingEnumeration search(javax.naming.Name,java.lang.String,javax.naming.directory.SearchControls)>", index: 1 }
+  - { method: "<javax.naming.ldap.InitialLdapContext: javax.naming.NamingEnumeration search(javax.naming.Name,java.lang.String,java.lang.Object[],javax.naming.directory.SearchControls)>", index: 2 }
+  - { method: "<javax.naming.ldap.InitialLdapContext: javax.naming.NamingEnumeration search(java.lang.String,java.lang.String,javax.naming.directory.SearchControls)>", index: 1 }
+  - { method: "<javax.naming.ldap.InitialLdapContext: javax.naming.NamingEnumeration search(java.lang.String,java.lang.String,javax.naming.directory.SearchControls)>", index: 2 }
+  - { method: "<javax.naming.ldap.InitialLdapContext: javax.naming.NamingEnumeration search(java.lang.String,java.lang.String,java.lang.Object[],javax.naming.directory.SearchControls)>", index: 2 }
+  - { method: "<javax.naming.ldap.InitialLdapContext: javax.naming.NamingEnumeration search(java.lang.String,java.lang.String,java.lang.Object[],javax.naming.directory.SearchControls)>", index: 3 }
+
+  - { method: "<javax.naming.event.EventDirContext: java.lang.Object lookup(java.lang.String)>", index: 0 }
+  - { method: "<javax.naming.event.EventDirContext: javax.naming.NamingEnumeration search(javax.naming.Name,java.lang.String,javax.naming.directory.SearchControls)>", index: 1 }
+  - { method: "<javax.naming.event.EventDirContext: javax.naming.NamingEnumeration search(javax.naming.Name,java.lang.String,java.lang.Object[],javax.naming.directory.SearchControls)>", index: 2 }
+  - { method: "<javax.naming.event.EventDirContext: javax.naming.NamingEnumeration search(java.lang.String,java.lang.String,javax.naming.directory.SearchControls)>", index: 1 }
+  - { method: "<javax.naming.event.EventDirContext: javax.naming.NamingEnumeration search(java.lang.String,java.lang.String,javax.naming.directory.SearchControls)>", index: 2 }
+  - { method: "<javax.naming.event.EventDirContext: javax.naming.NamingEnumeration search(java.lang.String,java.lang.String,java.lang.Object[],javax.naming.directory.SearchControls)>", index: 2 }
+  - { method: "<javax.naming.event.EventDirContext: javax.naming.NamingEnumeration search(java.lang.String,java.lang.String,java.lang.Object[],javax.naming.directory.SearchControls)>", index: 3 }
+
+  - { method: "<com.sun.jndi.ldap.LdapCtx: java.lang.Object lookup(java.lang.String)>", index: 0 }
+  - { method: "<com.sun.jndi.ldap.LdapCtx: javax.naming.NamingEnumeration search(javax.naming.Name,java.lang.String,javax.naming.directory.SearchControls)>", index: 1 }
+  - { method: "<com.sun.jndi.ldap.LdapCtx: javax.naming.NamingEnumeration search(javax.naming.Name,java.lang.String,java.lang.Object[],javax.naming.directory.SearchControls)>", index: 2 }
+  - { method: "<com.sun.jndi.ldap.LdapCtx: javax.naming.NamingEnumeration search(java.lang.String,java.lang.String,javax.naming.directory.SearchControls)>", index: 1 }
+  - { method: "<com.sun.jndi.ldap.LdapCtx: javax.naming.NamingEnumeration search(java.lang.String,java.lang.String,javax.naming.directory.SearchControls)>", index: 2 }
+  - { method: "<com.sun.jndi.ldap.LdapCtx: javax.naming.NamingEnumeration search(java.lang.String,java.lang.String,java.lang.Object[],javax.naming.directory.SearchControls)>", index: 2 }
+  - { method: "<com.sun.jndi.ldap.LdapCtx: javax.naming.NamingEnumeration search(java.lang.String,java.lang.String,java.lang.Object[],javax.naming.directory.SearchControls)>", index: 3 }
+
+  - { method: "<com.unboundid.ldap.sdk.LDAPConnection: com.unboundid.ldap.sdk.SearchResult search(java.lang.String,com.unboundid.ldap.sdk.SearchScope,java.lang.String,java.lang.String[])>", index: 1 } # the size of para?
+  - { method: "<com.unboundid.ldap.sdk.LDAPConnection: com.unboundid.ldap.sdk.SearchResult search(java.lang.String,com.unboundid.ldap.sdk.SearchScope,java.lang.String,java.lang.String[])>", index: 3 }
\ No newline at end of file
diff --git a/src/main/resources/taint-specification-collection/injection/sink/javax/other/el.yml b/src/main/resources/taint-specification-collection/injection/sink/javax/other/el.yml
new file mode 100644
index 000000000..a0040d9c8
--- /dev/null
+++ b/src/main/resources/taint-specification-collection/injection/sink/javax/other/el.yml
@@ -0,0 +1,3 @@
+sinks:
+  - { method: "<javax.el.ExpressionFactory: javax.el.ValueExpression createValueExpression(javax.el.ELContext,java.lang.String,java.lang.Class)>", index: 1 }
+  - { method: "<javax.el.ExpressionFactory: javax.el.MethodExpression createMethodExpression(javax.el.ELContext,java.lang.String,java.lang.Class,java.lang.Class[])>", index: 2 }
diff --git a/src/main/resources/taint-specification-collection/injection/sink/javax/other/response-splitting.yml b/src/main/resources/taint-specification-collection/injection/sink/javax/other/response-splitting.yml
new file mode 100644
index 000000000..9d372a43a
--- /dev/null
+++ b/src/main/resources/taint-specification-collection/injection/sink/javax/other/response-splitting.yml
@@ -0,0 +1,13 @@
+sinks:
+  - { method: "<javax.servlet.http.Cookie: void <init>(java.lang.String,java.lang.String)>", index: 0 }
+  - { method: "<javax.servlet.http.Cookie: void <init>(java.lang.String,java.lang.String)>", index: 1 }
+  - { method: "<javax.servlet.http.Cookie: void setValue(java.lang.String)>", index: 0 }
+
+  - { method: "<javax.servlet.http.HttpServletResponse: void addHeader(java.lang.String,java.lang.String)>", index: 0 }
+  - { method: "<javax.servlet.http.HttpServletResponse: void addHeader(java.lang.String,java.lang.String)>", index: 1 }
+  - { method: "<javax.servlet.http.HttpServletResponse: void setHeader(java.lang.String,java.lang.String)>", index: 0 }
+  - { method: "<javax.servlet.http.HttpServletResponse: void setHeader(java.lang.String,java.lang.String)>", index: 1 }
+  - { method: "<javax.servlet.http.HttpServletResponseWrapper: void addHeader(java.lang.String,java.lang.String)>", index: 0 }
+  - { method: "<javax.servlet.http.HttpServletResponseWrapper: void addHeader(java.lang.String,java.lang.String)>", index: 1 }
+  - { method: "<javax.servlet.http.HttpServletResponseWrapper: void setHeader(java.lang.String,java.lang.String)>", index: 0 }
+  - { method: "<javax.servlet.http.HttpServletResponseWrapper: void setHeader(java.lang.String,java.lang.String)>", index: 1 }
diff --git a/src/main/resources/taint-specification-collection/injection/sink/javax/other/script-engine.yml b/src/main/resources/taint-specification-collection/injection/sink/javax/other/script-engine.yml
new file mode 100644
index 000000000..2acd80784
--- /dev/null
+++ b/src/main/resources/taint-specification-collection/injection/sink/javax/other/script-engine.yml
@@ -0,0 +1,2 @@
+sinks:
+  - { method: "<javax.script.ScriptEngine: java.lang.Object eval(java.lang.String)>", index: 0 }
diff --git a/src/main/resources/taint-specification-collection/injection/sink/javax/other/smtp.yml b/src/main/resources/taint-specification-collection/injection/sink/javax/other/smtp.yml
new file mode 100644
index 000000000..f9b245397
--- /dev/null
+++ b/src/main/resources/taint-specification-collection/injection/sink/javax/other/smtp.yml
@@ -0,0 +1,6 @@
+sinks:
+  - { method: "<javax.mail.Message: void setSubject(java.lang.String)>", index: 0 }
+  - { method: "<javax.mail.Message: void addHeader(java.lang.String,java.lang.String)>", index: 0 }
+  - { method: "<javax.mail.Message: void addHeader(java.lang.String,java.lang.String)>", index: 1 }
+  - { method: "<javax.mail.Message: void setDescription(java.lang.String)>", index: 0 }
+  - { method: "<javax.mail.Message: void setDisposition(java.lang.String)>", index: 0 }
diff --git a/src/main/resources/taint-specification-collection/injection/sink/javax/other/trust-boundary-violation.yml b/src/main/resources/taint-specification-collection/injection/sink/javax/other/trust-boundary-violation.yml
new file mode 100644
index 000000000..0f7b173a5
--- /dev/null
+++ b/src/main/resources/taint-specification-collection/injection/sink/javax/other/trust-boundary-violation.yml
@@ -0,0 +1,6 @@
+sinks:
+  - { method: "<javax.servlet.http.HttpSession: void setAttribute(java.lang.String,java.lang.Object)>", index: 1 }
+  - { method: "<javax.servlet.http.HttpSession: void putValue(java.lang.String,java.lang.Object)>", index: 1 }
+
+  - { method: "<javax.servlet.http.HttpSession: void setAttribute(java.lang.String,java.lang.Object)>", index: 0 }
+  - { method: "<javax.servlet.http.HttpSession: void putValue(java.lang.String,java.lang.Object)>", index: 0 }
diff --git a/src/main/resources/taint-specification-collection/injection/sink/javax/other/xslt.yml b/src/main/resources/taint-specification-collection/injection/sink/javax/other/xslt.yml
new file mode 100644
index 000000000..b4d536dde
--- /dev/null
+++ b/src/main/resources/taint-specification-collection/injection/sink/javax/other/xslt.yml
@@ -0,0 +1,2 @@
+sinks:
+  - { method: "<javax.xml.transform.TransformerFactory: javax.xml.transform.Transformer newTransformer(javax.xml.transform.Source)>", index: 0 }
diff --git a/src/main/resources/taint-specification-collection/injection/sink/javax/sql-injection/README.adoc b/src/main/resources/taint-specification-collection/injection/sink/javax/sql-injection/README.adoc
new file mode 100644
index 000000000..1c57cea19
--- /dev/null
+++ b/src/main/resources/taint-specification-collection/injection/sink/javax/sql-injection/README.adoc
@@ -0,0 +1,10 @@
+= Description
+
+- **Overview**: 
+    The APIs in this directory provide multiple ways to execute SQL queries and return results. These methods are used to interact with databases by executing SQL queries to retrieve data.
+
+- **Common Use Cases**:
+    These APIs are commonly used for handling user-input data queries and executing SQL statements. Users typically have some level of control over the parameters.
+
+- **Security Risks**:
+    SQL Injection: Attackers can exploit these APIs by crafting malicious input to inject SQL commands, allowing them to manipulate the database.
diff --git a/src/main/resources/taint-specification-collection/injection/sink/javax/sql-injection/sql-jdo.yml b/src/main/resources/taint-specification-collection/injection/sink/javax/sql-injection/sql-jdo.yml
new file mode 100644
index 000000000..5e540666d
--- /dev/null
+++ b/src/main/resources/taint-specification-collection/injection/sink/javax/sql-injection/sql-jdo.yml
@@ -0,0 +1,10 @@
+sinks:
+  # interface
+  # - { method: "<javax.jdo.PersistenceManager: javax.jdo.Query newQuery(java.lang.String)>", index: 0 }
+  # - { method: "<javax.jdo.PersistenceManager: javax.jdo.Query newQuery(java.lang.String,java.lang.Object)>", index: 0 }
+  # - { method: "<javax.jdo.PersistenceManager: javax.jdo.Query newQuery(java.lang.Class,java.util.Collection,java.lang.String)>", index: 0 }
+  # - { method: "<javax.jdo.PersistenceManager: javax.jdo.Query newQuery(java.lang.Class,java.lang.String)>", index: 0 }
+  # - { method: "<javax.jdo.PersistenceManager: javax.jdo.Query newQuery(javax.jdo.Extent,java.lang.String)>", index: 0 }
+
+  # - { method: "<javax.jdo.Query: void setFilter(java.lang.String)>", index: 0 }
+  # - { method: "<javax.jdo.Query: void setGrouping(java.lang.String)>", index: 0 }
diff --git a/src/main/resources/taint-specification-collection/injection/sink/javax/sql-injection/sql-jpa.yml b/src/main/resources/taint-specification-collection/injection/sink/javax/sql-injection/sql-jpa.yml
new file mode 100644
index 000000000..c5ff4e8b2
--- /dev/null
+++ b/src/main/resources/taint-specification-collection/injection/sink/javax/sql-injection/sql-jpa.yml
@@ -0,0 +1,7 @@
+sinks:
+  # interface
+  # - { method: "<javax.persistence.EntityManager: javax.persistence.Query createQuery(java.lang.String)>", index: 0 }
+  # - { method: "<javax.persistence.EntityManager: javax.persistence.TypedQuery createQuery(java.lang.String,java.lang.Class)>", index: 1 }
+  # - { method: "<javax.persistence.EntityManager: javax.persistence.Query createNativeQuery(java.lang.String)>", index: 0 }
+  # - { method: "<javax.persistence.EntityManager: javax.persistence.Query createNativeQuery(java.lang.String,java.lang.String)>", index: 1 }
+  # - { method: "<javax.persistence.EntityManager: javax.persistence.Query createNativeQuery(java.lang.String,java.lang.Class)>", index: 1 }
diff --git a/src/main/resources/taint-specification-collection/injection/sink/javax/xpath-injection/README.adoc b/src/main/resources/taint-specification-collection/injection/sink/javax/xpath-injection/README.adoc
new file mode 100644
index 000000000..ddcfce661
--- /dev/null
+++ b/src/main/resources/taint-specification-collection/injection/sink/javax/xpath-injection/README.adoc
@@ -0,0 +1,10 @@
+= Description
+
+- **Overview**: 
+    Java EE provides a set of methods for evaluating XPath expressions and selecting nodes within XML documents. These methods enable developers to easily locate, filter, and process specific nodes and data within XML documents.
+
+- **Common Use Cases**:
+    These APIs are commonly used to parse and execute XPath expressions, returning corresponding results based on the content of XML documents.
+
+- **Security Risks**:
+    XPath Injection: Similar to SQL injection attacks, attackers can craft malicious XPath expressions to reveal the structure of XML data or access data that is normally restricted. If the XML data is used for user authentication, attackers could even escalate their privileges.
diff --git a/src/main/resources/taint-specification-collection/injection/sink/javax/xpath-injection/xpath.yml b/src/main/resources/taint-specification-collection/injection/sink/javax/xpath-injection/xpath.yml
new file mode 100644
index 000000000..1cbf4e41b
--- /dev/null
+++ b/src/main/resources/taint-specification-collection/injection/sink/javax/xpath-injection/xpath.yml
@@ -0,0 +1,7 @@
+sinks:
+  # interface
+  # - { method: "<javax.xml.xpath.XPath: javax.xml.xpath.XPathExpression compile(java.lang.String)>", index: 0 }
+  # - { method: "<javax.xml.xpath.XPath: java.lang.String evaluate(java.lang.String,java.lang.Object)>", index: 1 }
+  # - { method: "<javax.xml.xpath.XPath: java.lang.Object evaluate(java.lang.String,java.lang.Object,javax.xml.namespace.QName)>", index: 2 }
+  # - { method: "<javax.xml.xpath.XPath: java.lang.String evaluate(java.lang.String,org.xml.sax.InputSource)>", index: 1 }
+  # - { method: "<javax.xml.xpath.XPath: java.lang.Object evaluate(java.lang.String,org.xml.sax.InputSource,javax.xml.namespace.QName)>", index: 2 }
diff --git a/src/main/resources/taint-specification-collection/injection/sink/javax/xss/README.adoc b/src/main/resources/taint-specification-collection/injection/sink/javax/xss/README.adoc
new file mode 100644
index 000000000..68c232acc
--- /dev/null
+++ b/src/main/resources/taint-specification-collection/injection/sink/javax/xss/README.adoc
@@ -0,0 +1,10 @@
+= Description
+
+- **Overview**: 
+    Java EE provides a set of formatting and output APIs that are used to format data into specific string forms and output these strings to various targets.
+
+- **Common Use Cases**:
+    These APIs are commonly used for formatting strings, writing text to output streams, and other similar tasks.
+
+- **Security Risks**:
+    XSS (Cross-Site Scripting) Attacks: If the formatted string or parameters include user input data and are not properly encoded, it may lead to XSS vulnerabilities. For example, if user input contains a `<script>` tag, it may be rendered and executed.
diff --git a/src/main/resources/taint-specification-collection/injection/sink/javax/xss/output.yml b/src/main/resources/taint-specification-collection/injection/sink/javax/xss/output.yml
new file mode 100644
index 000000000..b5bc605d2
--- /dev/null
+++ b/src/main/resources/taint-specification-collection/injection/sink/javax/xss/output.yml
@@ -0,0 +1,24 @@
+sinks:
+  - { method: "<javax.servlet.http.HttpServletResponse: void sendError(int,java.lang.String)>", index: 0 }
+  - { method: "<javax.servlet.http.HttpServletResponse: void setStatus(int,java.lang.String)>", index: 0 }
+  - { method: "<javax.servlet.http.HttpServletResponseWrapper: void sendError(int,java.lang.String)>", index: 0 }
+  - { method: "<javax.servlet.http.HttpServletResponseWrapper: void setStatus(int,java.lang.String)>", index: 0 }
+  - { method: "<javax.servlet.ServletOutputStream: void print(java.lang.String)>", index: 0 }
+  - { method: "<javax.servlet.ServletOutputStream: void println(java.lang.String)>", index: 0 }
+
+  - { method: "<javax.servlet.jsp.JspWriter: void write(java.lang.String)>", index: 0 }
+  - { method: "<javax.servlet.jsp.JspWriter: void write(java.lang.String,int,int)>", index: 2 }
+  - { method: "<javax.servlet.jsp.JspWriter: void write(char[])>", index: 0 }
+  - { method: "<javax.servlet.jsp.JspWriter: void write(char[],int,int)>", index: 2 }
+  - { method: "<javax.servlet.jsp.JspWriter: java.io.PrintWriter append(java.lang.CharSequence)>", index: 0 }
+  - { method: "<javax.servlet.jsp.JspWriter: java.io.PrintWriter append(java.lang.CharSequence,int,int)>", index: 2 }
+  - { method: "<javax.servlet.jsp.JspWriter: java.io.PrintWriter append(char)>", index: 0 }
+
+  - { method: "<javax.servlet.jsp.JspWriter: void print(char[])>", index: 0 }
+  - { method: "<javax.servlet.jsp.JspWriter: void print(java.lang.String)>", index: 0 }
+  - { method: "<javax.servlet.jsp.JspWriter: void print(java.lang.Object)>", index: 0 }
+  - { method: "<javax.servlet.jsp.JspWriter: void print(char)>", index: 0 }
+  - { method: "<javax.servlet.jsp.JspWriter: void println(char[])>", index: 0 }
+  - { method: "<javax.servlet.jsp.JspWriter: void println(java.lang.String)>", index: 0 }
+  - { method: "<javax.servlet.jsp.JspWriter: void println(java.lang.Object)>", index: 0 }
+  - { method: "<javax.servlet.jsp.JspWriter: void println(char)>", index: 0 }
\ No newline at end of file
diff --git a/src/main/resources/taint-specification-collection/injection/sink/javax/xss/request-dispatcher.yml b/src/main/resources/taint-specification-collection/injection/sink/javax/xss/request-dispatcher.yml
new file mode 100644
index 000000000..ff6f15ddf
--- /dev/null
+++ b/src/main/resources/taint-specification-collection/injection/sink/javax/xss/request-dispatcher.yml
@@ -0,0 +1,3 @@
+sinks:
+  - { method: "<javax.servlet.RequestDispatcher: void forward(javax.servlet.ServletRequest,javax.servlet.ServletResponse)>", index: 1 }
+  - { method: "<javax.servlet.RequestDispatcher: void include(javax.servlet.ServletRequest,javax.servlet.ServletResponse)>", index: 1 }
diff --git a/src/main/resources/taint-specification-collection/injection/sink/slf4j/crlf/README.adoc b/src/main/resources/taint-specification-collection/injection/sink/slf4j/crlf/README.adoc
new file mode 100644
index 000000000..e94237d96
--- /dev/null
+++ b/src/main/resources/taint-specification-collection/injection/sink/slf4j/crlf/README.adoc
@@ -0,0 +1,10 @@
+= Description
+
+- **Overview**: 
+    SLF4J (Simple Logging Facade for Java) is a logging library that provides a simple, unified interface for various logging frameworks. It allows developers to choose different logging implementations (e.g., Logback, Log4j, etc.) and log through a common API.
+
+- **Common Use Cases**:
+    These APIs are commonly used to log various types of information, such as recording errors and exceptions, tracking runtime information, issuing warnings, and integrating with log auditing systems.
+
+- **Security Risks**:
+    CRLF Injection: Attackers can craft malicious input containing CRLF (Carriage Return and Line Feed) sequences to forge log entries, mislead monitoring personnel, and even affect auditing systems. Additionally, attackers can flood logs with excessive errors or irrelevant information, potentially corrupting the log data.
diff --git a/src/main/resources/taint-specification-collection/injection/sink/slf4j/crlf/crlf-logs.yml b/src/main/resources/taint-specification-collection/injection/sink/slf4j/crlf/crlf-logs.yml
new file mode 100644
index 000000000..064738993
--- /dev/null
+++ b/src/main/resources/taint-specification-collection/injection/sink/slf4j/crlf/crlf-logs.yml
@@ -0,0 +1,91 @@
+sinks:
+  - { method: "<org.slf4j.Logger: void debug(org.slf4j.Marker,java.lang.String)>", index: 0 }
+  - { method: "<org.slf4j.Logger: void debug(org.slf4j.Marker,java.lang.String,java.lang.Object[])>", index: 0 }
+  - { method: "<org.slf4j.Logger: void debug(org.slf4j.Marker,java.lang.String,java.lang.Object[])>", index: 1 }
+  - { method: "<org.slf4j.Logger: void debug(org.slf4j.Marker,java.lang.String,java.lang.Object)>", index: 0 }
+  - { method: "<org.slf4j.Logger: void debug(org.slf4j.Marker,java.lang.String,java.lang.Object)>", index: 1 }
+  - { method: "<org.slf4j.Logger: void debug(org.slf4j.Marker,java.lang.String,java.lang.Object,java.lang.Object)>", index: 0 }
+  - { method: "<org.slf4j.Logger: void debug(org.slf4j.Marker,java.lang.String,java.lang.Object,java.lang.Object)>", index: 1 }
+  - { method: "<org.slf4j.Logger: void debug(org.slf4j.Marker,java.lang.String,java.lang.Object,java.lang.Object)>", index: 2 }
+  - { method: "<org.slf4j.Logger: void debug(org.slf4j.Marker,java.lang.String,java.lang.Throwable)>", index: 1 }
+  - { method: "<org.slf4j.Logger: void debug(java.lang.String)>", index: 0 }
+  - { method: "<org.slf4j.Logger: void debug(java.lang.String,java.lang.Object[])>", index: 0 }
+  - { method: "<org.slf4j.Logger: void debug(java.lang.String,java.lang.Object[])>", index: 1 }
+  - { method: "<org.slf4j.Logger: void debug(java.lang.String,java.lang.Object)>", index: 0 }
+  - { method: "<org.slf4j.Logger: void debug(java.lang.String,java.lang.Object)>", index: 1 }
+  - { method: "<org.slf4j.Logger: void debug(java.lang.String,java.lang.Object,java.lang.Object)>", index: 0 }
+  - { method: "<org.slf4j.Logger: void debug(java.lang.String,java.lang.Object,java.lang.Object)>", index: 1 }
+  - { method: "<org.slf4j.Logger: void debug(java.lang.String,java.lang.Object,java.lang.Object)>", index: 2 }
+  - { method: "<org.slf4j.Logger: void debug(java.lang.String,java.lang.Throwable)>", index: 1 }
+  - { method: "<org.slf4j.Logger: void error(org.slf4j.Marker,java.lang.String)>", index: 0 }
+  - { method: "<org.slf4j.Logger: void error(org.slf4j.Marker,java.lang.String,java.lang.Object[])>", index: 0 }
+  - { method: "<org.slf4j.Logger: void error(org.slf4j.Marker,java.lang.String,java.lang.Object[])>", index: 1 }
+  - { method: "<org.slf4j.Logger: void error(org.slf4j.Marker,java.lang.String,java.lang.Object)>", index: 0 }
+  - { method: "<org.slf4j.Logger: void error(org.slf4j.Marker,java.lang.String,java.lang.Object)>", index: 1 }
+  - { method: "<org.slf4j.Logger: void error(org.slf4j.Marker,java.lang.String,java.lang.Object, java.lang.Object)>", index: 0 }
+  - { method: "<org.slf4j.Logger: void error(org.slf4j.Marker,java.lang.String,java.lang.Object, java.lang.Object)>", index: 1 }
+  - { method: "<org.slf4j.Logger: void error(org.slf4j.Marker,java.lang.String,java.lang.Object, java.lang.Object)>", index: 2 }
+  - { method: "<org.slf4j.Logger: void error(org.slf4j.Marker,java.lang.String,java.lang.Throwable)>", index: 1 }
+  - { method: "<org.slf4j.Logger: void error(java.lang.String)>", index: 0 }
+  - { method: "<org.slf4j.Logger: void error(java.lang.String,java.lang.Object[])>", index: 0 }
+  - { method: "<org.slf4j.Logger: void error(java.lang.String,java.lang.Object[])>", index: 1 }
+  - { method: "<org.slf4j.Logger: void error(java.lang.String,java.lang.Object)>", index: 0 }
+  - { method: "<org.slf4j.Logger: void error(java.lang.String,java.lang.Object)>", index: 1 }
+  - { method: "<org.slf4j.Logger: void error(java.lang.String,java.lang.Object,java.lang.Object)>", index: 0 }
+  - { method: "<org.slf4j.Logger: void error(java.lang.String,java.lang.Object,java.lang.Object)>", index: 1 }
+  - { method: "<org.slf4j.Logger: void error(java.lang.String,java.lang.Object,java.lang.Object)>", index: 2 }
+  - { method: "<org.slf4j.Logger: void error(java.lang.String,java.lang.Throwable)>", index: 1 }
+  - { method: "<org.slf4j.Logger: void info(java.lang.String)>", index: 0 }
+  - { method: "<org.slf4j.Logger: void info(java.lang.String,java.lang.Object[])>", index: 0 }
+  - { method: "<org.slf4j.Logger: void info(java.lang.String,java.lang.Object[])>", index: 1 }
+  - { method: "<org.slf4j.Logger: void info(java.lang.String,java.lang.Object)>", index: 0 }
+  - { method: "<org.slf4j.Logger: void info(java.lang.String,java.lang.Object)>", index: 1 }
+  - { method: "<org.slf4j.Logger: void info(java.lang.String,java.lang.Object,java.lang.Object)>", index: 0 }
+  - { method: "<org.slf4j.Logger: void info(java.lang.String,java.lang.Object,java.lang.Object)>", index: 1 }
+  - { method: "<org.slf4j.Logger: void info(java.lang.String,java.lang.Object,java.lang.Object)>", index: 2 }
+  - { method: "<org.slf4j.Logger: void info(java.lang.String,java.lang.Throwable)>", index: 1 }
+  - { method: "<org.slf4j.Logger: void info(java.lang.String)>", index: 0 }
+  - { method: "<org.slf4j.Logger: void info(java.lang.String,java.lang.Object[])>", index: 0 }
+  - { method: "<org.slf4j.Logger: void info(java.lang.String,java.lang.Object[])>", index: 1 }
+  - { method: "<org.slf4j.Logger: void info(java.lang.String,java.lang.Object)>", index: 0 }
+  - { method: "<org.slf4j.Logger: void info(java.lang.String,java.lang.Object)>", index: 1 }
+  - { method: "<org.slf4j.Logger: void info(java.lang.String,java.lang.Object,java.lang.Object)>", index: 0 }
+  - { method: "<org.slf4j.Logger: void info(java.lang.String,java.lang.Object,java.lang.Object)>", index: 1 }
+  - { method: "<org.slf4j.Logger: void info(java.lang.String,java.lang.Object,java.lang.Object)>", index: 2 }
+  - { method: "<org.slf4j.Logger: void info(java.lang.String,java.lang.Throwable)>", index: 1 }
+  - { method: "<org.slf4j.Logger: void trace(org.slf4j.Marker,java.lang.String)>", index: 0 }
+  - { method: "<org.slf4j.Logger: void trace(org.slf4j.Marker,java.lang.String,java.lang.Object[])>", index: 0 }
+  - { method: "<org.slf4j.Logger: void trace(org.slf4j.Marker,java.lang.String,java.lang.Object[])>", index: 1 }
+  - { method: "<org.slf4j.Logger: void trace(org.slf4j.Marker,java.lang.String,java.lang.Object)>", index: 0 }
+  - { method: "<org.slf4j.Logger: void trace(org.slf4j.Marker,java.lang.String,java.lang.Object)>", index: 1 }
+  - { method: "<org.slf4j.Logger: void trace(org.slf4j.Marker,java.lang.String,java.lang.Object,java.lang.Object)>", index: 0 }
+  - { method: "<org.slf4j.Logger: void trace(org.slf4j.Marker,java.lang.String,java.lang.Object,java.lang.Object)>", index: 1 }
+  - { method: "<org.slf4j.Logger: void trace(org.slf4j.Marker,java.lang.String,java.lang.Object,java.lang.Object)>", index: 2 }
+  - { method: "<org.slf4j.Logger: void trace(org.slf4j.Marker,java.lang.String,java.lang.Throwable)>", index: 1 }
+  - { method: "<org.slf4j.Logger: void trace(java.lang.String)>", index: 0 }
+  - { method: "<org.slf4j.Logger: void trace(java.lang.String,java.lang.Object[])>", index: 0 }
+  - { method: "<org.slf4j.Logger: void trace(java.lang.String,java.lang.Object[])>", index: 1 }
+  - { method: "<org.slf4j.Logger: void trace(java.lang.String,java.lang.Object)>", index: 0 }
+  - { method: "<org.slf4j.Logger: void trace(java.lang.String,java.lang.Object)>", index: 1 }
+  - { method: "<org.slf4j.Logger: void trace(java.lang.String,java.lang.Object,java.lang.Object)>", index: 0 }
+  - { method: "<org.slf4j.Logger: void trace(java.lang.String,java.lang.Object,java.lang.Object)>", index: 1 }
+  - { method: "<org.slf4j.Logger: void trace(java.lang.String,java.lang.Object,java.lang.Object)>", index: 2 }
+  - { method: "<org.slf4j.Logger: void trace(java.lang.String,java.lang.Throwable)>", index: 1 }
+  - { method: "<org.slf4j.Logger: void warn(org.slf4j.Marker,java.lang.String)>", index: 0 }
+  - { method: "<org.slf4j.Logger: void warn(org.slf4j.Marker,java.lang.String,java.lang.Object[])>", index: 0 }
+  - { method: "<org.slf4j.Logger: void warn(org.slf4j.Marker,java.lang.String,java.lang.Object[])>", index: 1 }
+  - { method: "<org.slf4j.Logger: void warn(org.slf4j.Marker,java.lang.String,java.lang.Object)>", index: 0 }
+  - { method: "<org.slf4j.Logger: void warn(org.slf4j.Marker,java.lang.String,java.lang.Object)>", index: 1 }
+  - { method: "<org.slf4j.Logger: void warn(org.slf4j.Marker,java.lang.String,java.lang.Object,java.lang.Object)>", index: 0 }
+  - { method: "<org.slf4j.Logger: void warn(org.slf4j.Marker,java.lang.String,java.lang.Object,java.lang.Object)>", index: 1 }
+  - { method: "<org.slf4j.Logger: void warn(org.slf4j.Marker,java.lang.String,java.lang.Object,java.lang.Object)>", index: 2 }
+  - { method: "<org.slf4j.Logger: void warn(org.slf4j.Marker,java.lang.String,java.lang.Throwable)>", index: 1 }
+  - { method: "<org.slf4j.Logger: void warn(java.lang.String)>", index: 0 }
+  - { method: "<org.slf4j.Logger: void warn(java.lang.String,java.lang.Object[])>", index: 0 }
+  - { method: "<org.slf4j.Logger: void warn(java.lang.String,java.lang.Object[])>", index: 1 }
+  - { method: "<org.slf4j.Logger: void warn(java.lang.String,java.lang.Object)>", index: 0 }
+  - { method: "<org.slf4j.Logger: void warn(java.lang.String,java.lang.Object)>", index: 1 }
+  - { method: "<org.slf4j.Logger: void warn(java.lang.String,java.lang.Object,java.lang.Object)>", index: 0 }
+  - { method: "<org.slf4j.Logger: void warn(java.lang.String,java.lang.Object,java.lang.Object)>", index: 1 }
+  - { method: "<org.slf4j.Logger: void warn(java.lang.String,java.lang.Object,java.lang.Object)>", index: 2 }
+  - { method: "<org.slf4j.Logger: void warn(java.lang.String,java.lang.Throwable)>", index: 1 }
\ No newline at end of file
diff --git a/src/main/resources/taint-specification-collection/injection/sink/spring-framework/beans/README.adoc b/src/main/resources/taint-specification-collection/injection/sink/spring-framework/beans/README.adoc
new file mode 100644
index 000000000..dd4e23c3d
--- /dev/null
+++ b/src/main/resources/taint-specification-collection/injection/sink/spring-framework/beans/README.adoc
@@ -0,0 +1,10 @@
+= Description
+
+- **Overview**: 
+    The Spring Framework beans provide a set of utility methods for manipulating Java Beans. The APIs in this directory can be used for common tasks, such as property copying.
+
+- **Common Use Cases**:
+    These APIs are commonly used for copying Java Bean objects.
+
+- **Security Risks**:
+    Property Injection: If attackers gain control over the objects being populated or the property names being set, they can inject unexpected and malicious property values, leading to property injection vulnerabilities.
diff --git a/src/main/resources/taint-specification-collection/injection/sink/spring-framework/beans/beans.yml b/src/main/resources/taint-specification-collection/injection/sink/spring-framework/beans/beans.yml
new file mode 100644
index 000000000..fcea2c64a
--- /dev/null
+++ b/src/main/resources/taint-specification-collection/injection/sink/spring-framework/beans/beans.yml
@@ -0,0 +1,5 @@
+sinks:
+  - { method: "<org.springframework.beans.BeanUtils: void copyProperties(java.lang.Object,java.lang.Object)>", index: 1 }
+  - { method: "<org.springframework.beans.BeanUtils: void copyProperties(java.lang.Object,java.lang.Object,java.lang.Class)>", index: 1 }
+  - { method: "<org.springframework.beans.BeanUtils: void copyProperties(java.lang.Object,java.lang.Object,java.lang.String[])>", index: 1 }
+  - { method: "<org.springframework.beans.BeanUtils: void copyProperties(java.lang.Object,java.lang.Object,java.lang.Class,java.lang.String[])>", index: 1 }
diff --git a/src/main/resources/taint-specification-collection/injection/sink/spring-framework/file-disclosure/README.adoc b/src/main/resources/taint-specification-collection/injection/sink/spring-framework/file-disclosure/README.adoc
new file mode 100644
index 000000000..369c0cbde
--- /dev/null
+++ b/src/main/resources/taint-specification-collection/injection/sink/spring-framework/file-disclosure/README.adoc
@@ -0,0 +1,10 @@
+= Description
+
+- **Overview**: 
+    These APIs are methods from Spring MVC used to create and manipulate ModelAndView objects. ModelAndView is a class in Spring MVC used to return model data and view names, enabling data binding to the view for rendering.
+
+- **Common Use Cases**:
+    These APIs are commonly used to create and manipulate ModelAndView objects, for page navigation, data passing, and dynamic view resolution.
+
+- **Security Risks**:
+    File Disclosure: If attackers gain control over the creation of ModelAndView objects, they can craft malicious requests to access sensitive files, such as configuration files or application class/jar files.
diff --git a/src/main/resources/taint-specification-collection/injection/sink/spring-framework/file-disclosure/spring-file-disclosure.yml b/src/main/resources/taint-specification-collection/injection/sink/spring-framework/file-disclosure/spring-file-disclosure.yml
new file mode 100644
index 000000000..1c4e93f74
--- /dev/null
+++ b/src/main/resources/taint-specification-collection/injection/sink/spring-framework/file-disclosure/spring-file-disclosure.yml
@@ -0,0 +1,5 @@
+sinks:
+  - { method: "<org.springframework.web.servlet.ModelAndView: void <init>(java.lang.String)>", index: 0 }
+  - { method: "<org.springframework.web.servlet.ModelAndView: void <init>(java.lang.String,java.lang.String,java.lang.Object)>", index: 2 }
+  - { method: "<org.springframework.web.servlet.ModelAndView: void <init>(java.lang.String,java.util.Map)>", index: 1 }
+  - { method: "<org.springframework.web.servlet.ModelAndView: void setViewName(java.lang.String)>", index: 0 }
diff --git a/src/main/resources/taint-specification-collection/injection/sink/spring-framework/ldap-injection/README.adoc b/src/main/resources/taint-specification-collection/injection/sink/spring-framework/ldap-injection/README.adoc
new file mode 100644
index 000000000..2ab3d8b73
--- /dev/null
+++ b/src/main/resources/taint-specification-collection/injection/sink/spring-framework/ldap-injection/README.adoc
@@ -0,0 +1,10 @@
+= Description
+
+- **Overview**: 
+    LDAP (Lightweight Directory Access Protocol) is a protocol used to access and maintain distributed directory information services. Web applications often use LDAP to manage users and permissions.
+
+- **Common Use Cases**:
+    These APIs are commonly used to search, query, and list entries in an LDAP directory.
+
+- **Security Risks**:
+    Unauthorized Access: When applications construct LDAP queries based on user input, attackers can exploit insufficient input validation to craft malicious inputs that modify the LDAP query, leading to unauthorized access or data manipulation.
diff --git a/src/main/resources/taint-specification-collection/injection/sink/spring-framework/ldap-injection/ldap.yml b/src/main/resources/taint-specification-collection/injection/sink/spring-framework/ldap-injection/ldap.yml
new file mode 100644
index 000000000..9bebfba2d
--- /dev/null
+++ b/src/main/resources/taint-specification-collection/injection/sink/spring-framework/ldap-injection/ldap.yml
@@ -0,0 +1,74 @@
+sinks:
+  - { method: "<org.springframework.ldap.core.LdapTemplate: java.util.List list(java.lang.String)>", index: 0 }
+  - { method: "<org.springframework.ldap.core.LdapTemplate: java.util.List list(java.lang.String,org.springframework.ldap.core.NameClassPairMapper)>", index: 1 }
+  - { method: "<org.springframework.ldap.core.LdapTemplate: void list(java.lang.String,org.springframework.ldap.core.NameClassPairCallbackHandler)>", index: 1 }
+
+  - { method: "<org.springframework.ldap.core.LdapTemplate: java.lang.Object lookup(java.lang.String)>", index: 0 }
+  - { method: "<org.springframework.ldap.core.LdapTemplate: java.lang.Object lookup(java.lang.String,org.springframework.ldap.core.AttributesMapper)>", index: 1 }
+  - { method: "<org.springframework.ldap.core.LdapTemplate: java.lang.Object lookup(java.lang.String,org.springframework.ldap.core.ContextMapper)>", index: 1 }
+
+  - { method: "<org.springframework.ldap.core.LdapTemplate: void search(java.lang.String,java.lang.String,javax.naming.directory.SearchControls,org.springframework.ldap.core.NameClassPairCallbackHandler)>", index: 2 }
+  - { method: "<org.springframework.ldap.core.LdapTemplate: void search(java.lang.String,java.lang.String,javax.naming.directory.SearchControls,org.springframework.ldap.core.NameClassPairCallbackHandler)>", index: 3 }
+  - { method: "<org.springframework.ldap.core.LdapTemplate: java.util.List search(java.lang.String,java.lang.String,javax.naming.directory.SearchControls,org.springframework.ldap.core.AttributesMapper,org.springframework.ldap.core.DirContextProcessor)>", index: 3 }
+  - { method: "<org.springframework.ldap.core.LdapTemplate: java.util.List search(java.lang.String,java.lang.String,javax.naming.directory.SearchControls,org.springframework.ldap.core.AttributesMapper,org.springframework.ldap.core.DirContextProcessor)>", index: 4 }
+  - { method: "<org.springframework.ldap.core.LdapTemplate: java.util.List search(java.lang.String,java.lang.String,javax.naming.directory.SearchControls,org.springframework.ldap.core.ContextMapper,org.springframework.ldap.core.DirContextProcessor)>", index: 3 }
+  - { method: "<org.springframework.ldap.core.LdapTemplate: java.util.List search(java.lang.String,java.lang.String,javax.naming.directory.SearchControls,org.springframework.ldap.core.ContextMapper,org.springframework.ldap.core.DirContextProcessor)>", index: 4 }
+  - { method: "<org.springframework.ldap.core.LdapTemplate: void search(java.lang.String,java.lang.String,javax.naming.directory.SearchControls,org.springframework.ldap.core.NameClassPairCallbackHandler,org.springframework.ldap.core.DirContextProcessor)>", index: 3 }
+  - { method: "<org.springframework.ldap.core.LdapTemplate: void search(java.lang.String,java.lang.String,javax.naming.directory.SearchControls,org.springframework.ldap.core.NameClassPairCallbackHandler,org.springframework.ldap.core.DirContextProcessor)>", index: 4 }
+  - { method: "<org.springframework.ldap.core.LdapTemplate: void search(java.lang.String,java.lang.String,int,boolean,org.springframework.ldap.core.NameClassPairCallbackHandler)>", index: 3 }
+  - { method: "<org.springframework.ldap.core.LdapTemplate: void search(java.lang.String,java.lang.String,int,boolean,org.springframework.ldap.core.NameClassPairCallbackHandler)>", index: 4 }
+  - { method: "<org.springframework.ldap.core.LdapTemplate: void search(java.lang.String,java.lang.String,org.springframework.ldap.core.NameClassPairCallbackHandler)>", index: 1 }
+  - { method: "<org.springframework.ldap.core.LdapTemplate: void search(java.lang.String,java.lang.String,org.springframework.ldap.core.NameClassPairCallbackHandler)>", index: 2 }
+  - { method: "<org.springframework.ldap.core.LdapTemplate: java.util.List search(java.lang.String,java.lang.String,int,java.lang.String[],org.springframework.ldap.core.AttributesMapper)>", index: 3 }
+  - { method: "<org.springframework.ldap.core.LdapTemplate: java.util.List search(java.lang.String,java.lang.String,int,java.lang.String[],org.springframework.ldap.core.AttributesMapper)>", index: 4 }
+  - { method: "<org.springframework.ldap.core.LdapTemplate: java.util.List search(java.lang.String,java.lang.String,int,org.springframework.ldap.core.AttributesMapper)>", index: 2 }
+  - { method: "<org.springframework.ldap.core.LdapTemplate: java.util.List search(java.lang.String,java.lang.String,int,org.springframework.ldap.core.AttributesMapper)>", index: 3 }
+  - { method: "<org.springframework.ldap.core.LdapTemplate: java.util.List search(java.lang.String,java.lang.String,org.springframework.ldap.core.AttributesMapper)>", index: 1 }
+  - { method: "<org.springframework.ldap.core.LdapTemplate: java.util.List search(java.lang.String,java.lang.String,org.springframework.ldap.core.AttributesMapper)>", index: 2 }
+  - { method: "<org.springframework.ldap.core.LdapTemplate: java.util.List search(java.lang.String,java.lang.String,int,java.lang.String[],org.springframework.ldap.core.ContextMapper)>", index: 3 }
+  - { method: "<org.springframework.ldap.core.LdapTemplate: java.util.List search(java.lang.String,java.lang.String,int,java.lang.String[],org.springframework.ldap.core.ContextMapper)>", index: 4 }
+  - { method: "<org.springframework.ldap.core.LdapTemplate: java.util.List search(java.lang.String,java.lang.String,int,org.springframework.ldap.core.ContextMapper)>", index: 2 }
+  - { method: "<org.springframework.ldap.core.LdapTemplate: java.util.List search(java.lang.String,java.lang.String,int,org.springframework.ldap.core.ContextMapper)>", index: 3 }
+  - { method: "<org.springframework.ldap.core.LdapTemplate: java.util.List search(java.lang.String,java.lang.String,org.springframework.ldap.core.ContextMapper)>", index: 1 }
+  - { method: "<org.springframework.ldap.core.LdapTemplate: java.util.List search(java.lang.String,java.lang.String,org.springframework.ldap.core.ContextMapper)>", index: 2 }
+  - { method: "<org.springframework.ldap.core.LdapTemplate: java.util.List search(java.lang.String,java.lang.String,javax.naming.directory.SearchControls,org.springframework.ldap.core.ContextMapper)>", index: 2 }
+  - { method: "<org.springframework.ldap.core.LdapTemplate: java.util.List search(java.lang.String,java.lang.String,javax.naming.directory.SearchControls,org.springframework.ldap.core.ContextMapper)>", index: 3 }
+  - { method: "<org.springframework.ldap.core.LdapTemplate: java.util.List search(java.lang.String,java.lang.String,javax.naming.directory.SearchControls,org.springframework.ldap.core.AttributesMapper)>", index: 2 }
+  - { method: "<org.springframework.ldap.core.LdapTemplate: java.util.List search(java.lang.String,java.lang.String,javax.naming.directory.SearchControls,org.springframework.ldap.core.AttributesMapper)>", index: 3 }
+
+  - { method: "<org.springframework.ldap.core.LdapOperations: java.util.List list(java.lang.String)>", index: 0 }
+  - { method: "<org.springframework.ldap.core.LdapOperations: java.util.List list(java.lang.String,org.springframework.ldap.core.NameClassPairMapper)>", index: 1 }
+  - { method: "<org.springframework.ldap.core.LdapOperations: void list(java.lang.String,org.springframework.ldap.core.NameClassPairCallbackHandler)>", index: 1 }
+
+  - { method: "<org.springframework.ldap.core.LdapOperations: java.lang.Object lookup(java.lang.String)>", index: 0 }
+  - { method: "<org.springframework.ldap.core.LdapOperations: java.lang.Object lookup(java.lang.String,org.springframework.ldap.core.AttributesMapper)>", index: 1 }
+  - { method: "<org.springframework.ldap.core.LdapOperations: java.lang.Object lookup(java.lang.String,org.springframework.ldap.core.ContextMapper)>", index: 1 }
+
+  - { method: "<org.springframework.ldap.core.LdapOperations: void search(java.lang.String,java.lang.String,javax.naming.directory.SearchControls,org.springframework.ldap.core.NameClassPairCallbackHandler)>", index: 2 }
+  - { method: "<org.springframework.ldap.core.LdapOperations: void search(java.lang.String,java.lang.String,javax.naming.directory.SearchControls,org.springframework.ldap.core.NameClassPairCallbackHandler)>", index: 3 }
+  - { method: "<org.springframework.ldap.core.LdapOperations: java.util.List search(java.lang.String,java.lang.String,javax.naming.directory.SearchControls,org.springframework.ldap.core.AttributesMapper,org.springframework.ldap.core.DirContextProcessor)>", index: 3 }
+  - { method: "<org.springframework.ldap.core.LdapOperations: java.util.List search(java.lang.String,java.lang.String,javax.naming.directory.SearchControls,org.springframework.ldap.core.AttributesMapper,org.springframework.ldap.core.DirContextProcessor)>", index: 4 }
+  - { method: "<org.springframework.ldap.core.LdapOperations: java.util.List search(java.lang.String,java.lang.String,javax.naming.directory.SearchControls,org.springframework.ldap.core.ContextMapper,org.springframework.ldap.core.DirContextProcessor)>", index: 3 }
+  - { method: "<org.springframework.ldap.core.LdapOperations: java.util.List search(java.lang.String,java.lang.String,javax.naming.directory.SearchControls,org.springframework.ldap.core.ContextMapper,org.springframework.ldap.core.DirContextProcessor)>", index: 4 }
+  - { method: "<org.springframework.ldap.core.LdapOperations: void search(java.lang.String,java.lang.String,javax.naming.directory.SearchControls,org.springframework.ldap.core.NameClassPairCallbackHandler,org.springframework.ldap.core.DirContextProcessor)>", index: 3 }
+  - { method: "<org.springframework.ldap.core.LdapOperations: void search(java.lang.String,java.lang.String,javax.naming.directory.SearchControls,org.springframework.ldap.core.NameClassPairCallbackHandler,org.springframework.ldap.core.DirContextProcessor)>", index: 4 }
+  - { method: "<org.springframework.ldap.core.LdapOperations: void search(java.lang.String,java.lang.String,int,boolean,org.springframework.ldap.core.NameClassPairCallbackHandler)>", index: 3 }
+  - { method: "<org.springframework.ldap.core.LdapOperations: void search(java.lang.String,java.lang.String,int,boolean,org.springframework.ldap.core.NameClassPairCallbackHandler)>", index: 4 }
+  - { method: "<org.springframework.ldap.core.LdapOperations: void search(java.lang.String,java.lang.String,org.springframework.ldap.core.NameClassPairCallbackHandler)>", index: 1 }
+  - { method: "<org.springframework.ldap.core.LdapOperations: void search(java.lang.String,java.lang.String,org.springframework.ldap.core.NameClassPairCallbackHandler)>", index: 2 }
+  - { method: "<org.springframework.ldap.core.LdapOperations: java.util.List search(java.lang.String,java.lang.String,int,java.lang.String[],org.springframework.ldap.core.AttributesMapper)>", index: 3 }
+  - { method: "<org.springframework.ldap.core.LdapOperations: java.util.List search(java.lang.String,java.lang.String,int,java.lang.String[],org.springframework.ldap.core.AttributesMapper)>", index: 4 }
+  - { method: "<org.springframework.ldap.core.LdapOperations: java.util.List search(java.lang.String,java.lang.String,int,org.springframework.ldap.core.AttributesMapper)>", index: 2 }
+  - { method: "<org.springframework.ldap.core.LdapOperations: java.util.List search(java.lang.String,java.lang.String,int,org.springframework.ldap.core.AttributesMapper)>", index: 3 }
+  - { method: "<org.springframework.ldap.core.LdapOperations: java.util.List search(java.lang.String,java.lang.String,org.springframework.ldap.core.AttributesMapper)>", index: 1 }
+  - { method: "<org.springframework.ldap.core.LdapOperations: java.util.List search(java.lang.String,java.lang.String,org.springframework.ldap.core.AttributesMapper)>", index: 2 }
+  - { method: "<org.springframework.ldap.core.LdapOperations: java.util.List search(java.lang.String,java.lang.String,int,java.lang.String[],org.springframework.ldap.core.ContextMapper)>", index: 3 }
+  - { method: "<org.springframework.ldap.core.LdapOperations: java.util.List search(java.lang.String,java.lang.String,int,java.lang.String[],org.springframework.ldap.core.ContextMapper)>", index: 4 }
+  - { method: "<org.springframework.ldap.core.LdapOperations: java.util.List search(java.lang.String,java.lang.String,int,org.springframework.ldap.core.ContextMapper)>", index: 2 }
+  - { method: "<org.springframework.ldap.core.LdapOperations: java.util.List search(java.lang.String,java.lang.String,int,org.springframework.ldap.core.ContextMapper)>", index: 3 }
+  - { method: "<org.springframework.ldap.core.LdapOperations: java.util.List search(java.lang.String,java.lang.String,org.springframework.ldap.core.ContextMapper)>", index: 1 }
+  - { method: "<org.springframework.ldap.core.LdapOperations: java.util.List search(java.lang.String,java.lang.String,org.springframework.ldap.core.ContextMapper)>", index: 2 }
+  - { method: "<org.springframework.ldap.core.LdapOperations: java.util.List search(java.lang.String,java.lang.String,javax.naming.directory.SearchControls,org.springframework.ldap.core.ContextMapper)>", index: 2 }
+  - { method: "<org.springframework.ldap.core.LdapOperations: java.util.List search(java.lang.String,java.lang.String,javax.naming.directory.SearchControls,org.springframework.ldap.core.ContextMapper)>", index: 3 }
+  - { method: "<org.springframework.ldap.core.LdapOperations: java.util.List search(java.lang.String,java.lang.String,javax.naming.directory.SearchControls,org.springframework.ldap.core.AttributesMapper)>", index: 2 }
+  - { method: "<org.springframework.ldap.core.LdapOperations: java.util.List search(java.lang.String,java.lang.String,javax.naming.directory.SearchControls,org.springframework.ldap.core.AttributesMapper)>", index: 3 }
diff --git a/src/main/resources/taint-specification-collection/injection/sink/spring-framework/spel-inejction/README.adoc b/src/main/resources/taint-specification-collection/injection/sink/spring-framework/spel-inejction/README.adoc
new file mode 100644
index 000000000..25d73d30a
--- /dev/null
+++ b/src/main/resources/taint-specification-collection/injection/sink/spring-framework/spel-inejction/README.adoc
@@ -0,0 +1,10 @@
+= Description
+
+- **Overview**: 
+    These APIs are methods from the Spring Framework used to parse expression strings and generate corresponding expression objects. SPEL (Spring Expression Language) is a more powerful expression language than JSP's EL, offering capabilities such as method calls and basic string templating.
+
+- **Common Use Cases**:
+    These APIs are commonly used to parse expression strings and generate corresponding expression objects, which may later be evaluated within a specific context.
+
+- **Security Risks**:
+    RCE (Remote Code Execution): If attackers can manipulate the input SpEL expressions without restrictions, evaluating the expression in the default context may lead to remote code execution vulnerabilities.
diff --git a/src/main/resources/taint-specification-collection/injection/sink/spring-framework/spel-inejction/spring-expression.yml b/src/main/resources/taint-specification-collection/injection/sink/spring-framework/spel-inejction/spring-expression.yml
new file mode 100644
index 000000000..817146382
--- /dev/null
+++ b/src/main/resources/taint-specification-collection/injection/sink/spring-framework/spel-inejction/spring-expression.yml
@@ -0,0 +1,10 @@
+sinks:
+  # interface
+  # - { method: "<org.springframework.expression.ExpressionParser: org.springframework.expression.Expression parseExpression(java.lang.String)>", index: 0 }
+  - { method: "<org.springframework.expression.spel.standard.SpelExpressionParser: org.springframework.expression.Expression parseExpression(java.lang.String)>", index: 0 }
+  - { method: "<org.springframework.expression.common.TemplateAwareExpressionParser: org.springframework.expression.Expression parseExpression(java.lang.String)>", index: 0 }
+
+  # interface
+  # - { method: "<org.springframework.expression.ExpressionParser: org.springframework.expression.Expression parseExpression(java.lang.String,org.springframework.expression.ParserContext)>", index: 1 }
+  - { method: "<org.springframework.expression.spel.standard.SpelExpressionParser: org.springframework.expression.Expression parseExpression(java.lang.String,org.springframework.expression.ParserContext)>", index: 1 }
+  - { method: "<org.springframework.expression.common.TemplateAwareExpressionParser: org.springframework.expression.Expression parseExpression(java.lang.String,org.springframework.expression.ParserContext)>", index: 1 }
diff --git a/src/main/resources/taint-specification-collection/injection/sink/spring-framework/sql-injection/README.adoc b/src/main/resources/taint-specification-collection/injection/sink/spring-framework/sql-injection/README.adoc
new file mode 100644
index 000000000..4e470e00f
--- /dev/null
+++ b/src/main/resources/taint-specification-collection/injection/sink/spring-framework/sql-injection/README.adoc
@@ -0,0 +1,10 @@
+= Description
+
+- **Overview**: 
+    The APIs in this directory provide various ways to execute SQL queries and return results. These methods are used for interacting with databases by executing SQL queries to retrieve data.
+
+- **Common Use Cases**:
+    These APIs are commonly used for handling user input for data queries and SQL query execution, where users typically have some control over the parameters.
+
+- **Security Risks**:
+    SQL Injection: Attackers can craft malicious inputs to insert SQL commands, allowing them to manipulate the database.
diff --git a/src/main/resources/taint-specification-collection/injection/sink/spring-framework/sql-injection/sql-spring.yml b/src/main/resources/taint-specification-collection/injection/sink/spring-framework/sql-injection/sql-spring.yml
new file mode 100644
index 000000000..60368efce
--- /dev/null
+++ b/src/main/resources/taint-specification-collection/injection/sink/spring-framework/sql-injection/sql-spring.yml
@@ -0,0 +1,30 @@
+sinks:
+  - { method: "<org.springframework.jdbc.core.JdbcTemplate: int update(java.lang.String)>", index: 0 }
+  - { method: "<org.springframework.jdbc.core.JdbcTemplate: int update(java.lang.String,java.lang.Object[],int[])>", index: 1 }
+  - { method: "<org.springframework.jdbc.core.JdbcTemplate: int update(java.lang.String,java.lang.Object[],int[])>", index: 2 }
+  - { method: "<org.springframework.jdbc.core.JdbcTemplate: int update(java.lang.String,org.springframework.jdbc.core.PreparedStatementSetter)>", index: 1 }
+  - { method: "<org.springframework.jdbc.core.JdbcTemplate: int update(java.lang.String,java.lang.Object[],int[])>", index: 1 }
+  - { method: "<org.springframework.jdbc.core.JdbcTemplate: int update(java.lang.String,java.lang.Object[],int[])>", index: 2 }
+  - { method: "<org.springframework.jdbc.core.JdbcTemplate: int update(java.lang.String,java.lang.Object[])>", index: 1 }
+
+  - { method: "<org.springframework.jdbc.core.JdbcTemplate: java.lang.Object query(java.lang.String,org.springframework.jdbc.core.ResultSetExtractor)>", index: 0 }
+  - { method: "<org.springframework.jdbc.core.JdbcTemplate: void query(java.lang.String,org.springframework.jdbc.core.RowCallbackHandler)>", index: 0 }
+  - { method: "<org.springframework.jdbc.core.JdbcTemplate: java.util.List query(java.lang.String,org.springframework.jdbc.core.RowMapper)>", index: 0 }
+  
+  - { method: "<org.springframework.jdbc.core.JdbcTemplate: java.lang.Object query(java.lang.String,org.springframework.jdbc.core.PreparedStatementSetter,org.springframework.jdbc.core.ResultSetExtractor)>", index: 1 }
+  - { method: "<org.springframework.jdbc.core.JdbcTemplate: java.lang.Object query(java.lang.String,java.lang.Object[],int[],org.springframework.jdbc.core.ResultSetExtractor)>", index: 1 }
+  - { method: "<org.springframework.jdbc.core.JdbcTemplate: java.lang.Object query(java.lang.String,java.lang.Object[],int[],org.springframework.jdbc.core.ResultSetExtractor)>", index: 2 }
+  - { method: "<org.springframework.jdbc.core.JdbcTemplate: java.lang.Object query(java.lang.String,java.lang.Object[],org.springframework.jdbc.core.ResultSetExtractor)>", index: 1 }
+  - { method: "<org.springframework.jdbc.core.JdbcTemplate: java.lang.Object query(java.lang.String,org.springframework.jdbc.core.ResultSetExtractor,java.lang.Object[])>", index: 2 }
+  
+  - { method: "<org.springframework.jdbc.core.JdbcTemplate: void query(java.lang.String,org.springframework.jdbc.core.PreparedStatementSetter,org.springframework.jdbc.core.RowCallbackHandler)>", index: 1 }
+  - { method: "<org.springframework.jdbc.core.JdbcTemplate: void query(java.lang.String,java.lang.Object[],int[],org.springframework.jdbc.core.RowCallbackHandler)>", index: 1 }
+  - { method: "<org.springframework.jdbc.core.JdbcTemplate: void query(java.lang.String,java.lang.Object[],int[],org.springframework.jdbc.core.RowCallbackHandler)>", index: 2 }
+  - { method: "<org.springframework.jdbc.core.JdbcTemplate: void query(java.lang.String,java.lang.Object[],org.springframework.jdbc.core.RowCallbackHandler)>", index: 1 }
+  - { method: "<org.springframework.jdbc.core.JdbcTemplate: void query(java.lang.String,org.springframework.jdbc.core.RowCallbackHandler,java.lang.Object[])>", index: 2 }
+  
+  - { method: "<org.springframework.jdbc.core.JdbcTemplate: java.util.List query(java.lang.String,org.springframework.jdbc.core.PreparedStatementSetter,org.springframework.jdbc.core.RowMapper)>", index: 1 }
+  - { method: "<org.springframework.jdbc.core.JdbcTemplate: java.util.List query(java.lang.String,java.lang.Object[],int[],org.springframework.jdbc.core.RowMapper)>", index: 1 }
+  - { method: "<org.springframework.jdbc.core.JdbcTemplate: java.util.List query(java.lang.String,java.lang.Object[],int[],org.springframework.jdbc.core.RowMapper)>", index: 2 }
+  - { method: "<org.springframework.jdbc.core.JdbcTemplate: java.util.List query(java.lang.String,java.lang.Object[],org.springframework.jdbc.core.RowMapper)>", index: 1 }
+  - { method: "<org.springframework.jdbc.core.JdbcTemplate: java.util.List query(java.lang.String,org.springframework.jdbc.core.RowMapper,java.lang.Object[])>", index: 2 }
diff --git a/src/main/resources/taint-specification-collection/injection/sink/tinylog/crlf/README.adoc b/src/main/resources/taint-specification-collection/injection/sink/tinylog/crlf/README.adoc
new file mode 100644
index 000000000..d9da913ab
--- /dev/null
+++ b/src/main/resources/taint-specification-collection/injection/sink/tinylog/crlf/README.adoc
@@ -0,0 +1,10 @@
+= Description
+
+- **Overview**: 
+    The APIs in this directory are part of tinylog, used for logging purposes. They provide various methods for logging information at different levels, including debug, info, warning, and error.
+
+- **Common Use Cases**:
+    These APIs are commonly used to log various types of information, such as recording errors and exceptions, tracking runtime information, issuing warnings, and integrating with log auditing systems.
+
+- **Security Risks**:
+    CRLF Injection: Attackers can craft malicious input containing CRLF (Carriage Return and Line Feed) sequences to forge log entries, mislead monitoring personnel, and even affect auditing systems. Additionally, attackers can flood logs with excessive errors or irrelevant information, potentially corrupting the log data.
diff --git a/src/main/resources/taint-specification-collection/injection/sink/tinylog/crlf/crlf-logs.yml b/src/main/resources/taint-specification-collection/injection/sink/tinylog/crlf/crlf-logs.yml
new file mode 100644
index 000000000..a19469985
--- /dev/null
+++ b/src/main/resources/taint-specification-collection/injection/sink/tinylog/crlf/crlf-logs.yml
@@ -0,0 +1,21 @@
+sinks:
+  - { method: "<org.pmw.tinylog.Logger: void debug(java.lang.Object)>", index: 0 }
+  - { method: "<org.pmw.tinylog.Logger: void debug(java.lang.String)>", index: 0 }
+  - { method: "<org.pmw.tinylog.Logger: void debug(java.lang.String,java.lang.Object[])>", index: 1 }
+  - { method: "<org.pmw.tinylog.Logger: void debug(java.lang.Throwable,java.lang.String,java.lang.Object[])>", index: 1 }
+  - { method: "<org.pmw.tinylog.Logger: void error(java.lang.Object)>", index: 0 }
+  - { method: "<org.pmw.tinylog.Logger: void error(java.lang.String)>", index: 0 }
+  - { method: "<org.pmw.tinylog.Logger: void error(java.lang.String,java.lang.Object[])>", index: 1 }
+  - { method: "<org.pmw.tinylog.Logger: void error(java.lang.Throwable,java.lang.String,java.lang.Object[])>", index: 1 }
+  - { method: "<org.pmw.tinylog.Logger: void info(java.lang.Object)>", index: 0 }
+  - { method: "<org.pmw.tinylog.Logger: void info(java.lang.String)>", index: 0 }
+  - { method: "<org.pmw.tinylog.Logger: void info(java.lang.String,java.lang.Object[])>", index: 1 }
+  - { method: "<org.pmw.tinylog.Logger: void info(java.lang.Throwable,java.lang.String,java.lang.Object[])>", index: 1 }
+  - { method: "<org.pmw.tinylog.Logger: void trace(java.lang.Object)>", index: 0 }
+  - { method: "<org.pmw.tinylog.Logger: void trace(java.lang.String)>", index: 0 }
+  - { method: "<org.pmw.tinylog.Logger: void trace(java.lang.String,java.lang.Object[])>", index: 1 }
+  - { method: "<org.pmw.tinylog.Logger: void trace(java.lang.Throwable,java.lang.String,java.lang.Object[])>", index: 1 }
+  - { method: "<org.pmw.tinylog.Logger: void warn(java.lang.Object)>", index: 0 }
+  - { method: "<org.pmw.tinylog.Logger: void warn(java.lang.String)>", index: 0 }
+  - { method: "<org.pmw.tinylog.Logger: void warn(java.lang.String,java.lang.Object[])>", index: 1 }
+  - { method: "<org.pmw.tinylog.Logger: void warn(java.lang.Throwable,java.lang.String,java.lang.Object[])>", index: 1 }
\ No newline at end of file
diff --git a/src/main/resources/taint-specification-collection/injection/source/apache-struts2/README.adoc b/src/main/resources/taint-specification-collection/injection/source/apache-struts2/README.adoc
new file mode 100644
index 000000000..90e271b4b
--- /dev/null
+++ b/src/main/resources/taint-specification-collection/injection/source/apache-struts2/README.adoc
@@ -0,0 +1,7 @@
+= Description
+
+The Sources recorded in this directory primarily come from Apache Struts2. The source methods that can cause taint include:
+- Methods that take input from external sources (e.g., getValue)
+- ...
+
+These inputs are provided externally and can be spoofed.
diff --git a/src/main/resources/taint-specification-collection/injection/source/apache-struts2/struts2.yml b/src/main/resources/taint-specification-collection/injection/source/apache-struts2/struts2.yml
new file mode 100644
index 000000000..468c0cd15
--- /dev/null
+++ b/src/main/resources/taint-specification-collection/injection/source/apache-struts2/struts2.yml
@@ -0,0 +1,2 @@
+sources:
+  - { kind: call, method: "<org.apache.struts2.dispatcher.Parameter: java.lang.String getValue()>", index: result, type: "java.lang.String" }
diff --git a/src/main/resources/taint-specification-collection/injection/source/apache-wicket/README.adoc b/src/main/resources/taint-specification-collection/injection/source/apache-wicket/README.adoc
new file mode 100644
index 000000000..3c1bca38e
--- /dev/null
+++ b/src/main/resources/taint-specification-collection/injection/source/apache-wicket/README.adoc
@@ -0,0 +1,7 @@
+= Description
+
+The Sources recorded in this directory primarily come from the Apache Wicket framework, a Java web application development framework. The source methods that can cause taint include:
+- Methods that retrieve properties from the incoming request (e.g., getHeader, getParameterValue)
+- Methods that obtain input streams for uploaded files (e.g., getInputStream)
+
+These inputs are provided externally and can be spoofed.
diff --git a/src/main/resources/taint-specification-collection/injection/source/apache-wicket/wicket.yml b/src/main/resources/taint-specification-collection/injection/source/apache-wicket/wicket.yml
new file mode 100644
index 000000000..cce259d6b
--- /dev/null
+++ b/src/main/resources/taint-specification-collection/injection/source/apache-wicket/wicket.yml
@@ -0,0 +1,28 @@
+sources:
+  - { kind: call, method: "<org.apache.wicket.protocol.http.request.WebClientInfo: java.lang.String getUserAgent()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<org.apache.wicket.protocol.http.request.WebClientInfo: java.lang.String getUserAgentStringLc()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<org.apache.wicket.protocol.http.request.WebClientInfo: java.lang.String getRemoteAddr(org.apache.wicket.request.cycle.RequestCycle)>", index: result, type: "java.lang.String" }
+
+  - { kind: call, method: "<org.apache.wicket.request.http.WebRequest: java.util.List getHeaders(java.lang.String)>", index: result, type: "java.util.List" }
+  - { kind: call, method: "<org.apache.wicket.request.http.WebRequest: java.lang.String getHeader(java.lang.String)>", index: result, type: "java.lang.String" }
+
+  - { kind: call, method: "<org.apache.wicket.protocol.http.ClientProperties: java.lang.String getNavigatorAppCodeName()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<org.apache.wicket.protocol.http.ClientProperties: java.lang.String getNavigatorAppName()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<org.apache.wicket.protocol.http.ClientProperties: java.lang.String getNavigatorAppVersion()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<org.apache.wicket.protocol.http.ClientProperties: java.lang.String getNavigatorLanguage()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<org.apache.wicket.protocol.http.ClientProperties: java.lang.String getNavigatorPlatform()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<org.apache.wicket.protocol.http.ClientProperties: java.lang.String getNavigatorUserAgent()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<org.apache.wicket.protocol.http.ClientProperties: java.lang.String getRemoteAddress()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<org.apache.wicket.protocol.http.ClientProperties: java.lang.String getHostname()>", index: result, type: "java.lang.String" }
+
+  - { kind: call, method: "<org.apache.wicket.request.IRequestParameters: java.util.Set getParameterNames()>", index: result, type: "java.util.Set" }
+  - { kind: call, method: "<org.apache.wicket.request.IRequestParameters: org.apache.wicket.util.string.StringValue getParameterValue(java.lang.String)>", index: result, type: "org.apache.wicket.util.string.StringValue" }
+  - { kind: call, method: "<org.apache.wicket.request.IRequestParameters: java.util.List getParameterValues(java.lang.String)>", index: result, type: "java.util.List" }
+
+  - { kind: call, method: "<org.apache.wicket.protocol.http.servlet.ServletPartFileItem: java.lang.String getName()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<org.apache.wicket.protocol.http.servlet.ServletPartFileItem: java.lang.String getFileName(javax.servlet.http.Part)>", index: result, type: "java.lang.String" }
+
+  - { kind: call, method: "<org.apache.wicket.protocol.http.servlet.ServletPartFileItem: byte[] get()>", index: result, type: "byte[]" }
+  - { kind: call, method: "<org.apache.wicket.protocol.http.servlet.ServletPartFileItem: java.lang.String getString(java.lang.String)>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<org.apache.wicket.protocol.http.servlet.ServletPartFileItem: java.lang.String getString()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<org.apache.wicket.protocol.http.servlet.ServletPartFileItem: java.io.InputStream getInputStream()>", index: result, type: "java.io.InputStream" }
diff --git a/src/main/resources/taint-specification-collection/injection/source/dropwizard/README.adoc b/src/main/resources/taint-specification-collection/injection/source/dropwizard/README.adoc
new file mode 100644
index 000000000..dd5fa832a
--- /dev/null
+++ b/src/main/resources/taint-specification-collection/injection/source/dropwizard/README.adoc
@@ -0,0 +1,8 @@
+= Description
+
+The Sources recorded in this directory primarily come from the Dropwizard framework. The source methods that can cause taint include:
+- Methods that take the incoming request as a parameter (e.g., doFilter, doGet)
+- Methods that retrieve properties from the incoming request (e.g., getParameter, getBody)
+- ...
+
+These inputs are provided externally and can be spoofed.
diff --git a/src/main/resources/taint-specification-collection/injection/source/dropwizard/dropwizard-jersey/dropwizard-jersey.yml b/src/main/resources/taint-specification-collection/injection/source/dropwizard/dropwizard-jersey/dropwizard-jersey.yml
new file mode 100644
index 000000000..e6531df49
--- /dev/null
+++ b/src/main/resources/taint-specification-collection/injection/source/dropwizard/dropwizard-jersey/dropwizard-jersey.yml
@@ -0,0 +1,2 @@
+sources:
+  - { kind: param, method: "<io.dropwizard.jersey.filter.AllowedMethodsFilter: void doFilter(jakarta.servlet.ServletRequest,jakarta.servlet.ServletResponse,jakarta.servlet.FilterChain)>", index: 0, type: "jakarta.servlet.ServletRequest" }
diff --git a/src/main/resources/taint-specification-collection/injection/source/dropwizard/dropwizard-servlets/dropwizard-servlet.yml b/src/main/resources/taint-specification-collection/injection/source/dropwizard/dropwizard-servlets/dropwizard-servlet.yml
new file mode 100644
index 000000000..c4408d3af
--- /dev/null
+++ b/src/main/resources/taint-specification-collection/injection/source/dropwizard/dropwizard-servlets/dropwizard-servlet.yml
@@ -0,0 +1,10 @@
+sources:
+  - { kind: call, method: "<io.dropwizard.servlets.Servlets: java.lang.String getFullUrl(jakarta.servlet.http.HttpServletRequest)>", index: result, type: "java.lang.String" }
+  - { kind: param, method: "<io.dropwizard.servlets.CacheBustingFilter: void doFilter(jakarta.servlet.ServletRequest,jakarta.servlet.ServletResponse,jakarta.servlet.FilterChain)>", index: 0, type: "jakarta.servlet.ServletRequest" }
+  - { kind: param, method: "<io.dropwizard.servlets.ThreadNameFilter: void doFilter(jakarta.servlet.ServletRequest,jakarta.servlet.ServletResponse,jakarta.servlet.FilterChain)>", index: 0, type: "jakarta.servlet.ServletRequest" }
+  - { kind: param, method: "<io.dropwizard.servlets.SlowRequestFilter: void doFilter(jakarta.servlet.ServletRequest,jakarta.servlet.ServletResponse,jakarta.servlet.FilterChain)>", index: 0, type: "jakarta.servlet.ServletRequest" }
+  
+  - { kind: param, method: "<io.dropwizard.servlets.tasks.TaskServlet: void doGet(jakarta.servlet.http.HttpServletRequest,jakarta.servlet.http.HttpServletResponse)>", index: 0, type: "jakarta.servlet.http.HttpServletRequest" }
+  - { kind: param, method: "<io.dropwizard.servlets.tasks.TaskServlet: void doPost(jakarta.servlet.http.HttpServletRequest,jakarta.servlet.http.HttpServletResponse)>", index: 0, type: "jakarta.servlet.http.HttpServletRequest" }
+  - { kind: call, method: "<io.dropwizard.servlets.tasks.TaskServlet: java.util.Map getParams(jakarta.servlet.http.HttpServletRequest)>", index: result, type: "java.util.Map" }
+  - { kind: call, method: "<io.dropwizard.servlets.tasks.TaskServlet: java.lang.String getBody(jakarta.servlet.http.HttpServletRequest)>", index: result, type: "java.lang.String" }
\ No newline at end of file
diff --git a/src/main/resources/taint-specification-collection/injection/source/java/README.adoc b/src/main/resources/taint-specification-collection/injection/source/java/README.adoc
new file mode 100644
index 000000000..e3ca3dfd6
--- /dev/null
+++ b/src/main/resources/taint-specification-collection/injection/source/java/README.adoc
@@ -0,0 +1,8 @@
+= Description
+
+The Sources recorded in this directory primarily come from the Java standard library. The source methods that can cause taint include:
+- Methods that retrieve properties from the incoming request (e.g., getContent, getRemoteSocketAddress)
+- Methods that take external input (e.g., getSelectedText, readLine)
+- ...
+
+These inputs are provided externally and can be spoofed.
diff --git a/src/main/resources/taint-specification-collection/injection/source/java/java-awt.yml b/src/main/resources/taint-specification-collection/injection/source/java/java-awt.yml
new file mode 100644
index 000000000..077ee2dc7
--- /dev/null
+++ b/src/main/resources/taint-specification-collection/injection/source/java/java-awt.yml
@@ -0,0 +1,3 @@
+sources:
+  - { kind: call, method: "<java.awt.TextComponent: java.lang.String getSelectedText()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<java.awt.TextComponent: java.lang.String getText()>", index: result, type: "java.lang.String" }
diff --git a/src/main/resources/taint-specification-collection/injection/source/java/java-io.yml b/src/main/resources/taint-specification-collection/injection/source/java/java-io.yml
new file mode 100644
index 000000000..4df2b601a
--- /dev/null
+++ b/src/main/resources/taint-specification-collection/injection/source/java/java-io.yml
@@ -0,0 +1,8 @@
+sources:
+  - { kind: call, method: "<java.io.BufferedReader: java.lang.String readLine()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<java.io.Console: java.lang.String readLine()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<java.io.Console: java.lang.String readLine(java.lang.String,java.lang.Object[])>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<java.io.DataInputStream: java.lang.String readLine()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<java.io.DataInputStream: java.lang.String readUTF()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<java.io.DataInputStream: java.lang.String readUTF(java.io.DataInput)>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<java.io.LineNumberReader: java.lang.String readLine()>", index: result, type: "java.lang.String" }
diff --git a/src/main/resources/taint-specification-collection/injection/source/java/java-net.yml b/src/main/resources/taint-specification-collection/injection/source/java/java-net.yml
new file mode 100644
index 000000000..ee6ede543
--- /dev/null
+++ b/src/main/resources/taint-specification-collection/injection/source/java/java-net.yml
@@ -0,0 +1,26 @@
+sources:
+  - { kind: call, method: "<java.net.URL: java.lang.Object getContent()>", index: result, type: "java.lang.Object" }
+  - { kind: call, method: "<java.net.URL: java.lang.Object getContent(java.lang.Class[])>", index: result, type: "java.lang.Object" }
+
+  - { kind: call, method: "<java.net.HttpCookie: java.lang.String getComment()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<java.net.HttpCookie: java.lang.String getCommentURL()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<java.net.HttpCookie: java.lang.String getDiscard()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<java.net.HttpCookie: java.lang.String getDomain()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<java.net.HttpCookie: java.lang.String getMaxAge()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<java.net.HttpCookie: java.lang.String getPath()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<java.net.HttpCookie: java.lang.String getPortlist()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<java.net.HttpCookie: java.lang.String getSecure()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<java.net.HttpCookie: java.lang.String getValue()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<java.net.HttpCookie: java.lang.String getVersion()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<java.net.HttpCookie: java.lang.String getName()>", index: result, type: "java.lang.String" }
+  
+  - { kind: call, method: "<java.net.CookieHandler: java.util.Map get(java.net.URI,java.util.Map)>", index: result, type: "java.util.Map" }
+  - { kind: call, method: "<java.net.CookieManager: java.util.Map get(java.net.URI,java.util.Map)>", index: result, type: "java.util.Map" }
+  
+  - { kind: call, method: "<java.net.DatagramPacket: java.net.InetAddress getAddress()>", index: result, type: "java.net.InetAddress" }
+  - { kind: call, method: "<java.net.DatagramPacket: byte[] getData()>", index: result, type: "byte[]" }
+  - { kind: call, method: "<java.net.DatagramPacket: java.net.SocketAddress getSocketAddress()>", index: result, type: "java.net.SocketAddress" }
+  - { kind: call, method: "<java.net.DatagramPacket: int getPort()>", index: result, type: "int" }
+  - { kind: call, method: "<java.net.DatagramSocket: java.net.SocketAddress getRemoteSocketAddress()>", index: result, type: "java.net.SocketAddress" }
+  - { kind: call, method: "<java.net.DatagramSocket: java.net.InetAddress getInetAddress()>", index: result, type: "java.net.InetAddress" }
+  - { kind: call, method: "<java.net.DatagramSocket: int getPort()>", index: result, type: "int" }
\ No newline at end of file
diff --git a/src/main/resources/taint-specification-collection/injection/source/java/java-util-Scanner.yml b/src/main/resources/taint-specification-collection/injection/source/java/java-util-Scanner.yml
new file mode 100644
index 000000000..252ede005
--- /dev/null
+++ b/src/main/resources/taint-specification-collection/injection/source/java/java-util-Scanner.yml
@@ -0,0 +1,12 @@
+sources:
+  - { kind: call, method: "<java.util.Scanner: void <init>(java.io.File)>", index: 0, type: "java.io.File" }
+  - { kind: call, method: "<java.util.Scanner: void <init>(java.io.File,java.lang.String)>", index: 0, type: "java.io.File" }
+  - { kind: call, method: "<java.util.Scanner: void <init>(java.io.InputStream)>", index: 0, type: "java.io.InputStream" }
+  - { kind: call, method: "<java.util.Scanner: void <init>(java.io.InputStream,java.lang.String)>", index: 0, type: "java.io.InputStream" }
+  - { kind: call, method: "<java.util.Scanner: void <init>(java.nio.file.Path)>", index: 0, type: "java.nio.file.Path" }
+  - { kind: call, method: "<java.util.Scanner: void <init>(java.nio.file.Path,java.lang.String)>", index: 0, type: "java.nio.file.Path" }
+  - { kind: call, method: "<java.util.Scanner: void <init>(java.lang.Readable)>", index: 0, type: "java.lang.Readable" }
+  - { kind: call, method: "<java.util.Scanner: void <init>(java.nio.channels.ReadableByteChannel)>", index: 0, type: "java.nio.channels.ReadableByteChannel" }
+  - { kind: call, method: "<java.util.Scanner: void <init>(java.nio.channels.ReadableByteChannel,java.lang.String)>", index: 0, type: "java.nio.channels.ReadableByteChannel" }
+  - { kind: call, method: "<java.util.Scanner: void <init>(java.lang.String)>", index: 0, type: "java.lang.String" }
+
diff --git a/src/main/resources/taint-specification-collection/injection/source/javax/README.adoc b/src/main/resources/taint-specification-collection/injection/source/javax/README.adoc
new file mode 100644
index 000000000..682875b33
--- /dev/null
+++ b/src/main/resources/taint-specification-collection/injection/source/javax/README.adoc
@@ -0,0 +1,8 @@
+= Description
+
+The Sources recorded in this directory primarily come from Java EE. The source methods that can cause taint include:
+- Methods that take external input (e.g., getSelectedText)
+- Methods that retrieve properties from the incoming request (e.g., getParameter, getContentType)
+- ...
+
+These inputs are provided externally and can be spoofed.
diff --git a/src/main/resources/taint-specification-collection/injection/source/javax/javax-portlet/PortletRequest.yml b/src/main/resources/taint-specification-collection/injection/source/javax/javax-portlet/PortletRequest.yml
new file mode 100644
index 000000000..75f7a6d1d
--- /dev/null
+++ b/src/main/resources/taint-specification-collection/injection/source/javax/javax-portlet/PortletRequest.yml
@@ -0,0 +1,18 @@
+sources:
+  - { kind: call, method: "<javax.portlet.PortletRequest: javax.portlet.PortletMode getPortletMode()>", index: result, type: "javax.portlet.PortletMode" }
+  - { kind: call, method: "<javax.portlet.PortletRequest: javax.portlet.WindowState getWindowState()>", index: result, type: "javax.portlet.WindowState" }
+  - { kind: call, method: "<javax.portlet.PortletRequest: java.lang.String getRemoteUser()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<javax.portlet.PortletRequest: java.security.Principal getUserPrincipal()>", index: result, type: "java.security.Principal" }
+  - { kind: call, method: "<javax.portlet.PortletRequest: java.lang.String getParameter(java.lang.String)>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<javax.portlet.PortletRequest: java.util.Map getParameterMap()>", index: result, type: "java.util.Map" }
+  - { kind: call, method: "<javax.portlet.PortletRequest: java.util.Enumeration getParameterNames()>", index: result, type: "java.util.Enumeration" }
+  - { kind: call, method: "<javax.portlet.PortletRequest: java.lang.String[] getParameterValues(java.lang.String)>", index: result, type: "java.lang.String[]" }
+  - { kind: call, method: "<javax.portlet.PortletRequest: java.lang.String getRequestedSessionId()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<javax.portlet.PortletRequest: java.util.Enumeration getResponseContentType()>", index: result, type: "java.util.Enumeration" }
+  - { kind: call, method: "<javax.portlet.PortletRequest: java.util.Enumeration getResponseContentTypes()>", index: result, type: "java.util.Enumeration" }
+  - { kind: call, method: "<javax.portlet.PortletRequest: java.util.Locale getLocale()>", index: result, type: "java.util.Locale" }
+  - { kind: call, method: "<javax.portlet.PortletRequest: java.lang.String getServerName()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<javax.portlet.PortletRequest: java.lang.String getWindowID()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<javax.portlet.PortletRequest: javax.portlet.http.Cookie[] getCookies()>", index: result, type: "javax.portlet.http.Cookie[]" }
+  - { kind: call, method: "<javax.portlet.PortletRequest: java.util.Map getPrivateParameterMap()>", index: result, type: "java.util.Map" }
+  - { kind: call, method: "<javax.portlet.PortletRequest: java.util.Map getPublicParameterMap()>", index: result, type: "java.util.Map" }
diff --git a/src/main/resources/taint-specification-collection/injection/source/javax/javax-portlet/portlet-other.yml b/src/main/resources/taint-specification-collection/injection/source/javax/javax-portlet/portlet-other.yml
new file mode 100644
index 000000000..80f78f941
--- /dev/null
+++ b/src/main/resources/taint-specification-collection/injection/source/javax/javax-portlet/portlet-other.yml
@@ -0,0 +1,14 @@
+sources:
+  - { kind: call, method: "<javax.portlet.ActionRequest: java.io.BufferedReader getReader()>", index: result, type: "java.io.BufferedReader" }
+  - { kind: call, method: "<javax.portlet.ActionRequest: java.lang.String getCharacterEncoding()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<javax.portlet.ActionRequest: java.lang.String getContentType()>", index: result, type: "java.lang.String" }
+
+  - { kind: call, method: "<javax.portlet.ClientDataRequest: java.io.InputStream getPortletInputStream()>", index: result, type: "java.io.InputStream" }
+  - { kind: call, method: "<javax.portlet.ClientDataRequest: java.io.BufferedReader getReader()>", index: result, type: "java.io.BufferedReader" }
+  - { kind: call, method: "<javax.portlet.ClientDataRequest: java.lang.String getContentType()>", index: result, type: "java.lang.String" }
+
+  - { kind: call, method: "<javax.portlet.RenderRequest: java.lang.String getETag()>", index: result, type: "java.lang.String" }
+
+  - { kind: call, method: "<javax.portlet.ResourceRequest: java.lang.String getETag()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<javax.portlet.ResourceRequest: java.lang.String getResourceID()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<javax.portlet.ResourceRequest: java.util.Map getPrivateRenderParameterMap()>", index: result, type: "java.util.Map" }
diff --git a/src/main/resources/taint-specification-collection/injection/source/javax/javax-servlet/Cookie.yml b/src/main/resources/taint-specification-collection/injection/source/javax/javax-servlet/Cookie.yml
new file mode 100644
index 000000000..a1c2ce2f5
--- /dev/null
+++ b/src/main/resources/taint-specification-collection/injection/source/javax/javax-servlet/Cookie.yml
@@ -0,0 +1,6 @@
+sources:
+  - { kind: call, method: "<javax.servlet.http.Cookie: java.lang.String getComment()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<javax.servlet.http.Cookie: java.lang.String getDomain()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<javax.servlet.http.Cookie: java.lang.String getName()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<javax.servlet.http.Cookie: java.lang.String getPath()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<javax.servlet.http.Cookie: java.lang.String getValue()>", index: result, type: "java.lang.String" }
diff --git a/src/main/resources/taint-specification-collection/injection/source/javax/javax-servlet/HttpServletRequest.yml b/src/main/resources/taint-specification-collection/injection/source/javax/javax-servlet/HttpServletRequest.yml
new file mode 100644
index 000000000..359b8c0bf
--- /dev/null
+++ b/src/main/resources/taint-specification-collection/injection/source/javax/javax-servlet/HttpServletRequest.yml
@@ -0,0 +1,44 @@
+sources:
+  # interface
+  # - { kind: call, method: "<javax.servlet.http.HttpServletRequest: java.lang.String getParameter(java.lang.String)>", index: result, type: "java.lang.String" }
+  # - { kind: call, method: "<javax.servlet.http.HttpServletRequest: java.lang.String getHeader(java.lang.String)>", index: result, type: "java.lang.String" }
+  # - { kind: call, method: "<javax.servlet.http.HttpServletRequest: java.util.Enumeration getHeaders(java.lang.String)>", index: result, type: "java.util.Enumeration" }
+  # - { kind: call, method: "<javax.servlet.http.HttpServletRequest: java.util.Enumeration getHeaderNames()>", index: result, type: "java.util.Enumeration" }
+  # - { kind: call, method: "<javax.servlet.http.HttpServletRequest: java.lang.String getContextPath()>", index: result, type: "java.lang.String" }
+  # - { kind: call, method: "<javax.servlet.http.HttpServletRequest: javax.servlet.http.Cookie[] getCookies()>", index: result, type: "javax.servlet.http.Cookie[]" }
+  # - { kind: call, method: "<javax.servlet.http.HttpServletRequest: java.lang.String getPathInfo()>", index: result, type: "java.lang.String" }
+  # - { kind: call, method: "<javax.servlet.http.HttpServletRequest: java.lang.String getPathTranslated()>", index: result, type: "java.lang.String" }
+  # - { kind: call, method: "<javax.servlet.http.HttpServletRequest: java.lang.String getRemoteUser()>", index: result, type: "java.lang.String" }
+  # - { kind: call, method: "<javax.servlet.http.HttpServletRequest: java.lang.String getRequestedSessionId()>", index: result, type: "java.lang.String" }
+  # - { kind: call, method: "<javax.servlet.http.HttpServletRequest: java.lang.String getRequestURI()>", index: result, type: "java.lang.String" }
+  # - { kind: call, method: "<javax.servlet.http.HttpServletRequest: java.lang.String getRequestURL()>", index: result, type: "java.lang.String" }
+  # - { kind: call, method: "<javax.servlet.http.HttpServletRequest: java.lang.String getServletPath()>", index: result, type: "java.lang.String" }
+  # - { kind: call, method: "<javax.servlet.http.HttpServletRequest: java.lang.String getAuthType()>", index: result, type: "java.lang.String" }
+  # - { kind: call, method: "<javax.servlet.http.HttpServletRequest: java.lang.String getMethod()>", index: result, type: "java.lang.String" }
+  # - { kind: call, method: "<javax.servlet.http.HttpServletRequest: java.lang.String getRemoteAddr()>", index: result, type: "java.lang.String" }
+  # - { kind: call, method: "<javax.servlet.http.HttpServletRequest: java.lang.String getRemoteHost()>", index: result, type: "java.lang.String" }
+  # - { kind: call, method: "<javax.servlet.http.HttpServletRequest: java.lang.String getLocalAddr()>", index: result, type: "java.lang.String" }
+  # - { kind: call, method: "<javax.servlet.http.HttpServletRequest: java.lang.String getLocalName()>", index: result, type: "java.lang.String" }
+  # - { kind: call, method: "<javax.servlet.http.HttpServletRequest: java.lang.String getProtocol()>", index: result, type: "java.lang.String" }
+  # - { kind: call, method: "<javax.servlet.http.HttpServletRequest: java.lang.String getScheme()>", index: result, type: "java.lang.String" }
+  # - { kind: call, method: "<javax.servlet.http.HttpServletRequest: java.lang.String getServerName()>", index: result, type: "java.lang.String" }
+  # - { kind: call, method: "<javax.servlet.http.HttpServletRequest: java.lang.String getContentType()>", index: result, type: "java.lang.String" }
+  # - { kind: call, method: "<javax.servlet.http.HttpServletRequest: java.lang.String getCharacterEncoding()>", index: result, type: "java.lang.String" }
+  # - { kind: call, method: "<javax.servlet.http.HttpServletRequest: java.lang.String getLocalPort()>", index: result, type: "java.lang.String" }
+  # - { kind: call, method: "<javax.servlet.http.HttpServletRequest: java.lang.String getRemotePort()>", index: result, type: "java.lang.String" }
+  # - { kind: call, method: "<javax.servlet.http.HttpServletRequest: java.lang.String getServerPort()>", index: result, type: "java.lang.String" }
+  # - { kind: call, method: "<javax.servlet.http.HttpServletRequest: java.lang.String getRealPath(java.lang.String)>", index: result, type: "java.lang.String" }
+  # - { kind: call, method: "<javax.servlet.http.HttpServletRequest: java.lang.String getServletContext()>", index: result, type: "java.lang.String" }
+  # - { kind: call, method: "<javax.servlet.http.HttpServletRequest: java.lang.String getServletInfo()>", index: result, type: "java.lang.String" }
+  # - { kind: call, method: "<javax.servlet.http.HttpServletRequest: java.lang.String getServletName()>", index: result, type: "java.lang.String" }
+  # - { kind: call, method: "<javax.servlet.http.HttpServletRequest: java.lang.String getServletContext()>", index: result, type: "java.lang.String" }
+  # - { kind: call, method: "<javax.servlet.http.HttpServletRequest: java.lang.String getServletInfo()>", index: result, type: "java.lang.String" }
+  # - { kind: call, method: "<javax.servlet.http.HttpServletRequest: java.lang.String getServletName()>", index: result, type: "java.lang.String" }
+  # - { kind: call, method: "<javax.servlet.http.HttpServletRequest: java.lang.String getServletContext()>", index: result, type: "java.lang.String" }
+  # - { kind: call, method: "<javax.servlet.http.HttpServletRequest: java.lang.String getServletInfo()>", index: result, type: "java.lang.String" }
+  # - { kind: call, method: "<javax.servlet.http.HttpServletRequest: java.lang.String getServletName()>", index: result, type: "java.lang.String" }
+  # - { kind: call, method: "<javax.servlet.http.HttpServletRequest: java.lang.String getServletContext()>", index: result, type: "java.lang.String" }
+  # - { kind: call, method: "<javax.servlet.http.HttpServletRequest: java.lang.String getServletInfo()>", index: result, type: "java.lang.String" }
+  # - { kind: call, method: "<javax.servlet.http.HttpServletRequest: java.lang.String getServletName()>", index: result, type: "java.lang.String" }
+  # - { kind: call, method: "<javax.servlet.http.HttpServletRequest: java.lang.String getServletContext()>", index: result, type: "java.lang.String" }
+
diff --git a/src/main/resources/taint-specification-collection/injection/source/javax/javax-servlet/HttpServletRequestWrapper.yml b/src/main/resources/taint-specification-collection/injection/source/javax/javax-servlet/HttpServletRequestWrapper.yml
new file mode 100644
index 000000000..251eb7203
--- /dev/null
+++ b/src/main/resources/taint-specification-collection/injection/source/javax/javax-servlet/HttpServletRequestWrapper.yml
@@ -0,0 +1,20 @@
+sources:
+  - { kind: call, method: "<javax.servlet.http.HttpServletRequestWrapper: java.lang.String getContentType()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<javax.servlet.http.HttpServletRequestWrapper: javax.servlet.http.Cookie[] getCookies()>", index: result, type: "javax.servlet.http.Cookie[]" }
+  - { kind: call, method: "<javax.servlet.http.HttpServletRequestWrapper: java.lang.String getHeader(java.lang.String)>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<javax.servlet.http.HttpServletRequestWrapper: java.util.Enumeration getHeaderNames()>", index: result, type: "java.util.Enumeration" }
+  - { kind: call, method: "<javax.servlet.http.HttpServletRequestWrapper: java.util.Enumeration getHeaders(java.lang.String)>", index: result, type: "java.util.Enumeration" }
+  - { kind: call, method: "<javax.servlet.http.HttpServletRequestWrapper: java.lang.String getLocalName()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<javax.servlet.http.HttpServletRequestWrapper: java.lang.String getParameter(java.lang.String)>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<javax.servlet.http.HttpServletRequestWrapper: java.util.Map getParameterMap()>", index: result, type: "java.util.Map" }
+  - { kind: call, method: "<javax.servlet.http.HttpServletRequestWrapper: java.util.Enumeration getParameterNames()>", index: result, type: "java.util.Enumeration" }
+  - { kind: call, method: "<javax.servlet.http.HttpServletRequestWrapper: java.lang.String[] getParameterValues(java.lang.String)>", index: result, type: "java.lang.String[]" }
+  - { kind: call, method: "<javax.servlet.http.HttpServletRequestWrapper: java.lang.String getPathInfo()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<javax.servlet.http.HttpServletRequestWrapper: java.lang.String getPathTranslated()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<javax.servlet.http.HttpServletRequestWrapper: java.lang.String getQueryString()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<javax.servlet.http.HttpServletRequestWrapper: java.lang.String getRemoteHost()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<javax.servlet.http.HttpServletRequestWrapper: java.lang.String getRemoteUser()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<javax.servlet.http.HttpServletRequestWrapper: java.lang.String getRequestURI()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<javax.servlet.http.HttpServletRequestWrapper: java.lang.StringBuffer getRequestURL()>", index: result, type: "java.lang.StringBuffer" }
+  - { kind: call, method: "<javax.servlet.http.HttpServletRequestWrapper: java.lang.String getServerName()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<javax.servlet.http.HttpServletRequestWrapper: java.lang.String getServletPath()>", index: result, type: "java.lang.String" }
diff --git a/src/main/resources/taint-specification-collection/injection/source/javax/javax-servlet/ServletRequest.yml b/src/main/resources/taint-specification-collection/injection/source/javax/javax-servlet/ServletRequest.yml
new file mode 100644
index 000000000..15df1f464
--- /dev/null
+++ b/src/main/resources/taint-specification-collection/injection/source/javax/javax-servlet/ServletRequest.yml
@@ -0,0 +1,11 @@
+sources:
+  # interface
+  # - { kind: call, method: "<javax.servlet.ServletRequest: java.lang.String getContentType()>", index: result, type: "java.lang.String" }
+  # - { kind: call, method: "<javax.servlet.ServletRequest: java.lang.String getLocalAddr()>", index: result, type: "java.lang.String" }
+  # - { kind: call, method: "<javax.servlet.ServletRequest: java.lang.String getLocalName()>", index: result, type: "java.lang.String" }
+  # - { kind: call, method: "<javax.servlet.ServletRequest: java.lang.String getParameter(java.lang.String)>", index: result, type: "java.lang.String" }
+  # - { kind: call, method: "<javax.servlet.ServletRequest: java.util.Map getParameterMap()>", index: result, type: "java.util.Map" }
+  # - { kind: call, method: "<javax.servlet.ServletRequest: java.util.Enumeration getParameterNames()>", index: result, type: "java.util.Enumeration" }
+  # - { kind: call, method: "<javax.servlet.ServletRequest: java.lang.String[] getParameterValues(java.lang.String)>", index: result, type: "java.lang.String[]" }
+  # - { kind: call, method: "<javax.servlet.ServletRequest: java.lang.String getRemoteHost()>", index: result, type: "java.lang.String" }
+  # - { kind: call, method: "<javax.servlet.ServletRequest: java.lang.String getServerName()>", index: result, type: "java.lang.String" }
diff --git a/src/main/resources/taint-specification-collection/injection/source/javax/javax-servlet/ServletRequestWrapper.yml b/src/main/resources/taint-specification-collection/injection/source/javax/javax-servlet/ServletRequestWrapper.yml
new file mode 100644
index 000000000..556533eea
--- /dev/null
+++ b/src/main/resources/taint-specification-collection/injection/source/javax/javax-servlet/ServletRequestWrapper.yml
@@ -0,0 +1,9 @@
+sources:
+  - { kind: call, method: "<javax.servlet.ServletRequestWrapper: java.lang.String getContentType()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<javax.servlet.ServletRequestWrapper: java.lang.String getLocalName()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<javax.servlet.ServletRequestWrapper: java.lang.String getParameter(java.lang.String)>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<javax.servlet.ServletRequestWrapper: java.util.Map getParameterMap()>", index: result, type: "java.util.Map" }
+  - { kind: call, method: "<javax.servlet.ServletRequestWrapper: java.util.Enumeration getParameterNames()>", index: result, type: "java.util.Enumeration" }
+  - { kind: call, method: "<javax.servlet.ServletRequestWrapper: java.lang.String[] getParameterValues(java.lang.String)>", index: result, type: "java.lang.String[]" }
+  - { kind: call, method: "<javax.servlet.ServletRequestWrapper: java.lang.String getRemoteHost()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<javax.servlet.ServletRequestWrapper: java.lang.String getServerName()>", index: result, type: "java.lang.String" }
diff --git a/src/main/resources/taint-specification-collection/injection/source/javax/javax-swing/swing.yml b/src/main/resources/taint-specification-collection/injection/source/javax/javax-swing/swing.yml
new file mode 100644
index 000000000..b113f56bd
--- /dev/null
+++ b/src/main/resources/taint-specification-collection/injection/source/javax/javax-swing/swing.yml
@@ -0,0 +1,4 @@
+sources:
+  - { kind: call, method: "<javax.swing.text.JTextComponent: java.lang.String getSelectedText()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<javax.swing.text.JTextComponent: java.lang.String getText()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<javax.swing.text.JTextComponent: java.lang.String getText(int,int)>", index: result, type: "java.lang.String" }
\ No newline at end of file
diff --git a/src/main/resources/taint-specification-collection/injection/source/jetty/README.adoc b/src/main/resources/taint-specification-collection/injection/source/jetty/README.adoc
new file mode 100644
index 000000000..d9dd7d1ae
--- /dev/null
+++ b/src/main/resources/taint-specification-collection/injection/source/jetty/README.adoc
@@ -0,0 +1,8 @@
+= Description
+
+The Sources recorded in this directory primarily come from Jetty. The source methods that can cause taint include:
+- Methods that take the incoming request as a parameter (e.g., handle)
+- Methods that retrieve properties from the incoming request (e.g., getParam, getQuery)
+- ...
+
+These inputs are provided externally and can be spoofed.
diff --git a/src/main/resources/taint-specification-collection/injection/source/jetty/jetty-http/jetty-http.yml b/src/main/resources/taint-specification-collection/injection/source/jetty/jetty-http/jetty-http.yml
new file mode 100644
index 000000000..a6d7b3483
--- /dev/null
+++ b/src/main/resources/taint-specification-collection/injection/source/jetty/jetty-http/jetty-http.yml
@@ -0,0 +1,27 @@
+sources:
+  - { kind: call, method: "<org.eclipse.jetty.http.HttpFields: java.util.Set getFieldNamesCollection()>", index: result, type: "java.util.Set" }
+  - { kind: call, method: "<org.eclipse.jetty.http.HttpFields: java.util.Enumeration getFieldNames()>", index: result, type: "java.util.Enumeration" }
+  - { kind: call, method: "<org.eclipse.jetty.http.HttpFields: java.lang.String getStringField(org.eclipse.jetty.http.HttpHeader)>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<org.eclipse.jetty.http.HttpFields: java.lang.String get(org.eclipse.jetty.http.HttpHeader)>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<org.eclipse.jetty.http.HttpFields: java.lang.String getStringField(java.lang.String)>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<org.eclipse.jetty.http.HttpFields: java.lang.String get(java.lang.String)>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<org.eclipse.jetty.http.HttpFields: java.util.List getCSV(org.eclipse.jetty.http.HttpHeader,boolean)>", index: result, type: "java.util.List" }
+  - { kind: call, method: "<org.eclipse.jetty.http.HttpFields: java.util.List getCSV(java.lang.String,boolean)>", index: result, type: "java.util.List" }
+  - { kind: call, method: "<org.eclipse.jetty.http.HttpFields: java.util.List getQualityCSV(org.eclipse.jetty.http.HttpHeader)>", index: result, type: "java.util.List" }
+  - { kind: call, method: "<org.eclipse.jetty.http.HttpFields: java.util.List getQualityCSV(java.lang.String)>", index: result, type: "java.util.List" }
+  - { kind: call, method: "<org.eclipse.jetty.http.HttpFields: java.util.Enumeration getValues(java.lang.String)>", index: result, type: "java.util.Enumeration" }
+  - { kind: call, method: "<org.eclipse.jetty.http.HttpFields: java.util.Enumeration getValues(java.lang.String,java.lang.String)>", index: result, type: "java.util.Enumeration" }
+  - { kind: call, method: "<org.eclipse.jetty.http.HttpFields: java.lang.String valueParameters(java.lang.String,java.util.Map)>", index: result, type: "java.lang.String" }
+
+  - { kind: call, method: "<org.eclipse.jetty.http.HttpField: java.lang.String getName()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<org.eclipse.jetty.http.HttpField: java.lang.String getValue()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<org.eclipse.jetty.http.HttpField: java.lang.String[] getValues()>", index: result, type: "java.lang.String[]" }
+  - { kind: call, method: "<org.eclipse.jetty.http.HttpField: java.lang.String toString()>", index: result, type: "java.lang.String" }
+
+  - { kind: call, method: "<org.eclipse.jetty.http.HttpCookie: java.lang.String getName()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<org.eclipse.jetty.http.HttpCookie: java.lang.String getValue()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<org.eclipse.jetty.http.HttpCookie: java.lang.String asString()>", index: result, type: "java.lang.String" }
+
+  - { kind: call, method: "<org.eclipse.jetty.http.HttpURI: java.lang.String getParam()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<org.eclipse.jetty.http.HttpURI: java.lang.String getQuery()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<org.eclipse.jetty.http.HttpURI: java.lang.String getHost()>", index: result, type: "java.lang.String" }
diff --git a/src/main/resources/taint-specification-collection/injection/source/jetty/jetty-server/jetty-server.yml b/src/main/resources/taint-specification-collection/injection/source/jetty/jetty-server/jetty-server.yml
new file mode 100644
index 000000000..e20125dbc
--- /dev/null
+++ b/src/main/resources/taint-specification-collection/injection/source/jetty/jetty-server/jetty-server.yml
@@ -0,0 +1,26 @@
+sources:
+  - { kind: param, method: "<org.eclipse.jetty.server.Server: boolean handle(org.eclipse.jetty.server.Request,org.eclipse.jetty.server.Response,org.eclipse.jetty.util.Callback)>", index: 0, type: "org.eclipse.jetty.server.Request" }
+  - { kind: param, method: "<org.eclipse.jetty.server.SizeLimitHandler: boolean handle(org.eclipse.jetty.server.Request,org.eclipse.jetty.server.Response,org.eclipse.jetty.util.Callback)>", index: 0, type: "org.eclipse.jetty.server.Request" }
+  
+  - { kind: param, method: "<org.eclipse.jetty.server.handler.ConnectHandler: boolean handle(org.eclipse.jetty.server.Request,org.eclipse.jetty.server.Response,org.eclipse.jetty.util.Callback)>", index: 0, type: "org.eclipse.jetty.server.Request" }
+  - { kind: param, method: "<org.eclipse.jetty.server.handler.ContextHandler: boolean handle(org.eclipse.jetty.server.Request,org.eclipse.jetty.server.Response,org.eclipse.jetty.util.Callback)>", index: 0, type: "org.eclipse.jetty.server.Request" }
+  - { kind: param, method: "<org.eclipse.jetty.server.handler.ContextHandlerCollection: boolean handle(org.eclipse.jetty.server.Request,org.eclipse.jetty.server.Response,org.eclipse.jetty.util.Callback)>", index: 0, type: "org.eclipse.jetty.server.Request" }
+  - { kind: param, method: "<org.eclipse.jetty.server.handler.CrossOriginHandler: boolean handle(org.eclipse.jetty.server.Request,org.eclipse.jetty.server.Response,org.eclipse.jetty.util.Callback)>", index: 0, type: "org.eclipse.jetty.server.Request" }
+  - { kind: param, method: "<org.eclipse.jetty.server.handler.DebugHandler: boolean handle(org.eclipse.jetty.server.Request,org.eclipse.jetty.server.Response,org.eclipse.jetty.util.Callback)>", index: 0, type: "" }
+  - { kind: param, method: "<org.eclipse.jetty.server.handler.DefaultHandler: boolean handle(org.eclipse.jetty.server.Request,org.eclipse.jetty.server.Response,org.eclipse.jetty.util.Callback)>", index: 0, type: "org.eclipse.jetty.server.Request" }
+  - { kind: param, method: "<org.eclipse.jetty.server.handler.DelayedHandler: boolean handle(org.eclipse.jetty.server.Request,org.eclipse.jetty.server.Response,org.eclipse.jetty.util.Callback)>", index: 0, type: "org.eclipse.jetty.server.Request" }
+  - { kind: param, method: "<org.eclipse.jetty.server.handler.ErrorHandler: boolean handle(org.eclipse.jetty.server.Request,org.eclipse.jetty.server.Response,org.eclipse.jetty.util.Callback)>", index: 0, type: "org.eclipse.jetty.server.Request" }
+  - { kind: param, method: "<org.eclipse.jetty.server.handler.EventsHandler: boolean handle(org.eclipse.jetty.server.Request,org.eclipse.jetty.server.Response,org.eclipse.jetty.util.Callback)>", index: 0, type: "org.eclipse.jetty.server.Request" }
+  - { kind: param, method: "<org.eclipse.jetty.server.handler.GracefulHandler: boolean handle(org.eclipse.jetty.server.Request,org.eclipse.jetty.server.Response,org.eclipse.jetty.util.Callback)>", index: 0, type: "org.eclipse.jetty.server.Request" }
+  - { kind: param, method: "<org.eclipse.jetty.server.handler.HotSwapHandler: boolean handle(org.eclipse.jetty.server.Request,org.eclipse.jetty.server.Response,org.eclipse.jetty.util.Callback)>", index: 0, type: "org.eclipse.jetty.server.Request" }
+  - { kind: param, method: "<org.eclipse.jetty.server.handler.IdleTimeoutHandler: boolean handle(org.eclipse.jetty.server.Request,org.eclipse.jetty.server.Response,org.eclipse.jetty.util.Callback)>", index: 0, type: "org.eclipse.jetty.server.Request" }
+  - { kind: param, method: "<org.eclipse.jetty.server.handler.MovedContextHandler: boolean handle(org.eclipse.jetty.server.Request,org.eclipse.jetty.server.Response,org.eclipse.jetty.util.Callback)>", index: 0, type: "org.eclipse.jetty.server.Request" }
+  - { kind: param, method: "<org.eclipse.jetty.server.handler.PathMappingsHandler: boolean handle(org.eclipse.jetty.server.Request,org.eclipse.jetty.server.Response,org.eclipse.jetty.util.Callback)>", index: 0, type: "org.eclipse.jetty.server.Request" }
+  - { kind: param, method: "<org.eclipse.jetty.server.handler.ResourceHandler: boolean handle(org.eclipse.jetty.server.Request,org.eclipse.jetty.server.Response,org.eclipse.jetty.util.Callback)>", index: 0, type: "org.eclipse.jetty.server.Request" }
+  - { kind: param, method: "<org.eclipse.jetty.server.handler.SecuredRedirectHandler: boolean handle(org.eclipse.jetty.server.Request,org.eclipse.jetty.server.Response,org.eclipse.jetty.util.Callback)>", index: 0, type: "org.eclipse.jetty.server.Request" }
+  - { kind: param, method: "<org.eclipse.jetty.server.handler.ShutdownHandler: boolean handle(org.eclipse.jetty.server.Request,org.eclipse.jetty.server.Response,org.eclipse.jetty.util.Callback)>", index: 0, type: "org.eclipse.jetty.server.Request" }
+  - { kind: param, method: "<org.eclipse.jetty.server.handler.StateTrackingHandler: boolean handle(org.eclipse.jetty.server.Request,org.eclipse.jetty.server.Response,org.eclipse.jetty.util.Callback)>", index: 0, type: "org.eclipse.jetty.server.Request" }
+  - { kind: param, method: "<org.eclipse.jetty.server.handler.StatisticsHandler: boolean handle(org.eclipse.jetty.server.Request,org.eclipse.jetty.server.Response,org.eclipse.jetty.util.Callback)>", index: 0, type: "org.eclipse.jetty.server.Request" }
+  - { kind: param, method: "<org.eclipse.jetty.server.handler.TryPathsHandler: boolean handle(org.eclipse.jetty.server.Request,org.eclipse.jetty.server.Response,org.eclipse.jetty.util.Callback)>", index: 0, type: "org.eclipse.jetty.server.Request" }
+  - { kind: param, method: "<org.eclipse.jetty.server.handler.gzip.GzipHandler: boolean handle(org.eclipse.jetty.server.Request,org.eclipse.jetty.server.Response,org.eclipse.jetty.util.Callback)>", index: 0, type: "org.eclipse.jetty.server.Request" }
+ 
\ No newline at end of file
diff --git a/src/main/resources/taint-specification-collection/injection/source/jetty/jetty-session/jetty-session.yml b/src/main/resources/taint-specification-collection/injection/source/jetty/jetty-session/jetty-session.yml
new file mode 100644
index 000000000..a4c27b29b
--- /dev/null
+++ b/src/main/resources/taint-specification-collection/injection/source/jetty/jetty-session/jetty-session.yml
@@ -0,0 +1,2 @@
+sources:
+  - { kind: param, method: "<org.eclipse.jetty.session.SessionHandler: boolean handle(org.eclipse.jetty.server.Request,org.eclipse.jetty.server.Response,org.eclipse.jetty.util.Callback)>", index: 0, type: "org.eclipse.jetty.server.Request" }
diff --git a/src/main/resources/taint-specification-collection/injection/source/sonarqube/README.adoc b/src/main/resources/taint-specification-collection/injection/source/sonarqube/README.adoc
new file mode 100644
index 000000000..b2b48cbde
--- /dev/null
+++ b/src/main/resources/taint-specification-collection/injection/source/sonarqube/README.adoc
@@ -0,0 +1,7 @@
+= Description
+
+The Sources recorded in this directory primarily come from SonarQube. The source methods that can cause taint include:
+- Methods that retrieve properties from the incoming request (e.g., getParams, getValues)
+- ...
+
+These inputs are provided externally and can be spoofed.
diff --git a/src/main/resources/taint-specification-collection/injection/source/sonarqube/sonarqube-ws/sonarqube-ws.yml b/src/main/resources/taint-specification-collection/injection/source/sonarqube/sonarqube-ws/sonarqube-ws.yml
new file mode 100644
index 000000000..e799a6da9
--- /dev/null
+++ b/src/main/resources/taint-specification-collection/injection/source/sonarqube/sonarqube-ws/sonarqube-ws.yml
@@ -0,0 +1,22 @@
+sources:
+  # interface
+  # - { kind: call, method: "<org.sonarqube.ws.client.Parameters: java.lang.String getValue(java.lang.String)>", index: result, type: "java.lang.String" }
+  # - { kind: call, method: "<org.sonarqube.ws.client.Parameters: java.util.List getValues(java.lang.String)>", index: result, type: "java.util.List" }
+  # - { kind: call, method: "<org.sonarqube.ws.client.Parameters: java.util.Set getKeys()>", index: result, type: "java.util.Set" }
+  - { kind: call, method: "<org.sonarqube.ws.client.BaseRequest$DefaultParameters: java.lang.String getValue(java.lang.String)>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<org.sonarqube.ws.client.BaseRequest$DefaultParameters: java.util.List getValues(java.lang.String)>", index: result, type: "java.util.List" }
+  - { kind: call, method: "<org.sonarqube.ws.client.BaseRequest$DefaultParameters: java.util.Set getKeys()>", index: result, type: "java.util.Set" }
+  
+  # interface
+  # - { kind: call, method: "<org.sonarqube.ws.client.Headers: java.util.Optional getValue(java.lang.String)>", index: result, type: "java.util.Optional" }
+  # - { kind: call, method: "<org.sonarqube.ws.client.Headers: java.util.Set getNames()>", index: result, type: "java.util.Set" }
+  - { kind: call, method: "<org.sonarqube.ws.client.BaseRequest$DefaultHeaders: java.util.Optional getValue(java.lang.String)>", index: result, type: "java.util.Optional" }
+  - { kind: call, method: "<org.sonarqube.ws.client.BaseRequest$DefaultHeaders: java.util.Set getNames()>", index: result, type: "java.util.Set" }
+
+  # interface
+  # - { kind: call, method: "<org.sonarqube.ws.client.WsRequest: java.lang.String getPath()>", index: result, type: "java.lang.String" }
+  # - { kind: call, method: "<org.sonarqube.ws.client.WsRequest: java.lang.String getMediaType()>", index: result, type: "java.lang.String" }
+  # - { kind: call, method: "<org.sonarqube.ws.client.WsRequest: java.util.Map getParams()>", index: result, type: "java.util.Map" }
+  - { kind: call, method: "<org.sonarqube.ws.client.BaseRequest: java.lang.String getPath()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<org.sonarqube.ws.client.BaseRequest: java.lang.String getMediaType()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<org.sonarqube.ws.client.BaseRequest: java.util.Map getParams()>", index: result, type: "java.util.Map" }
diff --git a/src/main/resources/taint-specification-collection/transfer/string-transfers.yml b/src/main/resources/taint-specification-collection/transfer/string-transfers.yml
new file mode 100644
index 000000000..0c5bbda70
--- /dev/null
+++ b/src/main/resources/taint-specification-collection/transfer/string-transfers.yml
@@ -0,0 +1,179 @@
+transfers:
+  - { method: "<java.lang.String: void <init>(byte[])>", from: 0, to: base }
+  - { method: "<java.lang.String: void <init>(byte[],int)>", from: 0, to: base }
+  - { method: "<java.lang.String: void <init>(byte[],int,int)>", from: 0, to: base }
+  - { method: "<java.lang.String: void <init>(byte[],int,int,int)>", from: 0, to: base }
+  - { method: "<java.lang.String: void <init>(byte[],int,int,java.lang.String)>", from: 0, to: base }
+  - { method: "<java.lang.String: void <init>(byte[],int,int,java.nio.charset.Charset)>", from: 0, to: base }
+  - { method: "<java.lang.String: void <init>(byte[],java.lang.String)>", from: 0, to: base }
+  - { method: "<java.lang.String: void <init>(byte[],java.nio.charset.Charset)>", from: 0, to: base }
+
+  - { method: "<java.lang.String: void <init>(char[])>", from: 0, to: base }
+  - { method: "<java.lang.String: void <init>(char[],int,int)>", from: 0, to: base }
+
+  - { method: "<java.lang.String: void <init>(int[],int,int)>", from: 0, to: base }
+
+  - { method: "<java.lang.String: void <init>(java.lang.String)>", from: 0, to: base }
+  - { method: "<java.lang.String: void <init>(java.lang.StringBuilder)>", from: 0, to: base }
+  - { method: "<java.lang.String: void <init>(java.lang.StringBuffer)>", from: 0, to: base }
+
+  - { method: "<java.lang.String: char charAt(int)>", from: base, to: result }
+  - { method: "<java.lang.String: int codePointAt(int)>", from: base, to: result }
+  - { method: "<java.lang.String: int codePointBefore(int)>", from: base, to: result }
+
+  - { method: "<java.lang.String: java.lang.String concat(java.lang.String)>", from: 0, to: result }
+
+  - { method: "<java.lang.String: java.lang.String copyValueOf(char[])>", from: 0, to: result }
+  - { method: "<java.lang.String: java.lang.String copyValueOf(char[],int,int)>", from: 0, to: result }
+
+  - { method: "<java.lang.String: java.lang.String format(java.util.Locale,java.lang.String,java.lang.Object[])>", from: 1, to: result }
+  - { method: "<java.lang.String: java.lang.String format(java.util.Locale,java.lang.String,java.lang.Object[])>", from: "2[*]", to: result }
+  - { method: "<java.lang.String: java.lang.String format(java.lang.String,java.lang.Object[])>", from: 0, to: result }
+  - { method: "<java.lang.String: java.lang.String format(java.lang.String,java.lang.Object[])>", from: "1[*]", to: result }
+
+  - { method: "<java.lang.String: byte[] getBytes()>", from: base, to: result }
+  - { method: "<java.lang.String: byte[] getBytes(java.nio.charset.Charset)>", from: base, to: result }
+  - { method: "<java.lang.String: void getBytes(int,int,byte[],int)>", from: base, to: 2 }
+  - { method: "<java.lang.String: byte[] getBytes(java.lang.String)>", from: base, to: result }
+  - { method: "<java.lang.String: void getChars(int,int,char[],int)>", from: base, to: 2 }
+
+  - { method: "<java.lang.String: java.lang.String intern()>", from: base, to: result }
+
+  - { method: "<java.lang.String: java.lang.String join(java.lang.CharSequence,java.lang.CharSequence[])>", from: 0, to: result }
+  - { method: "<java.lang.String: java.lang.String join(java.lang.CharSequence,java.lang.CharSequence[])>", from: "1[*]", to: result }
+  - { method: "<java.lang.String: java.lang.String join(java.lang.CharSequence,java.lang.Iterable)>", from: 0, to: result }
+  - { method: "<java.lang.String: java.lang.String join(java.lang.CharSequence,java.lang.Iterable)>", from: 1, to: result }
+
+  - { method: "<java.lang.String: java.lang.String replace(char,char)>", from: 1, to: result }
+  - { method: "<java.lang.String: java.lang.String replace(char,char)>", from: base, to: result }
+  - { method: "<java.lang.String: java.lang.String replace(java.lang.CharSequence,java.lang.CharSequence)>", from: 1, to: result }
+  - { method: "<java.lang.String: java.lang.String replace(java.lang.CharSequence,java.lang.CharSequence)>", from: base, to: result }
+  - { method: "<java.lang.String: java.lang.String replaceAll(java.lang.String,java.lang.String)>", from: 1, to: result }
+  - { method: "<java.lang.String: java.lang.String replaceAll(java.lang.String,java.lang.String)>", from: base, to: result }
+  - { method: "<java.lang.String: java.lang.String replaceFirst(java.lang.String,java.lang.String)>", from: 1, to: result }
+  - { method: "<java.lang.String: java.lang.String replaceFirst(java.lang.String,java.lang.String)>", from: base, to: result }
+
+  - { method: "<java.lang.String: java.lang.String[] split(java.lang.String)>", from: base, to: "result[*]" }
+  - { method: "<java.lang.String: java.lang.String[] split(java.lang.String,int)>", from: base, to: "result[*]" }
+
+  - { method: "<java.lang.String: java.lang.CharSequence subSequence(int,int)>", from: base, to: result, type: "java.lang.String" }
+
+  - { method: "<java.lang.String: java.lang.String substring(int)>", from: base, to: result }
+  - { method: "<java.lang.String: java.lang.String substring(int,int)>", from: base, to: result }
+
+  - { method: "<java.lang.String: char[] toCharArray()>", from: base, to: result }
+
+  - { method: "<java.lang.String: java.lang.String toLowerCase()>", from: base, to: result }
+  - { method: "<java.lang.String: java.lang.String toLowerCase(java.util.Locale)>", from: base, to: result }
+  - { method: "<java.lang.String: java.lang.String toUpperCase()>", from: base, to: result }
+  - { method: "<java.lang.String: java.lang.String toUpperCase(java.util.Locale)>", from: base, to: result }
+
+  - { method: "<java.lang.String: java.lang.String trim()>", from: base, to: result }
+
+  - { method: "<java.lang.String: java.lang.String valueOf(boolean)>", from: 0, to: result }
+  - { method: "<java.lang.String: java.lang.String valueOf(char)>", from: 0, to: result }
+  - { method: "<java.lang.String: java.lang.String valueOf(char[])>", from: 0, to: result }
+  - { method: "<java.lang.String: java.lang.String valueOf(char[],int,int)>", from: 0, to: result }
+  - { method: "<java.lang.String: java.lang.String valueOf(double)>", from: 0, to: result }
+  - { method: "<java.lang.String: java.lang.String valueOf(float)>", from: 0, to: result }
+  - { method: "<java.lang.String: java.lang.String valueOf(int)>", from: 0, to: result }
+  - { method: "<java.lang.String: java.lang.String valueOf(long)>", from: 0, to: result }
+  - { method: "<java.lang.String: java.lang.String valueOf(java.lang.Object)>", from: 0, to: result }
+
+  - { method: "<java.lang.StringBuffer: void <init>(java.lang.String)>", from: 0, to: base }
+  - { method: "<java.lang.StringBuffer: void <init>(java.lang.CharSequence)>", from: 0, to: base }
+
+  - { method: "<java.lang.StringBuffer: java.lang.StringBuffer append(boolean)>", from: 0, to: base }
+  - { method: "<java.lang.StringBuffer: java.lang.StringBuffer append(char)>", from: 0, to: base }
+  - { method: "<java.lang.StringBuffer: java.lang.StringBuffer append(int)>", from: 0, to: base }
+  - { method: "<java.lang.StringBuffer: java.lang.StringBuffer append(long)>", from: 0, to: base }
+  - { method: "<java.lang.StringBuffer: java.lang.StringBuffer append(char[])>", from: 0, to: base }
+  - { method: "<java.lang.StringBuffer: java.lang.StringBuffer append(char[],int,int)>", from: 0, to: base }
+  - { method: "<java.lang.StringBuffer: java.lang.StringBuffer append(double)>", from: 0, to: base }
+  - { method: "<java.lang.StringBuffer: java.lang.StringBuffer append(float)>", from: 0, to: base }
+  - { method: "<java.lang.StringBuffer: java.lang.StringBuffer append(java.lang.CharSequence)>", from: 0, to: base }
+  - { method: "<java.lang.StringBuffer: java.lang.StringBuffer append(java.lang.CharSequence,int,int)>", from: 0, to: base }
+  - { method: "<java.lang.StringBuffer: java.lang.StringBuffer append(java.lang.Object)>", from: 0, to: base }
+  - { method: "<java.lang.StringBuffer: java.lang.StringBuffer append(java.lang.String)>", from: 0, to: base }
+  - { method: "<java.lang.StringBuffer: java.lang.StringBuffer append(java.lang.StringBuffer)>", from: 0, to: base }
+  - { method: "<java.lang.StringBuffer: java.lang.StringBuffer appendCodePoint(int)>", from: 0, to: base }
+
+  - { method: "<java.lang.StringBuffer: char charAt(int)>", from: base, to: result }
+
+  - { method: "<java.lang.StringBuffer: void getChars(int,int,char[],int)>", from: base, to: 2 }
+
+  - { method: "<java.lang.StringBuffer: int codePointAt(int)>", from: base, to: result }
+  - { method: "<java.lang.StringBuffer: int codePointBefore(int)>", from: base, to: result }
+
+  - { method: "<java.lang.StringBuffer: java.lang.StringBuffer insert(int,boolean)>", from: 1, to: base }
+  - { method: "<java.lang.StringBuffer: java.lang.StringBuffer insert(int,char)>", from: 1, to: base }
+  - { method: "<java.lang.StringBuffer: java.lang.StringBuffer insert(int,char[])>", from: 1, to: base }
+  - { method: "<java.lang.StringBuffer: java.lang.StringBuffer insert(int,char[],int,int)>", from: 1, to: base }
+  - { method: "<java.lang.StringBuffer: java.lang.StringBuffer insert(int,double)>", from: 1, to: base }
+  - { method: "<java.lang.StringBuffer: java.lang.StringBuffer insert(int,float)>", from: 1, to: base }
+  - { method: "<java.lang.StringBuffer: java.lang.StringBuffer insert(int,int)>", from: 1, to: base }
+  - { method: "<java.lang.StringBuffer: java.lang.StringBuffer insert(int,long)>", from: 1, to: base }
+  - { method: "<java.lang.StringBuffer: java.lang.StringBuffer insert(int,java.lang.CharSequence)>", from: 1, to: base }
+  - { method: "<java.lang.StringBuffer: java.lang.StringBuffer insert(int,java.lang.CharSequence,int,int)>", from: 1, to: base }
+  - { method: "<java.lang.StringBuffer: java.lang.StringBuffer insert(int,java.lang.Object)>", from: 1, to: base }
+  - { method: "<java.lang.StringBuffer: java.lang.StringBuffer insert(int,java.lang.String)>", from: 1, to: base }
+
+  - { method: "<java.lang.StringBuffer: java.lang.StringBuffer replace(int,int,java.lang.String)>", from: 2, to: base }
+
+  - { method: "<java.lang.StringBuffer: void setCharAt(int,char)>", from: 1, to: base }
+
+  - { method: "<java.lang.StringBuffer: java.lang.CharSequence subSequence(int,int)>", from: base, to: result, type: "java.lang.String" }
+
+  - { method: "<java.lang.StringBuffer: java.lang.String substring(int)>", from: base, to: result }
+  - { method: "<java.lang.StringBuffer: java.lang.String substring(int,int)>", from: base, to: result }
+
+  - { method: "<java.lang.StringBuffer: java.lang.String toString()>", from: base, to: result }
+
+  - { method: "<java.lang.StringBuilder: void <init>(java.lang.String)>", from: 0, to: base }
+  - { method: "<java.lang.StringBuilder: void <init>(java.lang.CharSequence)>", from: 0, to: base }
+
+  - { method: "<java.lang.StringBuilder: java.lang.StringBuilder append(boolean)>", from: 0, to: base }
+  - { method: "<java.lang.StringBuilder: java.lang.StringBuilder append(char)>", from: 0, to: base }
+  - { method: "<java.lang.StringBuilder: java.lang.StringBuilder append(int)>", from: 0, to: base }
+  - { method: "<java.lang.StringBuilder: java.lang.StringBuilder append(long)>", from: 0, to: base }
+  - { method: "<java.lang.StringBuilder: java.lang.StringBuilder append(char[])>", from: 0, to: base }
+  - { method: "<java.lang.StringBuilder: java.lang.StringBuilder append(char[],int,int)>", from: 0, to: base }
+  - { method: "<java.lang.StringBuilder: java.lang.StringBuilder append(double)>", from: 0, to: base }
+  - { method: "<java.lang.StringBuilder: java.lang.StringBuilder append(float)>", from: 0, to: base }
+  - { method: "<java.lang.StringBuilder: java.lang.StringBuilder append(java.lang.CharSequence)>", from: 0, to: base }
+  - { method: "<java.lang.StringBuilder: java.lang.StringBuilder append(java.lang.CharSequence,int,int)>", from: 0, to: base }
+  - { method: "<java.lang.StringBuilder: java.lang.StringBuilder append(java.lang.Object)>", from: 0, to: base }
+  - { method: "<java.lang.StringBuilder: java.lang.StringBuilder append(java.lang.String)>", from: 0, to: base }
+  - { method: "<java.lang.StringBuilder: java.lang.StringBuilder append(java.lang.StringBuffer)>", from: 0, to: base }
+  - { method: "<java.lang.StringBuilder: java.lang.StringBuilder appendCodePoint(int)>", from: 0, to: base }
+
+  - { method: "<java.lang.StringBuilder: char charAt(int)>", from: base, to: result }
+
+  - { method: "<java.lang.StringBuilder: void getChars(int,int,char[],int)>", from: base, to: 2 }
+
+  - { method: "<java.lang.StringBuilder: int codePointAt(int)>", from: base, to: result }
+  - { method: "<java.lang.StringBuilder: int codePointBefore(int)>", from: base, to: result }
+
+  - { method: "<java.lang.StringBuilder: java.lang.StringBuilder insert(int,boolean)>", from: 1, to: base }
+  - { method: "<java.lang.StringBuilder: java.lang.StringBuilder insert(int,char)>", from: 1, to: base }
+  - { method: "<java.lang.StringBuilder: java.lang.StringBuilder insert(int,char[])>", from: 1, to: base }
+  - { method: "<java.lang.StringBuilder: java.lang.StringBuilder insert(int,char[],int,int)>", from: 1, to: base }
+  - { method: "<java.lang.StringBuilder: java.lang.StringBuilder insert(int,double)>", from: 1, to: base }
+  - { method: "<java.lang.StringBuilder: java.lang.StringBuilder insert(int,float)>", from: 1, to: base }
+  - { method: "<java.lang.StringBuilder: java.lang.StringBuilder insert(int,int)>", from: 1, to: base }
+  - { method: "<java.lang.StringBuilder: java.lang.StringBuilder insert(int,long)>", from: 1, to: base }
+  - { method: "<java.lang.StringBuilder: java.lang.StringBuilder insert(int,java.lang.CharSequence)>", from: 1, to: base }
+  - { method: "<java.lang.StringBuilder: java.lang.StringBuilder insert(int,java.lang.CharSequence,int,int)>", from: 1, to: base }
+  - { method: "<java.lang.StringBuilder: java.lang.StringBuilder insert(int,java.lang.Object)>", from: 1, to: base }
+  - { method: "<java.lang.StringBuilder: java.lang.StringBuilder insert(int,java.lang.String)>", from: 1, to: base }
+
+  - { method: "<java.lang.StringBuilder: java.lang.StringBuilder replace(int,int,java.lang.String)>", from: 2, to: base }
+
+  - { method: "<java.lang.StringBuilder: void setCharAt(int,char)>", from: 1, to: base }
+
+  - { method: "<java.lang.StringBuilder: java.lang.CharSequence subSequence(int,int)>", from: base, to: result, type: "java.lang.String" }
+
+  - { method: "<java.lang.StringBuilder: java.lang.String substring(int)>", from: base, to: result }
+  - { method: "<java.lang.StringBuilder: java.lang.String substring(int,int)>", from: base, to: result }
+
+  - { method: "<java.lang.StringBuilder: java.lang.String toString()>", from: base, to: result }

From b58ecc1bae11646083c2b85aa9766fa8cc06adfa Mon Sep 17 00:00:00 2001
From: Xiao Yinning <211220110@smail.nju.edu.cn>
Date: Fri, 27 Dec 2024 02:56:40 +0000
Subject: [PATCH 2/9] add taint-configuration

Co-authored-by: auroraberry <2507097782@qq.com>
Co-authored-by: Isla-top <211220177@smail.nju.edu.cn>
---
 docs/en/taint-configuration.adoc              |  99 +++++++++++++++
 .../infoleak/sink/java-io/README.adoc         |   0
 .../infoleak/sink/java-io/java-io.yml         |   0
 .../infoleak/source/java/README.adoc          |   0
 .../infoleak/source/java/java-io.yml          |   0
 .../infoleak/source/java/java-lang-system.yml |   0
 .../infoleak/source/java/java-net.yml         |   0
 .../infoleak/source/java/java-sql.yml         |   0
 .../android/sql-injection/ContentProvider.yml |   0
 .../android/sql-injection/DatabaseUtils.yml   |   0
 .../sink/android/sql-injection/README.adoc    |   0
 .../android/sql-injection/SQLiteDatabase.yml  |   0
 .../sql-injection/SQLiteQueryBuilder.yml      |   0
 .../apache-Xalan/xpath-injection/README.adoc  |   0
 .../apache-Xalan/xpath-injection/xpath.yml    |   0
 .../apache-log4j/log4j_1x/crlf/Category.yml   |   0
 .../apache-log4j/log4j_1x/crlf/Logger.yml     |   0
 .../apache-log4j/log4j_1x/crlf/README.adoc    |   0
 .../sink/apache-log4j/log4j_2/crlf/Logger.yml |   0
 .../apache-log4j/log4j_2/crlf/README.adoc     |   0
 .../xpath/RAEDME.adoc                         |   0
 .../xpath/xpath.yml                           |   0
 .../apache-struts/file-disclosure/README.adoc |   0
 .../struts-file-disclosure.yml                |   0
 .../apache-struts/ognl-injection/OgnlUtil.yml |   0
 .../apache-struts/ognl-injection/README.adoc  |   0
 .../ognl-injection/TextParseUtil.yml          |   0
 .../ognl-injection/reflection-relative.yml    |   0
 .../sink/apache-struts/other/other.yml        |   0
 .../apache-turbine/sql-injection/README.adoc  |   0
 .../sql-injection/sql-turbine.yml             |   0
 .../attribute-injection/README.adoc           |   0
 .../beanutils2/attribute-injection/beans.yml  |   0
 .../apahce-commons/logging/crlf/README.adoc   |   0
 .../apahce-commons/logging/crlf/crlf-logs.yml |   0
 .../injection/sink/java/crlf/README.adoc      |   0
 .../injection/sink/java/crlf/crlf-logs.yml    |   0
 .../sink/java/path-traversal/README.adoc      |   0
 .../java/path-traversal/path-traversal.yml    |   0
 .../injection/sink/java/rce/README.adoc       |   0
 .../injection/sink/java/rce/command.yml       |   0
 .../sink/java/xpath-injection/README.adoc     |   0
 .../sink/java/xpath-injection/xpath.yml       |   0
 .../injection/sink/java/xss/README.adoc       |   0
 .../injection/sink/java/xss/formatter.yml     |   0
 .../injection/sink/java/xss/output.yml        |   0
 .../sink/javax/ldap-injection/README.adoc     |   0
 .../sink/javax/ldap-injection/ldap.yml        |   3 +-
 .../injection/sink/javax/other/el.yml         |   0
 .../sink/javax/other/response-splitting.yml   |   0
 .../sink/javax/other/script-engine.yml        |   0
 .../injection/sink/javax/other/smtp.yml       |   0
 .../javax/other/trust-boundary-violation.yml  |   0
 .../injection/sink/javax/other/xslt.yml       |   0
 .../injection/sink/javax/xss/README.adoc      |   0
 .../injection/sink/javax/xss/output.yml       |   0
 .../sink/javax/xss/request-dispatcher.yml     |   0
 .../injection/sink/slf4j/crlf/README.adoc     |   0
 .../injection/sink/slf4j/crlf/crlf-logs.yml   |   0
 .../sink/spring-framework/beans/README.adoc   |   0
 .../sink/spring-framework/beans/beans.yml     |   0
 .../file-disclosure/README.adoc               |   0
 .../spring-file-disclosure.yml                |   0
 .../ldap-injection/README.adoc                |   0
 .../spring-framework/ldap-injection/ldap.yml  |   0
 .../spel-inejction/README.adoc                |   0
 .../spel-inejction/spring-expression.yml      |   4 -
 .../sql-injection/README.adoc                 |   0
 .../sql-injection/sql-spring.yml              |   0
 .../injection/sink/tinylog/crlf/README.adoc   |   0
 .../injection/sink/tinylog/crlf/crlf-logs.yml |   0
 .../source/apache-struts2/README.adoc         |   0
 .../source/apache-struts2/struts2.yml         |   0
 .../source/apache-wicket/README.adoc          |   0
 .../injection/source/apache-wicket/wicket.yml |   0
 .../injection/source/dropwizard/README.adoc   |   0
 .../dropwizard-jersey/dropwizard-jersey.yml   |   0
 .../dropwizard-servlet.yml                    |   0
 .../injection/source/java/README.adoc         |   0
 .../injection/source/java/java-awt.yml        |   0
 .../injection/source/java/java-io.yml         |   0
 .../injection/source/java/java-net.yml        |   0
 .../source/java/java-util-Scanner.yml         |   0
 .../injection/source/javax/README.adoc        |   0
 .../javax/javax-portlet/PortletRequest.yml    |   0
 .../javax/javax-portlet/portlet-other.yml     |   0
 .../source/javax/javax-servlet/Cookie.yml     |   0
 .../HttpServletRequestWrapper.yml             |   0
 .../javax-servlet/ServletRequestWrapper.yml   |   0
 .../source/javax/javax-swing/swing.yml        |   0
 .../injection/source/jetty/README.adoc        |   0
 .../source/jetty/jetty-http/jetty-http.yml    |   0
 .../jetty/jetty-server/jetty-server.yml       |   0
 .../jetty/jetty-session/jetty-session.yml     |   0
 .../injection/source/sonarqube/README.adoc    |   0
 .../sonarqube/sonarqube-ws/sonarqube-ws.yml   |  11 --
 .../transfer/string-transfers.yml             |   0
 .../README.adoc                               | 116 ------------------
 .../infoleak/infoleak.yml                     |   5 -
 .../sink/java/sql-injection/sql-jdbc.yml      |  13 --
 .../sink/javax/sql-injection/README.adoc      |  10 --
 .../sink/javax/sql-injection/sql-jdo.yml      |  10 --
 .../sink/javax/sql-injection/sql-jpa.yml      |   7 --
 .../sink/javax/xpath-injection/README.adoc    |  10 --
 .../sink/javax/xpath-injection/xpath.yml      |   7 --
 .../javax-servlet/HttpServletRequest.yml      |  44 -------
 .../javax/javax-servlet/ServletRequest.yml    |  11 --
 107 files changed, 100 insertions(+), 250 deletions(-)
 create mode 100644 docs/en/taint-configuration.adoc
 rename src/main/resources/{taint-specification-collection => taint-configuration}/infoleak/sink/java-io/README.adoc (100%)
 rename src/main/resources/{taint-specification-collection => taint-configuration}/infoleak/sink/java-io/java-io.yml (100%)
 rename src/main/resources/{taint-specification-collection => taint-configuration}/infoleak/source/java/README.adoc (100%)
 rename src/main/resources/{taint-specification-collection => taint-configuration}/infoleak/source/java/java-io.yml (100%)
 rename src/main/resources/{taint-specification-collection => taint-configuration}/infoleak/source/java/java-lang-system.yml (100%)
 rename src/main/resources/{taint-specification-collection => taint-configuration}/infoleak/source/java/java-net.yml (100%)
 rename src/main/resources/{taint-specification-collection => taint-configuration}/infoleak/source/java/java-sql.yml (100%)
 rename src/main/resources/{taint-specification-collection => taint-configuration}/injection/sink/android/sql-injection/ContentProvider.yml (100%)
 rename src/main/resources/{taint-specification-collection => taint-configuration}/injection/sink/android/sql-injection/DatabaseUtils.yml (100%)
 rename src/main/resources/{taint-specification-collection => taint-configuration}/injection/sink/android/sql-injection/README.adoc (100%)
 rename src/main/resources/{taint-specification-collection => taint-configuration}/injection/sink/android/sql-injection/SQLiteDatabase.yml (100%)
 rename src/main/resources/{taint-specification-collection => taint-configuration}/injection/sink/android/sql-injection/SQLiteQueryBuilder.yml (100%)
 rename src/main/resources/{taint-specification-collection => taint-configuration}/injection/sink/apache-Xalan/xpath-injection/README.adoc (100%)
 rename src/main/resources/{taint-specification-collection => taint-configuration}/injection/sink/apache-Xalan/xpath-injection/xpath.yml (100%)
 rename src/main/resources/{taint-specification-collection => taint-configuration}/injection/sink/apache-log4j/log4j_1x/crlf/Category.yml (100%)
 rename src/main/resources/{taint-specification-collection => taint-configuration}/injection/sink/apache-log4j/log4j_1x/crlf/Logger.yml (100%)
 rename src/main/resources/{taint-specification-collection => taint-configuration}/injection/sink/apache-log4j/log4j_1x/crlf/README.adoc (100%)
 rename src/main/resources/{taint-specification-collection => taint-configuration}/injection/sink/apache-log4j/log4j_2/crlf/Logger.yml (100%)
 rename src/main/resources/{taint-specification-collection => taint-configuration}/injection/sink/apache-log4j/log4j_2/crlf/README.adoc (100%)
 rename src/main/resources/{taint-specification-collection => taint-configuration}/injection/sink/apache-santuario-xml-security/xpath/RAEDME.adoc (100%)
 rename src/main/resources/{taint-specification-collection => taint-configuration}/injection/sink/apache-santuario-xml-security/xpath/xpath.yml (100%)
 rename src/main/resources/{taint-specification-collection => taint-configuration}/injection/sink/apache-struts/file-disclosure/README.adoc (100%)
 rename src/main/resources/{taint-specification-collection => taint-configuration}/injection/sink/apache-struts/file-disclosure/struts-file-disclosure.yml (100%)
 rename src/main/resources/{taint-specification-collection => taint-configuration}/injection/sink/apache-struts/ognl-injection/OgnlUtil.yml (100%)
 rename src/main/resources/{taint-specification-collection => taint-configuration}/injection/sink/apache-struts/ognl-injection/README.adoc (100%)
 rename src/main/resources/{taint-specification-collection => taint-configuration}/injection/sink/apache-struts/ognl-injection/TextParseUtil.yml (100%)
 rename src/main/resources/{taint-specification-collection => taint-configuration}/injection/sink/apache-struts/ognl-injection/reflection-relative.yml (100%)
 rename src/main/resources/{taint-specification-collection => taint-configuration}/injection/sink/apache-struts/other/other.yml (100%)
 rename src/main/resources/{taint-specification-collection => taint-configuration}/injection/sink/apache-turbine/sql-injection/README.adoc (100%)
 rename src/main/resources/{taint-specification-collection => taint-configuration}/injection/sink/apache-turbine/sql-injection/sql-turbine.yml (100%)
 rename src/main/resources/{taint-specification-collection => taint-configuration}/injection/sink/apahce-commons/beanutils2/attribute-injection/README.adoc (100%)
 rename src/main/resources/{taint-specification-collection => taint-configuration}/injection/sink/apahce-commons/beanutils2/attribute-injection/beans.yml (100%)
 rename src/main/resources/{taint-specification-collection => taint-configuration}/injection/sink/apahce-commons/logging/crlf/README.adoc (100%)
 rename src/main/resources/{taint-specification-collection => taint-configuration}/injection/sink/apahce-commons/logging/crlf/crlf-logs.yml (100%)
 rename src/main/resources/{taint-specification-collection => taint-configuration}/injection/sink/java/crlf/README.adoc (100%)
 rename src/main/resources/{taint-specification-collection => taint-configuration}/injection/sink/java/crlf/crlf-logs.yml (100%)
 rename src/main/resources/{taint-specification-collection => taint-configuration}/injection/sink/java/path-traversal/README.adoc (100%)
 rename src/main/resources/{taint-specification-collection => taint-configuration}/injection/sink/java/path-traversal/path-traversal.yml (100%)
 rename src/main/resources/{taint-specification-collection => taint-configuration}/injection/sink/java/rce/README.adoc (100%)
 rename src/main/resources/{taint-specification-collection => taint-configuration}/injection/sink/java/rce/command.yml (100%)
 rename src/main/resources/{taint-specification-collection => taint-configuration}/injection/sink/java/xpath-injection/README.adoc (100%)
 rename src/main/resources/{taint-specification-collection => taint-configuration}/injection/sink/java/xpath-injection/xpath.yml (100%)
 rename src/main/resources/{taint-specification-collection => taint-configuration}/injection/sink/java/xss/README.adoc (100%)
 rename src/main/resources/{taint-specification-collection => taint-configuration}/injection/sink/java/xss/formatter.yml (100%)
 rename src/main/resources/{taint-specification-collection => taint-configuration}/injection/sink/java/xss/output.yml (100%)
 rename src/main/resources/{taint-specification-collection => taint-configuration}/injection/sink/javax/ldap-injection/README.adoc (100%)
 rename src/main/resources/{taint-specification-collection => taint-configuration}/injection/sink/javax/ldap-injection/ldap.yml (99%)
 rename src/main/resources/{taint-specification-collection => taint-configuration}/injection/sink/javax/other/el.yml (100%)
 rename src/main/resources/{taint-specification-collection => taint-configuration}/injection/sink/javax/other/response-splitting.yml (100%)
 rename src/main/resources/{taint-specification-collection => taint-configuration}/injection/sink/javax/other/script-engine.yml (100%)
 rename src/main/resources/{taint-specification-collection => taint-configuration}/injection/sink/javax/other/smtp.yml (100%)
 rename src/main/resources/{taint-specification-collection => taint-configuration}/injection/sink/javax/other/trust-boundary-violation.yml (100%)
 rename src/main/resources/{taint-specification-collection => taint-configuration}/injection/sink/javax/other/xslt.yml (100%)
 rename src/main/resources/{taint-specification-collection => taint-configuration}/injection/sink/javax/xss/README.adoc (100%)
 rename src/main/resources/{taint-specification-collection => taint-configuration}/injection/sink/javax/xss/output.yml (100%)
 rename src/main/resources/{taint-specification-collection => taint-configuration}/injection/sink/javax/xss/request-dispatcher.yml (100%)
 rename src/main/resources/{taint-specification-collection => taint-configuration}/injection/sink/slf4j/crlf/README.adoc (100%)
 rename src/main/resources/{taint-specification-collection => taint-configuration}/injection/sink/slf4j/crlf/crlf-logs.yml (100%)
 rename src/main/resources/{taint-specification-collection => taint-configuration}/injection/sink/spring-framework/beans/README.adoc (100%)
 rename src/main/resources/{taint-specification-collection => taint-configuration}/injection/sink/spring-framework/beans/beans.yml (100%)
 rename src/main/resources/{taint-specification-collection => taint-configuration}/injection/sink/spring-framework/file-disclosure/README.adoc (100%)
 rename src/main/resources/{taint-specification-collection => taint-configuration}/injection/sink/spring-framework/file-disclosure/spring-file-disclosure.yml (100%)
 rename src/main/resources/{taint-specification-collection => taint-configuration}/injection/sink/spring-framework/ldap-injection/README.adoc (100%)
 rename src/main/resources/{taint-specification-collection => taint-configuration}/injection/sink/spring-framework/ldap-injection/ldap.yml (100%)
 rename src/main/resources/{taint-specification-collection => taint-configuration}/injection/sink/spring-framework/spel-inejction/README.adoc (100%)
 rename src/main/resources/{taint-specification-collection => taint-configuration}/injection/sink/spring-framework/spel-inejction/spring-expression.yml (67%)
 rename src/main/resources/{taint-specification-collection => taint-configuration}/injection/sink/spring-framework/sql-injection/README.adoc (100%)
 rename src/main/resources/{taint-specification-collection => taint-configuration}/injection/sink/spring-framework/sql-injection/sql-spring.yml (100%)
 rename src/main/resources/{taint-specification-collection => taint-configuration}/injection/sink/tinylog/crlf/README.adoc (100%)
 rename src/main/resources/{taint-specification-collection => taint-configuration}/injection/sink/tinylog/crlf/crlf-logs.yml (100%)
 rename src/main/resources/{taint-specification-collection => taint-configuration}/injection/source/apache-struts2/README.adoc (100%)
 rename src/main/resources/{taint-specification-collection => taint-configuration}/injection/source/apache-struts2/struts2.yml (100%)
 rename src/main/resources/{taint-specification-collection => taint-configuration}/injection/source/apache-wicket/README.adoc (100%)
 rename src/main/resources/{taint-specification-collection => taint-configuration}/injection/source/apache-wicket/wicket.yml (100%)
 rename src/main/resources/{taint-specification-collection => taint-configuration}/injection/source/dropwizard/README.adoc (100%)
 rename src/main/resources/{taint-specification-collection => taint-configuration}/injection/source/dropwizard/dropwizard-jersey/dropwizard-jersey.yml (100%)
 rename src/main/resources/{taint-specification-collection => taint-configuration}/injection/source/dropwizard/dropwizard-servlets/dropwizard-servlet.yml (100%)
 rename src/main/resources/{taint-specification-collection => taint-configuration}/injection/source/java/README.adoc (100%)
 rename src/main/resources/{taint-specification-collection => taint-configuration}/injection/source/java/java-awt.yml (100%)
 rename src/main/resources/{taint-specification-collection => taint-configuration}/injection/source/java/java-io.yml (100%)
 rename src/main/resources/{taint-specification-collection => taint-configuration}/injection/source/java/java-net.yml (100%)
 rename src/main/resources/{taint-specification-collection => taint-configuration}/injection/source/java/java-util-Scanner.yml (100%)
 rename src/main/resources/{taint-specification-collection => taint-configuration}/injection/source/javax/README.adoc (100%)
 rename src/main/resources/{taint-specification-collection => taint-configuration}/injection/source/javax/javax-portlet/PortletRequest.yml (100%)
 rename src/main/resources/{taint-specification-collection => taint-configuration}/injection/source/javax/javax-portlet/portlet-other.yml (100%)
 rename src/main/resources/{taint-specification-collection => taint-configuration}/injection/source/javax/javax-servlet/Cookie.yml (100%)
 rename src/main/resources/{taint-specification-collection => taint-configuration}/injection/source/javax/javax-servlet/HttpServletRequestWrapper.yml (100%)
 rename src/main/resources/{taint-specification-collection => taint-configuration}/injection/source/javax/javax-servlet/ServletRequestWrapper.yml (100%)
 rename src/main/resources/{taint-specification-collection => taint-configuration}/injection/source/javax/javax-swing/swing.yml (100%)
 rename src/main/resources/{taint-specification-collection => taint-configuration}/injection/source/jetty/README.adoc (100%)
 rename src/main/resources/{taint-specification-collection => taint-configuration}/injection/source/jetty/jetty-http/jetty-http.yml (100%)
 rename src/main/resources/{taint-specification-collection => taint-configuration}/injection/source/jetty/jetty-server/jetty-server.yml (100%)
 rename src/main/resources/{taint-specification-collection => taint-configuration}/injection/source/jetty/jetty-session/jetty-session.yml (100%)
 rename src/main/resources/{taint-specification-collection => taint-configuration}/injection/source/sonarqube/README.adoc (100%)
 rename src/main/resources/{taint-specification-collection => taint-configuration}/injection/source/sonarqube/sonarqube-ws/sonarqube-ws.yml (51%)
 rename src/main/resources/{taint-specification-collection => taint-configuration}/transfer/string-transfers.yml (100%)
 delete mode 100644 src/main/resources/taint-specification-collection/README.adoc
 delete mode 100644 src/main/resources/taint-specification-collection/infoleak/infoleak.yml
 delete mode 100644 src/main/resources/taint-specification-collection/injection/sink/java/sql-injection/sql-jdbc.yml
 delete mode 100644 src/main/resources/taint-specification-collection/injection/sink/javax/sql-injection/README.adoc
 delete mode 100644 src/main/resources/taint-specification-collection/injection/sink/javax/sql-injection/sql-jdo.yml
 delete mode 100644 src/main/resources/taint-specification-collection/injection/sink/javax/sql-injection/sql-jpa.yml
 delete mode 100644 src/main/resources/taint-specification-collection/injection/sink/javax/xpath-injection/README.adoc
 delete mode 100644 src/main/resources/taint-specification-collection/injection/sink/javax/xpath-injection/xpath.yml
 delete mode 100644 src/main/resources/taint-specification-collection/injection/source/javax/javax-servlet/HttpServletRequest.yml
 delete mode 100644 src/main/resources/taint-specification-collection/injection/source/javax/javax-servlet/ServletRequest.yml

diff --git a/docs/en/taint-configuration.adoc b/docs/en/taint-configuration.adoc
new file mode 100644
index 000000000..980d7b3df
--- /dev/null
+++ b/docs/en/taint-configuration.adoc
@@ -0,0 +1,99 @@
+= Taint Configuration for Common Vulnerabilities
+
+`Taint Configuration for Common Vulnerabilities` is a collection of configuration files for `taint analysis`. 
+This collection includes taint specifications (`source`, `sink`, and `transfer`) for various common vulnerability types. 
+To facilitate user lookup and selection, the taint specifications are organized by packages and related vulnerability types, offering a comprehensive configuration scheme for taint analysis.
+Currently, this collection contains 327 `source` configurations, 920 `sink` configurations, and 138 `transfer` configurations, enabling users to adapt and extend them based on their specific needs.
+
+== How to Use Taint Configuration for Common Vulnerabilities?
+
+Users can directly integrate the configuration files from this collection into the `taint-config.yml` for the `Tai-e` taint analysis tool, 
+or modify and extend them as needed to better meet specific analysis requirements. 
+For information on properly configuring `Tai-e` taint analysis, please refer to the link:https://tai-e.pascal-lab.net/docs/0.2.2/reference/en/taint-analysis.html#configuring-taint-analysis[Configuring Taint Analysis].
+
+== Project Structure
+
+The file organization structure of this project is as follows:
+
+[source]
+----
+taint-configuration
+|
+├─ infoleak     
+│   ├─ sink                 contains 141 sinks
+│   │   └─ java-io
+|   |
+│   └─ source               contains 158 sources
+│   |   └─ java
+|
+├─ injection                contains 779 sinks
+│   ├─ sink
+│   │   ├─ android
+│   │   │   └─ sql-injection
+│   |   |
+│   │   ├─ java
+│   │   │   ├─ crlf
+│   │   │   ├─ path-traversal
+│   │   │   ├─ rce
+│   │   │   └─ ...
+|   |   |
+│   │   └─ ...
+|   |
+│   └─ source               contains 169 sources
+│   |   ├─ apache-struts2
+|   |   |
+│   |   ├─ javax
+|   |   |   ├─ javax-portlet
+|   |   |   ├─ javax-servlet
+|   |   |   └─ javax-swing
+|   |   |
+│   |   └─ ...    
+|
+└─transfer                  contains 138 transfers about String
+----
+
+This project first categorizes the configuration files into three main categories: `infoleak`, `injection`, and `transfer`.
+
+* `infoleak` category: Contains configurations related to information leakage vulnerabilities, further subdivided into two subdirectories:
+  ** `source`: Categorized by package name.
+  ** `sink`: Categorized by package name.
+  
+* `injection` category: Contains configurations related to injection vulnerabilities, also subdivided into two subdirectories:
+  ** `source`: Categorized by package name.
+  ** `sink`: Categorized by vulnerability type.
+
+* `transfer` category: Contains commonly used `transfer` configurations.
+
+Due to the large number of `source` and `sink` configurations, we have classified them to help users quickly locate the required ones. Additionally, each subdirectory contains a corresponding README file for reference.
+
+
+== An example
+
+Here is an example of how to use the configuration files from this collection. If the user needs to detect an `RCE (Remote Code Execution)` injection vulnerability in a program using the `Jetty` software library, the following steps can be taken to modify the `taint-config.yml` file:
+
+1. Add the `source` configuration related to the *Jetty software library* from the file `taint-configuration/injection/source/jetty/jetty-http/jetty-http.yml` to the `taint-config.yml`.
+2. Add the `sink` configuration related to the *RCE type injection vulnerability* from the file `taint-configuration/injection/sink/java/rce/command.yml` to the `taint-config.yml`.
+3. Add the `transfer` configuration related to *String type* from the file `taint-configuration/transfer/string-transfers.yml` to the `taint-config.yml`.
+
+Example `taint-config.yml` configuration:
+
+```YAML
+source:
+  - { kind: call, method: "<org.eclipse.jetty.http.HttpCookie: java.lang.String getName()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<org.eclipse.jetty.http.HttpCookie: java.lang.String getValue()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<org.eclipse.jetty.http.HttpCookie: java.lang.String asString()>", index: result, type: "java.lang.String" }
+#...
+
+sinks:
+  - { method: "<java.lang.Runtime: java.lang.Process exec(java.lang.String)>", index: 0 }
+  - { method: "<java.lang.Runtime: java.lang.Process exec(java.lang.String[])>", index: 0 }
+  - { method: "<java.lang.Runtime: java.lang.Process exec(java.lang.String, java.lang.String[])>", index: 0 }
+#...
+
+transfer:
+  - { method: "<java.lang.String: java.lang.String substring(int)>", from: base, to: result }
+  - { method: "<java.lang.String: java.lang.String substring(int,int)>", from: base, to: result }
+#...
+```
+
+Once the configuration is completed, the user can use the `Tai-e` tool to perform taint analysis on the program under test to detect `RCE` type vulnerabilities triggered by the `Jetty` software library as a taint entry point. 
\ No newline at end of file
diff --git a/src/main/resources/taint-specification-collection/infoleak/sink/java-io/README.adoc b/src/main/resources/taint-configuration/infoleak/sink/java-io/README.adoc
similarity index 100%
rename from src/main/resources/taint-specification-collection/infoleak/sink/java-io/README.adoc
rename to src/main/resources/taint-configuration/infoleak/sink/java-io/README.adoc
diff --git a/src/main/resources/taint-specification-collection/infoleak/sink/java-io/java-io.yml b/src/main/resources/taint-configuration/infoleak/sink/java-io/java-io.yml
similarity index 100%
rename from src/main/resources/taint-specification-collection/infoleak/sink/java-io/java-io.yml
rename to src/main/resources/taint-configuration/infoleak/sink/java-io/java-io.yml
diff --git a/src/main/resources/taint-specification-collection/infoleak/source/java/README.adoc b/src/main/resources/taint-configuration/infoleak/source/java/README.adoc
similarity index 100%
rename from src/main/resources/taint-specification-collection/infoleak/source/java/README.adoc
rename to src/main/resources/taint-configuration/infoleak/source/java/README.adoc
diff --git a/src/main/resources/taint-specification-collection/infoleak/source/java/java-io.yml b/src/main/resources/taint-configuration/infoleak/source/java/java-io.yml
similarity index 100%
rename from src/main/resources/taint-specification-collection/infoleak/source/java/java-io.yml
rename to src/main/resources/taint-configuration/infoleak/source/java/java-io.yml
diff --git a/src/main/resources/taint-specification-collection/infoleak/source/java/java-lang-system.yml b/src/main/resources/taint-configuration/infoleak/source/java/java-lang-system.yml
similarity index 100%
rename from src/main/resources/taint-specification-collection/infoleak/source/java/java-lang-system.yml
rename to src/main/resources/taint-configuration/infoleak/source/java/java-lang-system.yml
diff --git a/src/main/resources/taint-specification-collection/infoleak/source/java/java-net.yml b/src/main/resources/taint-configuration/infoleak/source/java/java-net.yml
similarity index 100%
rename from src/main/resources/taint-specification-collection/infoleak/source/java/java-net.yml
rename to src/main/resources/taint-configuration/infoleak/source/java/java-net.yml
diff --git a/src/main/resources/taint-specification-collection/infoleak/source/java/java-sql.yml b/src/main/resources/taint-configuration/infoleak/source/java/java-sql.yml
similarity index 100%
rename from src/main/resources/taint-specification-collection/infoleak/source/java/java-sql.yml
rename to src/main/resources/taint-configuration/infoleak/source/java/java-sql.yml
diff --git a/src/main/resources/taint-specification-collection/injection/sink/android/sql-injection/ContentProvider.yml b/src/main/resources/taint-configuration/injection/sink/android/sql-injection/ContentProvider.yml
similarity index 100%
rename from src/main/resources/taint-specification-collection/injection/sink/android/sql-injection/ContentProvider.yml
rename to src/main/resources/taint-configuration/injection/sink/android/sql-injection/ContentProvider.yml
diff --git a/src/main/resources/taint-specification-collection/injection/sink/android/sql-injection/DatabaseUtils.yml b/src/main/resources/taint-configuration/injection/sink/android/sql-injection/DatabaseUtils.yml
similarity index 100%
rename from src/main/resources/taint-specification-collection/injection/sink/android/sql-injection/DatabaseUtils.yml
rename to src/main/resources/taint-configuration/injection/sink/android/sql-injection/DatabaseUtils.yml
diff --git a/src/main/resources/taint-specification-collection/injection/sink/android/sql-injection/README.adoc b/src/main/resources/taint-configuration/injection/sink/android/sql-injection/README.adoc
similarity index 100%
rename from src/main/resources/taint-specification-collection/injection/sink/android/sql-injection/README.adoc
rename to src/main/resources/taint-configuration/injection/sink/android/sql-injection/README.adoc
diff --git a/src/main/resources/taint-specification-collection/injection/sink/android/sql-injection/SQLiteDatabase.yml b/src/main/resources/taint-configuration/injection/sink/android/sql-injection/SQLiteDatabase.yml
similarity index 100%
rename from src/main/resources/taint-specification-collection/injection/sink/android/sql-injection/SQLiteDatabase.yml
rename to src/main/resources/taint-configuration/injection/sink/android/sql-injection/SQLiteDatabase.yml
diff --git a/src/main/resources/taint-specification-collection/injection/sink/android/sql-injection/SQLiteQueryBuilder.yml b/src/main/resources/taint-configuration/injection/sink/android/sql-injection/SQLiteQueryBuilder.yml
similarity index 100%
rename from src/main/resources/taint-specification-collection/injection/sink/android/sql-injection/SQLiteQueryBuilder.yml
rename to src/main/resources/taint-configuration/injection/sink/android/sql-injection/SQLiteQueryBuilder.yml
diff --git a/src/main/resources/taint-specification-collection/injection/sink/apache-Xalan/xpath-injection/README.adoc b/src/main/resources/taint-configuration/injection/sink/apache-Xalan/xpath-injection/README.adoc
similarity index 100%
rename from src/main/resources/taint-specification-collection/injection/sink/apache-Xalan/xpath-injection/README.adoc
rename to src/main/resources/taint-configuration/injection/sink/apache-Xalan/xpath-injection/README.adoc
diff --git a/src/main/resources/taint-specification-collection/injection/sink/apache-Xalan/xpath-injection/xpath.yml b/src/main/resources/taint-configuration/injection/sink/apache-Xalan/xpath-injection/xpath.yml
similarity index 100%
rename from src/main/resources/taint-specification-collection/injection/sink/apache-Xalan/xpath-injection/xpath.yml
rename to src/main/resources/taint-configuration/injection/sink/apache-Xalan/xpath-injection/xpath.yml
diff --git a/src/main/resources/taint-specification-collection/injection/sink/apache-log4j/log4j_1x/crlf/Category.yml b/src/main/resources/taint-configuration/injection/sink/apache-log4j/log4j_1x/crlf/Category.yml
similarity index 100%
rename from src/main/resources/taint-specification-collection/injection/sink/apache-log4j/log4j_1x/crlf/Category.yml
rename to src/main/resources/taint-configuration/injection/sink/apache-log4j/log4j_1x/crlf/Category.yml
diff --git a/src/main/resources/taint-specification-collection/injection/sink/apache-log4j/log4j_1x/crlf/Logger.yml b/src/main/resources/taint-configuration/injection/sink/apache-log4j/log4j_1x/crlf/Logger.yml
similarity index 100%
rename from src/main/resources/taint-specification-collection/injection/sink/apache-log4j/log4j_1x/crlf/Logger.yml
rename to src/main/resources/taint-configuration/injection/sink/apache-log4j/log4j_1x/crlf/Logger.yml
diff --git a/src/main/resources/taint-specification-collection/injection/sink/apache-log4j/log4j_1x/crlf/README.adoc b/src/main/resources/taint-configuration/injection/sink/apache-log4j/log4j_1x/crlf/README.adoc
similarity index 100%
rename from src/main/resources/taint-specification-collection/injection/sink/apache-log4j/log4j_1x/crlf/README.adoc
rename to src/main/resources/taint-configuration/injection/sink/apache-log4j/log4j_1x/crlf/README.adoc
diff --git a/src/main/resources/taint-specification-collection/injection/sink/apache-log4j/log4j_2/crlf/Logger.yml b/src/main/resources/taint-configuration/injection/sink/apache-log4j/log4j_2/crlf/Logger.yml
similarity index 100%
rename from src/main/resources/taint-specification-collection/injection/sink/apache-log4j/log4j_2/crlf/Logger.yml
rename to src/main/resources/taint-configuration/injection/sink/apache-log4j/log4j_2/crlf/Logger.yml
diff --git a/src/main/resources/taint-specification-collection/injection/sink/apache-log4j/log4j_2/crlf/README.adoc b/src/main/resources/taint-configuration/injection/sink/apache-log4j/log4j_2/crlf/README.adoc
similarity index 100%
rename from src/main/resources/taint-specification-collection/injection/sink/apache-log4j/log4j_2/crlf/README.adoc
rename to src/main/resources/taint-configuration/injection/sink/apache-log4j/log4j_2/crlf/README.adoc
diff --git a/src/main/resources/taint-specification-collection/injection/sink/apache-santuario-xml-security/xpath/RAEDME.adoc b/src/main/resources/taint-configuration/injection/sink/apache-santuario-xml-security/xpath/RAEDME.adoc
similarity index 100%
rename from src/main/resources/taint-specification-collection/injection/sink/apache-santuario-xml-security/xpath/RAEDME.adoc
rename to src/main/resources/taint-configuration/injection/sink/apache-santuario-xml-security/xpath/RAEDME.adoc
diff --git a/src/main/resources/taint-specification-collection/injection/sink/apache-santuario-xml-security/xpath/xpath.yml b/src/main/resources/taint-configuration/injection/sink/apache-santuario-xml-security/xpath/xpath.yml
similarity index 100%
rename from src/main/resources/taint-specification-collection/injection/sink/apache-santuario-xml-security/xpath/xpath.yml
rename to src/main/resources/taint-configuration/injection/sink/apache-santuario-xml-security/xpath/xpath.yml
diff --git a/src/main/resources/taint-specification-collection/injection/sink/apache-struts/file-disclosure/README.adoc b/src/main/resources/taint-configuration/injection/sink/apache-struts/file-disclosure/README.adoc
similarity index 100%
rename from src/main/resources/taint-specification-collection/injection/sink/apache-struts/file-disclosure/README.adoc
rename to src/main/resources/taint-configuration/injection/sink/apache-struts/file-disclosure/README.adoc
diff --git a/src/main/resources/taint-specification-collection/injection/sink/apache-struts/file-disclosure/struts-file-disclosure.yml b/src/main/resources/taint-configuration/injection/sink/apache-struts/file-disclosure/struts-file-disclosure.yml
similarity index 100%
rename from src/main/resources/taint-specification-collection/injection/sink/apache-struts/file-disclosure/struts-file-disclosure.yml
rename to src/main/resources/taint-configuration/injection/sink/apache-struts/file-disclosure/struts-file-disclosure.yml
diff --git a/src/main/resources/taint-specification-collection/injection/sink/apache-struts/ognl-injection/OgnlUtil.yml b/src/main/resources/taint-configuration/injection/sink/apache-struts/ognl-injection/OgnlUtil.yml
similarity index 100%
rename from src/main/resources/taint-specification-collection/injection/sink/apache-struts/ognl-injection/OgnlUtil.yml
rename to src/main/resources/taint-configuration/injection/sink/apache-struts/ognl-injection/OgnlUtil.yml
diff --git a/src/main/resources/taint-specification-collection/injection/sink/apache-struts/ognl-injection/README.adoc b/src/main/resources/taint-configuration/injection/sink/apache-struts/ognl-injection/README.adoc
similarity index 100%
rename from src/main/resources/taint-specification-collection/injection/sink/apache-struts/ognl-injection/README.adoc
rename to src/main/resources/taint-configuration/injection/sink/apache-struts/ognl-injection/README.adoc
diff --git a/src/main/resources/taint-specification-collection/injection/sink/apache-struts/ognl-injection/TextParseUtil.yml b/src/main/resources/taint-configuration/injection/sink/apache-struts/ognl-injection/TextParseUtil.yml
similarity index 100%
rename from src/main/resources/taint-specification-collection/injection/sink/apache-struts/ognl-injection/TextParseUtil.yml
rename to src/main/resources/taint-configuration/injection/sink/apache-struts/ognl-injection/TextParseUtil.yml
diff --git a/src/main/resources/taint-specification-collection/injection/sink/apache-struts/ognl-injection/reflection-relative.yml b/src/main/resources/taint-configuration/injection/sink/apache-struts/ognl-injection/reflection-relative.yml
similarity index 100%
rename from src/main/resources/taint-specification-collection/injection/sink/apache-struts/ognl-injection/reflection-relative.yml
rename to src/main/resources/taint-configuration/injection/sink/apache-struts/ognl-injection/reflection-relative.yml
diff --git a/src/main/resources/taint-specification-collection/injection/sink/apache-struts/other/other.yml b/src/main/resources/taint-configuration/injection/sink/apache-struts/other/other.yml
similarity index 100%
rename from src/main/resources/taint-specification-collection/injection/sink/apache-struts/other/other.yml
rename to src/main/resources/taint-configuration/injection/sink/apache-struts/other/other.yml
diff --git a/src/main/resources/taint-specification-collection/injection/sink/apache-turbine/sql-injection/README.adoc b/src/main/resources/taint-configuration/injection/sink/apache-turbine/sql-injection/README.adoc
similarity index 100%
rename from src/main/resources/taint-specification-collection/injection/sink/apache-turbine/sql-injection/README.adoc
rename to src/main/resources/taint-configuration/injection/sink/apache-turbine/sql-injection/README.adoc
diff --git a/src/main/resources/taint-specification-collection/injection/sink/apache-turbine/sql-injection/sql-turbine.yml b/src/main/resources/taint-configuration/injection/sink/apache-turbine/sql-injection/sql-turbine.yml
similarity index 100%
rename from src/main/resources/taint-specification-collection/injection/sink/apache-turbine/sql-injection/sql-turbine.yml
rename to src/main/resources/taint-configuration/injection/sink/apache-turbine/sql-injection/sql-turbine.yml
diff --git a/src/main/resources/taint-specification-collection/injection/sink/apahce-commons/beanutils2/attribute-injection/README.adoc b/src/main/resources/taint-configuration/injection/sink/apahce-commons/beanutils2/attribute-injection/README.adoc
similarity index 100%
rename from src/main/resources/taint-specification-collection/injection/sink/apahce-commons/beanutils2/attribute-injection/README.adoc
rename to src/main/resources/taint-configuration/injection/sink/apahce-commons/beanutils2/attribute-injection/README.adoc
diff --git a/src/main/resources/taint-specification-collection/injection/sink/apahce-commons/beanutils2/attribute-injection/beans.yml b/src/main/resources/taint-configuration/injection/sink/apahce-commons/beanutils2/attribute-injection/beans.yml
similarity index 100%
rename from src/main/resources/taint-specification-collection/injection/sink/apahce-commons/beanutils2/attribute-injection/beans.yml
rename to src/main/resources/taint-configuration/injection/sink/apahce-commons/beanutils2/attribute-injection/beans.yml
diff --git a/src/main/resources/taint-specification-collection/injection/sink/apahce-commons/logging/crlf/README.adoc b/src/main/resources/taint-configuration/injection/sink/apahce-commons/logging/crlf/README.adoc
similarity index 100%
rename from src/main/resources/taint-specification-collection/injection/sink/apahce-commons/logging/crlf/README.adoc
rename to src/main/resources/taint-configuration/injection/sink/apahce-commons/logging/crlf/README.adoc
diff --git a/src/main/resources/taint-specification-collection/injection/sink/apahce-commons/logging/crlf/crlf-logs.yml b/src/main/resources/taint-configuration/injection/sink/apahce-commons/logging/crlf/crlf-logs.yml
similarity index 100%
rename from src/main/resources/taint-specification-collection/injection/sink/apahce-commons/logging/crlf/crlf-logs.yml
rename to src/main/resources/taint-configuration/injection/sink/apahce-commons/logging/crlf/crlf-logs.yml
diff --git a/src/main/resources/taint-specification-collection/injection/sink/java/crlf/README.adoc b/src/main/resources/taint-configuration/injection/sink/java/crlf/README.adoc
similarity index 100%
rename from src/main/resources/taint-specification-collection/injection/sink/java/crlf/README.adoc
rename to src/main/resources/taint-configuration/injection/sink/java/crlf/README.adoc
diff --git a/src/main/resources/taint-specification-collection/injection/sink/java/crlf/crlf-logs.yml b/src/main/resources/taint-configuration/injection/sink/java/crlf/crlf-logs.yml
similarity index 100%
rename from src/main/resources/taint-specification-collection/injection/sink/java/crlf/crlf-logs.yml
rename to src/main/resources/taint-configuration/injection/sink/java/crlf/crlf-logs.yml
diff --git a/src/main/resources/taint-specification-collection/injection/sink/java/path-traversal/README.adoc b/src/main/resources/taint-configuration/injection/sink/java/path-traversal/README.adoc
similarity index 100%
rename from src/main/resources/taint-specification-collection/injection/sink/java/path-traversal/README.adoc
rename to src/main/resources/taint-configuration/injection/sink/java/path-traversal/README.adoc
diff --git a/src/main/resources/taint-specification-collection/injection/sink/java/path-traversal/path-traversal.yml b/src/main/resources/taint-configuration/injection/sink/java/path-traversal/path-traversal.yml
similarity index 100%
rename from src/main/resources/taint-specification-collection/injection/sink/java/path-traversal/path-traversal.yml
rename to src/main/resources/taint-configuration/injection/sink/java/path-traversal/path-traversal.yml
diff --git a/src/main/resources/taint-specification-collection/injection/sink/java/rce/README.adoc b/src/main/resources/taint-configuration/injection/sink/java/rce/README.adoc
similarity index 100%
rename from src/main/resources/taint-specification-collection/injection/sink/java/rce/README.adoc
rename to src/main/resources/taint-configuration/injection/sink/java/rce/README.adoc
diff --git a/src/main/resources/taint-specification-collection/injection/sink/java/rce/command.yml b/src/main/resources/taint-configuration/injection/sink/java/rce/command.yml
similarity index 100%
rename from src/main/resources/taint-specification-collection/injection/sink/java/rce/command.yml
rename to src/main/resources/taint-configuration/injection/sink/java/rce/command.yml
diff --git a/src/main/resources/taint-specification-collection/injection/sink/java/xpath-injection/README.adoc b/src/main/resources/taint-configuration/injection/sink/java/xpath-injection/README.adoc
similarity index 100%
rename from src/main/resources/taint-specification-collection/injection/sink/java/xpath-injection/README.adoc
rename to src/main/resources/taint-configuration/injection/sink/java/xpath-injection/README.adoc
diff --git a/src/main/resources/taint-specification-collection/injection/sink/java/xpath-injection/xpath.yml b/src/main/resources/taint-configuration/injection/sink/java/xpath-injection/xpath.yml
similarity index 100%
rename from src/main/resources/taint-specification-collection/injection/sink/java/xpath-injection/xpath.yml
rename to src/main/resources/taint-configuration/injection/sink/java/xpath-injection/xpath.yml
diff --git a/src/main/resources/taint-specification-collection/injection/sink/java/xss/README.adoc b/src/main/resources/taint-configuration/injection/sink/java/xss/README.adoc
similarity index 100%
rename from src/main/resources/taint-specification-collection/injection/sink/java/xss/README.adoc
rename to src/main/resources/taint-configuration/injection/sink/java/xss/README.adoc
diff --git a/src/main/resources/taint-specification-collection/injection/sink/java/xss/formatter.yml b/src/main/resources/taint-configuration/injection/sink/java/xss/formatter.yml
similarity index 100%
rename from src/main/resources/taint-specification-collection/injection/sink/java/xss/formatter.yml
rename to src/main/resources/taint-configuration/injection/sink/java/xss/formatter.yml
diff --git a/src/main/resources/taint-specification-collection/injection/sink/java/xss/output.yml b/src/main/resources/taint-configuration/injection/sink/java/xss/output.yml
similarity index 100%
rename from src/main/resources/taint-specification-collection/injection/sink/java/xss/output.yml
rename to src/main/resources/taint-configuration/injection/sink/java/xss/output.yml
diff --git a/src/main/resources/taint-specification-collection/injection/sink/javax/ldap-injection/README.adoc b/src/main/resources/taint-configuration/injection/sink/javax/ldap-injection/README.adoc
similarity index 100%
rename from src/main/resources/taint-specification-collection/injection/sink/javax/ldap-injection/README.adoc
rename to src/main/resources/taint-configuration/injection/sink/javax/ldap-injection/README.adoc
diff --git a/src/main/resources/taint-specification-collection/injection/sink/javax/ldap-injection/ldap.yml b/src/main/resources/taint-configuration/injection/sink/javax/ldap-injection/ldap.yml
similarity index 99%
rename from src/main/resources/taint-specification-collection/injection/sink/javax/ldap-injection/ldap.yml
rename to src/main/resources/taint-configuration/injection/sink/javax/ldap-injection/ldap.yml
index cc253f9a0..e9a9ca40c 100644
--- a/src/main/resources/taint-specification-collection/injection/sink/javax/ldap-injection/ldap.yml
+++ b/src/main/resources/taint-configuration/injection/sink/javax/ldap-injection/ldap.yml
@@ -49,6 +49,5 @@ sinks:
   - { method: "<com.sun.jndi.ldap.LdapCtx: javax.naming.NamingEnumeration search(java.lang.String,java.lang.String,javax.naming.directory.SearchControls)>", index: 2 }
   - { method: "<com.sun.jndi.ldap.LdapCtx: javax.naming.NamingEnumeration search(java.lang.String,java.lang.String,java.lang.Object[],javax.naming.directory.SearchControls)>", index: 2 }
   - { method: "<com.sun.jndi.ldap.LdapCtx: javax.naming.NamingEnumeration search(java.lang.String,java.lang.String,java.lang.Object[],javax.naming.directory.SearchControls)>", index: 3 }
-
-  - { method: "<com.unboundid.ldap.sdk.LDAPConnection: com.unboundid.ldap.sdk.SearchResult search(java.lang.String,com.unboundid.ldap.sdk.SearchScope,java.lang.String,java.lang.String[])>", index: 1 } # the size of para?
+  - { method: "<com.unboundid.ldap.sdk.LDAPConnection: com.unboundid.ldap.sdk.SearchResult search(java.lang.String,com.unboundid.ldap.sdk.SearchScope,java.lang.String,java.lang.String[])>", index: 1 } 
   - { method: "<com.unboundid.ldap.sdk.LDAPConnection: com.unboundid.ldap.sdk.SearchResult search(java.lang.String,com.unboundid.ldap.sdk.SearchScope,java.lang.String,java.lang.String[])>", index: 3 }
\ No newline at end of file
diff --git a/src/main/resources/taint-specification-collection/injection/sink/javax/other/el.yml b/src/main/resources/taint-configuration/injection/sink/javax/other/el.yml
similarity index 100%
rename from src/main/resources/taint-specification-collection/injection/sink/javax/other/el.yml
rename to src/main/resources/taint-configuration/injection/sink/javax/other/el.yml
diff --git a/src/main/resources/taint-specification-collection/injection/sink/javax/other/response-splitting.yml b/src/main/resources/taint-configuration/injection/sink/javax/other/response-splitting.yml
similarity index 100%
rename from src/main/resources/taint-specification-collection/injection/sink/javax/other/response-splitting.yml
rename to src/main/resources/taint-configuration/injection/sink/javax/other/response-splitting.yml
diff --git a/src/main/resources/taint-specification-collection/injection/sink/javax/other/script-engine.yml b/src/main/resources/taint-configuration/injection/sink/javax/other/script-engine.yml
similarity index 100%
rename from src/main/resources/taint-specification-collection/injection/sink/javax/other/script-engine.yml
rename to src/main/resources/taint-configuration/injection/sink/javax/other/script-engine.yml
diff --git a/src/main/resources/taint-specification-collection/injection/sink/javax/other/smtp.yml b/src/main/resources/taint-configuration/injection/sink/javax/other/smtp.yml
similarity index 100%
rename from src/main/resources/taint-specification-collection/injection/sink/javax/other/smtp.yml
rename to src/main/resources/taint-configuration/injection/sink/javax/other/smtp.yml
diff --git a/src/main/resources/taint-specification-collection/injection/sink/javax/other/trust-boundary-violation.yml b/src/main/resources/taint-configuration/injection/sink/javax/other/trust-boundary-violation.yml
similarity index 100%
rename from src/main/resources/taint-specification-collection/injection/sink/javax/other/trust-boundary-violation.yml
rename to src/main/resources/taint-configuration/injection/sink/javax/other/trust-boundary-violation.yml
diff --git a/src/main/resources/taint-specification-collection/injection/sink/javax/other/xslt.yml b/src/main/resources/taint-configuration/injection/sink/javax/other/xslt.yml
similarity index 100%
rename from src/main/resources/taint-specification-collection/injection/sink/javax/other/xslt.yml
rename to src/main/resources/taint-configuration/injection/sink/javax/other/xslt.yml
diff --git a/src/main/resources/taint-specification-collection/injection/sink/javax/xss/README.adoc b/src/main/resources/taint-configuration/injection/sink/javax/xss/README.adoc
similarity index 100%
rename from src/main/resources/taint-specification-collection/injection/sink/javax/xss/README.adoc
rename to src/main/resources/taint-configuration/injection/sink/javax/xss/README.adoc
diff --git a/src/main/resources/taint-specification-collection/injection/sink/javax/xss/output.yml b/src/main/resources/taint-configuration/injection/sink/javax/xss/output.yml
similarity index 100%
rename from src/main/resources/taint-specification-collection/injection/sink/javax/xss/output.yml
rename to src/main/resources/taint-configuration/injection/sink/javax/xss/output.yml
diff --git a/src/main/resources/taint-specification-collection/injection/sink/javax/xss/request-dispatcher.yml b/src/main/resources/taint-configuration/injection/sink/javax/xss/request-dispatcher.yml
similarity index 100%
rename from src/main/resources/taint-specification-collection/injection/sink/javax/xss/request-dispatcher.yml
rename to src/main/resources/taint-configuration/injection/sink/javax/xss/request-dispatcher.yml
diff --git a/src/main/resources/taint-specification-collection/injection/sink/slf4j/crlf/README.adoc b/src/main/resources/taint-configuration/injection/sink/slf4j/crlf/README.adoc
similarity index 100%
rename from src/main/resources/taint-specification-collection/injection/sink/slf4j/crlf/README.adoc
rename to src/main/resources/taint-configuration/injection/sink/slf4j/crlf/README.adoc
diff --git a/src/main/resources/taint-specification-collection/injection/sink/slf4j/crlf/crlf-logs.yml b/src/main/resources/taint-configuration/injection/sink/slf4j/crlf/crlf-logs.yml
similarity index 100%
rename from src/main/resources/taint-specification-collection/injection/sink/slf4j/crlf/crlf-logs.yml
rename to src/main/resources/taint-configuration/injection/sink/slf4j/crlf/crlf-logs.yml
diff --git a/src/main/resources/taint-specification-collection/injection/sink/spring-framework/beans/README.adoc b/src/main/resources/taint-configuration/injection/sink/spring-framework/beans/README.adoc
similarity index 100%
rename from src/main/resources/taint-specification-collection/injection/sink/spring-framework/beans/README.adoc
rename to src/main/resources/taint-configuration/injection/sink/spring-framework/beans/README.adoc
diff --git a/src/main/resources/taint-specification-collection/injection/sink/spring-framework/beans/beans.yml b/src/main/resources/taint-configuration/injection/sink/spring-framework/beans/beans.yml
similarity index 100%
rename from src/main/resources/taint-specification-collection/injection/sink/spring-framework/beans/beans.yml
rename to src/main/resources/taint-configuration/injection/sink/spring-framework/beans/beans.yml
diff --git a/src/main/resources/taint-specification-collection/injection/sink/spring-framework/file-disclosure/README.adoc b/src/main/resources/taint-configuration/injection/sink/spring-framework/file-disclosure/README.adoc
similarity index 100%
rename from src/main/resources/taint-specification-collection/injection/sink/spring-framework/file-disclosure/README.adoc
rename to src/main/resources/taint-configuration/injection/sink/spring-framework/file-disclosure/README.adoc
diff --git a/src/main/resources/taint-specification-collection/injection/sink/spring-framework/file-disclosure/spring-file-disclosure.yml b/src/main/resources/taint-configuration/injection/sink/spring-framework/file-disclosure/spring-file-disclosure.yml
similarity index 100%
rename from src/main/resources/taint-specification-collection/injection/sink/spring-framework/file-disclosure/spring-file-disclosure.yml
rename to src/main/resources/taint-configuration/injection/sink/spring-framework/file-disclosure/spring-file-disclosure.yml
diff --git a/src/main/resources/taint-specification-collection/injection/sink/spring-framework/ldap-injection/README.adoc b/src/main/resources/taint-configuration/injection/sink/spring-framework/ldap-injection/README.adoc
similarity index 100%
rename from src/main/resources/taint-specification-collection/injection/sink/spring-framework/ldap-injection/README.adoc
rename to src/main/resources/taint-configuration/injection/sink/spring-framework/ldap-injection/README.adoc
diff --git a/src/main/resources/taint-specification-collection/injection/sink/spring-framework/ldap-injection/ldap.yml b/src/main/resources/taint-configuration/injection/sink/spring-framework/ldap-injection/ldap.yml
similarity index 100%
rename from src/main/resources/taint-specification-collection/injection/sink/spring-framework/ldap-injection/ldap.yml
rename to src/main/resources/taint-configuration/injection/sink/spring-framework/ldap-injection/ldap.yml
diff --git a/src/main/resources/taint-specification-collection/injection/sink/spring-framework/spel-inejction/README.adoc b/src/main/resources/taint-configuration/injection/sink/spring-framework/spel-inejction/README.adoc
similarity index 100%
rename from src/main/resources/taint-specification-collection/injection/sink/spring-framework/spel-inejction/README.adoc
rename to src/main/resources/taint-configuration/injection/sink/spring-framework/spel-inejction/README.adoc
diff --git a/src/main/resources/taint-specification-collection/injection/sink/spring-framework/spel-inejction/spring-expression.yml b/src/main/resources/taint-configuration/injection/sink/spring-framework/spel-inejction/spring-expression.yml
similarity index 67%
rename from src/main/resources/taint-specification-collection/injection/sink/spring-framework/spel-inejction/spring-expression.yml
rename to src/main/resources/taint-configuration/injection/sink/spring-framework/spel-inejction/spring-expression.yml
index 817146382..24b0c466d 100644
--- a/src/main/resources/taint-specification-collection/injection/sink/spring-framework/spel-inejction/spring-expression.yml
+++ b/src/main/resources/taint-configuration/injection/sink/spring-framework/spel-inejction/spring-expression.yml
@@ -1,10 +1,6 @@
 sinks:
-  # interface
-  # - { method: "<org.springframework.expression.ExpressionParser: org.springframework.expression.Expression parseExpression(java.lang.String)>", index: 0 }
   - { method: "<org.springframework.expression.spel.standard.SpelExpressionParser: org.springframework.expression.Expression parseExpression(java.lang.String)>", index: 0 }
   - { method: "<org.springframework.expression.common.TemplateAwareExpressionParser: org.springframework.expression.Expression parseExpression(java.lang.String)>", index: 0 }
 
-  # interface
-  # - { method: "<org.springframework.expression.ExpressionParser: org.springframework.expression.Expression parseExpression(java.lang.String,org.springframework.expression.ParserContext)>", index: 1 }
   - { method: "<org.springframework.expression.spel.standard.SpelExpressionParser: org.springframework.expression.Expression parseExpression(java.lang.String,org.springframework.expression.ParserContext)>", index: 1 }
   - { method: "<org.springframework.expression.common.TemplateAwareExpressionParser: org.springframework.expression.Expression parseExpression(java.lang.String,org.springframework.expression.ParserContext)>", index: 1 }
diff --git a/src/main/resources/taint-specification-collection/injection/sink/spring-framework/sql-injection/README.adoc b/src/main/resources/taint-configuration/injection/sink/spring-framework/sql-injection/README.adoc
similarity index 100%
rename from src/main/resources/taint-specification-collection/injection/sink/spring-framework/sql-injection/README.adoc
rename to src/main/resources/taint-configuration/injection/sink/spring-framework/sql-injection/README.adoc
diff --git a/src/main/resources/taint-specification-collection/injection/sink/spring-framework/sql-injection/sql-spring.yml b/src/main/resources/taint-configuration/injection/sink/spring-framework/sql-injection/sql-spring.yml
similarity index 100%
rename from src/main/resources/taint-specification-collection/injection/sink/spring-framework/sql-injection/sql-spring.yml
rename to src/main/resources/taint-configuration/injection/sink/spring-framework/sql-injection/sql-spring.yml
diff --git a/src/main/resources/taint-specification-collection/injection/sink/tinylog/crlf/README.adoc b/src/main/resources/taint-configuration/injection/sink/tinylog/crlf/README.adoc
similarity index 100%
rename from src/main/resources/taint-specification-collection/injection/sink/tinylog/crlf/README.adoc
rename to src/main/resources/taint-configuration/injection/sink/tinylog/crlf/README.adoc
diff --git a/src/main/resources/taint-specification-collection/injection/sink/tinylog/crlf/crlf-logs.yml b/src/main/resources/taint-configuration/injection/sink/tinylog/crlf/crlf-logs.yml
similarity index 100%
rename from src/main/resources/taint-specification-collection/injection/sink/tinylog/crlf/crlf-logs.yml
rename to src/main/resources/taint-configuration/injection/sink/tinylog/crlf/crlf-logs.yml
diff --git a/src/main/resources/taint-specification-collection/injection/source/apache-struts2/README.adoc b/src/main/resources/taint-configuration/injection/source/apache-struts2/README.adoc
similarity index 100%
rename from src/main/resources/taint-specification-collection/injection/source/apache-struts2/README.adoc
rename to src/main/resources/taint-configuration/injection/source/apache-struts2/README.adoc
diff --git a/src/main/resources/taint-specification-collection/injection/source/apache-struts2/struts2.yml b/src/main/resources/taint-configuration/injection/source/apache-struts2/struts2.yml
similarity index 100%
rename from src/main/resources/taint-specification-collection/injection/source/apache-struts2/struts2.yml
rename to src/main/resources/taint-configuration/injection/source/apache-struts2/struts2.yml
diff --git a/src/main/resources/taint-specification-collection/injection/source/apache-wicket/README.adoc b/src/main/resources/taint-configuration/injection/source/apache-wicket/README.adoc
similarity index 100%
rename from src/main/resources/taint-specification-collection/injection/source/apache-wicket/README.adoc
rename to src/main/resources/taint-configuration/injection/source/apache-wicket/README.adoc
diff --git a/src/main/resources/taint-specification-collection/injection/source/apache-wicket/wicket.yml b/src/main/resources/taint-configuration/injection/source/apache-wicket/wicket.yml
similarity index 100%
rename from src/main/resources/taint-specification-collection/injection/source/apache-wicket/wicket.yml
rename to src/main/resources/taint-configuration/injection/source/apache-wicket/wicket.yml
diff --git a/src/main/resources/taint-specification-collection/injection/source/dropwizard/README.adoc b/src/main/resources/taint-configuration/injection/source/dropwizard/README.adoc
similarity index 100%
rename from src/main/resources/taint-specification-collection/injection/source/dropwizard/README.adoc
rename to src/main/resources/taint-configuration/injection/source/dropwizard/README.adoc
diff --git a/src/main/resources/taint-specification-collection/injection/source/dropwizard/dropwizard-jersey/dropwizard-jersey.yml b/src/main/resources/taint-configuration/injection/source/dropwizard/dropwizard-jersey/dropwizard-jersey.yml
similarity index 100%
rename from src/main/resources/taint-specification-collection/injection/source/dropwizard/dropwizard-jersey/dropwizard-jersey.yml
rename to src/main/resources/taint-configuration/injection/source/dropwizard/dropwizard-jersey/dropwizard-jersey.yml
diff --git a/src/main/resources/taint-specification-collection/injection/source/dropwizard/dropwizard-servlets/dropwizard-servlet.yml b/src/main/resources/taint-configuration/injection/source/dropwizard/dropwizard-servlets/dropwizard-servlet.yml
similarity index 100%
rename from src/main/resources/taint-specification-collection/injection/source/dropwizard/dropwizard-servlets/dropwizard-servlet.yml
rename to src/main/resources/taint-configuration/injection/source/dropwizard/dropwizard-servlets/dropwizard-servlet.yml
diff --git a/src/main/resources/taint-specification-collection/injection/source/java/README.adoc b/src/main/resources/taint-configuration/injection/source/java/README.adoc
similarity index 100%
rename from src/main/resources/taint-specification-collection/injection/source/java/README.adoc
rename to src/main/resources/taint-configuration/injection/source/java/README.adoc
diff --git a/src/main/resources/taint-specification-collection/injection/source/java/java-awt.yml b/src/main/resources/taint-configuration/injection/source/java/java-awt.yml
similarity index 100%
rename from src/main/resources/taint-specification-collection/injection/source/java/java-awt.yml
rename to src/main/resources/taint-configuration/injection/source/java/java-awt.yml
diff --git a/src/main/resources/taint-specification-collection/injection/source/java/java-io.yml b/src/main/resources/taint-configuration/injection/source/java/java-io.yml
similarity index 100%
rename from src/main/resources/taint-specification-collection/injection/source/java/java-io.yml
rename to src/main/resources/taint-configuration/injection/source/java/java-io.yml
diff --git a/src/main/resources/taint-specification-collection/injection/source/java/java-net.yml b/src/main/resources/taint-configuration/injection/source/java/java-net.yml
similarity index 100%
rename from src/main/resources/taint-specification-collection/injection/source/java/java-net.yml
rename to src/main/resources/taint-configuration/injection/source/java/java-net.yml
diff --git a/src/main/resources/taint-specification-collection/injection/source/java/java-util-Scanner.yml b/src/main/resources/taint-configuration/injection/source/java/java-util-Scanner.yml
similarity index 100%
rename from src/main/resources/taint-specification-collection/injection/source/java/java-util-Scanner.yml
rename to src/main/resources/taint-configuration/injection/source/java/java-util-Scanner.yml
diff --git a/src/main/resources/taint-specification-collection/injection/source/javax/README.adoc b/src/main/resources/taint-configuration/injection/source/javax/README.adoc
similarity index 100%
rename from src/main/resources/taint-specification-collection/injection/source/javax/README.adoc
rename to src/main/resources/taint-configuration/injection/source/javax/README.adoc
diff --git a/src/main/resources/taint-specification-collection/injection/source/javax/javax-portlet/PortletRequest.yml b/src/main/resources/taint-configuration/injection/source/javax/javax-portlet/PortletRequest.yml
similarity index 100%
rename from src/main/resources/taint-specification-collection/injection/source/javax/javax-portlet/PortletRequest.yml
rename to src/main/resources/taint-configuration/injection/source/javax/javax-portlet/PortletRequest.yml
diff --git a/src/main/resources/taint-specification-collection/injection/source/javax/javax-portlet/portlet-other.yml b/src/main/resources/taint-configuration/injection/source/javax/javax-portlet/portlet-other.yml
similarity index 100%
rename from src/main/resources/taint-specification-collection/injection/source/javax/javax-portlet/portlet-other.yml
rename to src/main/resources/taint-configuration/injection/source/javax/javax-portlet/portlet-other.yml
diff --git a/src/main/resources/taint-specification-collection/injection/source/javax/javax-servlet/Cookie.yml b/src/main/resources/taint-configuration/injection/source/javax/javax-servlet/Cookie.yml
similarity index 100%
rename from src/main/resources/taint-specification-collection/injection/source/javax/javax-servlet/Cookie.yml
rename to src/main/resources/taint-configuration/injection/source/javax/javax-servlet/Cookie.yml
diff --git a/src/main/resources/taint-specification-collection/injection/source/javax/javax-servlet/HttpServletRequestWrapper.yml b/src/main/resources/taint-configuration/injection/source/javax/javax-servlet/HttpServletRequestWrapper.yml
similarity index 100%
rename from src/main/resources/taint-specification-collection/injection/source/javax/javax-servlet/HttpServletRequestWrapper.yml
rename to src/main/resources/taint-configuration/injection/source/javax/javax-servlet/HttpServletRequestWrapper.yml
diff --git a/src/main/resources/taint-specification-collection/injection/source/javax/javax-servlet/ServletRequestWrapper.yml b/src/main/resources/taint-configuration/injection/source/javax/javax-servlet/ServletRequestWrapper.yml
similarity index 100%
rename from src/main/resources/taint-specification-collection/injection/source/javax/javax-servlet/ServletRequestWrapper.yml
rename to src/main/resources/taint-configuration/injection/source/javax/javax-servlet/ServletRequestWrapper.yml
diff --git a/src/main/resources/taint-specification-collection/injection/source/javax/javax-swing/swing.yml b/src/main/resources/taint-configuration/injection/source/javax/javax-swing/swing.yml
similarity index 100%
rename from src/main/resources/taint-specification-collection/injection/source/javax/javax-swing/swing.yml
rename to src/main/resources/taint-configuration/injection/source/javax/javax-swing/swing.yml
diff --git a/src/main/resources/taint-specification-collection/injection/source/jetty/README.adoc b/src/main/resources/taint-configuration/injection/source/jetty/README.adoc
similarity index 100%
rename from src/main/resources/taint-specification-collection/injection/source/jetty/README.adoc
rename to src/main/resources/taint-configuration/injection/source/jetty/README.adoc
diff --git a/src/main/resources/taint-specification-collection/injection/source/jetty/jetty-http/jetty-http.yml b/src/main/resources/taint-configuration/injection/source/jetty/jetty-http/jetty-http.yml
similarity index 100%
rename from src/main/resources/taint-specification-collection/injection/source/jetty/jetty-http/jetty-http.yml
rename to src/main/resources/taint-configuration/injection/source/jetty/jetty-http/jetty-http.yml
diff --git a/src/main/resources/taint-specification-collection/injection/source/jetty/jetty-server/jetty-server.yml b/src/main/resources/taint-configuration/injection/source/jetty/jetty-server/jetty-server.yml
similarity index 100%
rename from src/main/resources/taint-specification-collection/injection/source/jetty/jetty-server/jetty-server.yml
rename to src/main/resources/taint-configuration/injection/source/jetty/jetty-server/jetty-server.yml
diff --git a/src/main/resources/taint-specification-collection/injection/source/jetty/jetty-session/jetty-session.yml b/src/main/resources/taint-configuration/injection/source/jetty/jetty-session/jetty-session.yml
similarity index 100%
rename from src/main/resources/taint-specification-collection/injection/source/jetty/jetty-session/jetty-session.yml
rename to src/main/resources/taint-configuration/injection/source/jetty/jetty-session/jetty-session.yml
diff --git a/src/main/resources/taint-specification-collection/injection/source/sonarqube/README.adoc b/src/main/resources/taint-configuration/injection/source/sonarqube/README.adoc
similarity index 100%
rename from src/main/resources/taint-specification-collection/injection/source/sonarqube/README.adoc
rename to src/main/resources/taint-configuration/injection/source/sonarqube/README.adoc
diff --git a/src/main/resources/taint-specification-collection/injection/source/sonarqube/sonarqube-ws/sonarqube-ws.yml b/src/main/resources/taint-configuration/injection/source/sonarqube/sonarqube-ws/sonarqube-ws.yml
similarity index 51%
rename from src/main/resources/taint-specification-collection/injection/source/sonarqube/sonarqube-ws/sonarqube-ws.yml
rename to src/main/resources/taint-configuration/injection/source/sonarqube/sonarqube-ws/sonarqube-ws.yml
index e799a6da9..865a3f823 100644
--- a/src/main/resources/taint-specification-collection/injection/source/sonarqube/sonarqube-ws/sonarqube-ws.yml
+++ b/src/main/resources/taint-configuration/injection/source/sonarqube/sonarqube-ws/sonarqube-ws.yml
@@ -1,22 +1,11 @@
 sources:
-  # interface
-  # - { kind: call, method: "<org.sonarqube.ws.client.Parameters: java.lang.String getValue(java.lang.String)>", index: result, type: "java.lang.String" }
-  # - { kind: call, method: "<org.sonarqube.ws.client.Parameters: java.util.List getValues(java.lang.String)>", index: result, type: "java.util.List" }
-  # - { kind: call, method: "<org.sonarqube.ws.client.Parameters: java.util.Set getKeys()>", index: result, type: "java.util.Set" }
   - { kind: call, method: "<org.sonarqube.ws.client.BaseRequest$DefaultParameters: java.lang.String getValue(java.lang.String)>", index: result, type: "java.lang.String" }
   - { kind: call, method: "<org.sonarqube.ws.client.BaseRequest$DefaultParameters: java.util.List getValues(java.lang.String)>", index: result, type: "java.util.List" }
   - { kind: call, method: "<org.sonarqube.ws.client.BaseRequest$DefaultParameters: java.util.Set getKeys()>", index: result, type: "java.util.Set" }
   
-  # interface
-  # - { kind: call, method: "<org.sonarqube.ws.client.Headers: java.util.Optional getValue(java.lang.String)>", index: result, type: "java.util.Optional" }
-  # - { kind: call, method: "<org.sonarqube.ws.client.Headers: java.util.Set getNames()>", index: result, type: "java.util.Set" }
   - { kind: call, method: "<org.sonarqube.ws.client.BaseRequest$DefaultHeaders: java.util.Optional getValue(java.lang.String)>", index: result, type: "java.util.Optional" }
   - { kind: call, method: "<org.sonarqube.ws.client.BaseRequest$DefaultHeaders: java.util.Set getNames()>", index: result, type: "java.util.Set" }
 
-  # interface
-  # - { kind: call, method: "<org.sonarqube.ws.client.WsRequest: java.lang.String getPath()>", index: result, type: "java.lang.String" }
-  # - { kind: call, method: "<org.sonarqube.ws.client.WsRequest: java.lang.String getMediaType()>", index: result, type: "java.lang.String" }
-  # - { kind: call, method: "<org.sonarqube.ws.client.WsRequest: java.util.Map getParams()>", index: result, type: "java.util.Map" }
   - { kind: call, method: "<org.sonarqube.ws.client.BaseRequest: java.lang.String getPath()>", index: result, type: "java.lang.String" }
   - { kind: call, method: "<org.sonarqube.ws.client.BaseRequest: java.lang.String getMediaType()>", index: result, type: "java.lang.String" }
   - { kind: call, method: "<org.sonarqube.ws.client.BaseRequest: java.util.Map getParams()>", index: result, type: "java.util.Map" }
diff --git a/src/main/resources/taint-specification-collection/transfer/string-transfers.yml b/src/main/resources/taint-configuration/transfer/string-transfers.yml
similarity index 100%
rename from src/main/resources/taint-specification-collection/transfer/string-transfers.yml
rename to src/main/resources/taint-configuration/transfer/string-transfers.yml
diff --git a/src/main/resources/taint-specification-collection/README.adoc b/src/main/resources/taint-specification-collection/README.adoc
deleted file mode 100644
index a8ddaa8c2..000000000
--- a/src/main/resources/taint-specification-collection/README.adoc
+++ /dev/null
@@ -1,116 +0,0 @@
-= Taint Specification Collection
-
-
-== 目录
-
-* <<#什么是 Taint Specification Collection?, 什么是 Taint Specification Collection?>>
-* <<#如何使用 Taint Specification Collection?, 如何使用 Taint Specification Collection?>>
-* <<#项目结构, 项目结构>>
-* <<#示例, 示例>>
-
-
-== 什么是 Taint Specification Collection?
-
-`Taint Specification Collection` 是专为静态分析工具 `Tai-e` 中的污点分析提供的配置文件集合，旨在为常见漏洞的安全分析提供支持。该集合涵盖了多种常见漏洞类型的污点规范，具体包括 `source`、`sink` 和 `transfer`。为了方便用户查询和选择，污点规范根据软件包和相关漏洞类型进行了结构化分类，从而为污点分析提供了全面的配置方案。当前，该集合包含 406 条 `source` 配置、995 条 `sink` 配置和 138 条 `transfer` 配置，用户可以根据不同需求灵活使用和扩展。
-
-
-== 如何使用 Taint Specification Collection?
-
-`Taint Specification Collection` 中配置文件使用 `YAML` 格式（文件扩展名为 `.yaml` 或 `.yml`），便于用户阅读和编辑。用户可以直接将集合中的配置文件集成到 `Tai-e` 污点分析工具的 `taint-config.yml` 配置中，或者根据实际需求对其进行修改和扩展，从而更好地满足特定的分析需求。
-
-
-[NOTE]
-====
-* 有关如何正确配置 `Tai-e` 污点分析，请参考 link:https://tai-e.pascal-lab.net/docs/0.2.2/reference/en/taint-analysis.html#configuring-taint-analysis[Configuring Taint Analysis]。
-
-* 项目中注释的配置表示接口方法。实际使用时，请根据 `Tai-e` 污点分析配置的格式，手动填写对应实现方法的配置信息。
-====
-
-
-== 项目结构
-
-本项目的文件组织结构如下：
-
-[source]
-----
-taint-specification-collection
-|
-├─ infoleak     
-│   ├─ sink                 contains 141 sinks
-│   │   └─ java-io
-|   |
-│   └─ source               contains 158 sources
-│   |   └─ java
-|
-├─ injection                contains 854 sinks
-│   ├─ sink
-│   │   ├─ android
-│   │   │   └─ sql-injection
-│   |   |
-│   │   ├─ java
-│   │   │   ├─ crlf
-│   │   │   ├─ path-traversal
-│   │   │   ├─ rce
-│   │   │   └─ ...
-|   |   |
-│   │   └─ ...
-|   |
-│   └─ source               contains 248 sources
-│   |   ├─ apache-struts2
-|   |   |
-│   |   ├─ javax
-|   |   |   ├─ javax-portlet
-|   |   |   ├─ javax-servlet
-|   |   |   └─ javax-swing
-|   |   |
-│   |   └─ ...    
-|
-└─transfer                  contains 138 transfers about String
-----
-
-该项目首先对配置文件进行了分类，分为三个一级类别：`infoleak`、`injection` 和 `transfer`。
-
-* `infoleak` 类别：包含与信息泄露漏洞相关的配置，进一步细分为两个二级目录：
-  ** `source`：按软件包名进行分类。
-  ** `sink`：按软件包名进行分类。
-* `injection` 类别：包含与注入漏洞相关的配置，同样细分为两个二级目录：
-  ** `source`：按软件包名进行分类。
-  ** `sink`：根据漏洞类型进行分类。
-* `transfer` 类别：包含常用的 `transfer` 配置。
-
-由于 `source` 和 `sink` 的配置内容较多，为了帮助用户快速定位所需配置，我们采用了这种分类方式。除此以外，每个文件的叶子目录下还包含相应配置的 `README` 文件，供用户参考。
-
-
-
-== 示例
-
-以下是如何使用本集合配置文件的示例。假设用户需要查找与 `RCE(Remote Code Execution，CWE-94)` 类型注入漏洞相关的配置，针对使用 `Jetty` 软件库的待测试程序，可以按以下步骤修改 `taint-config.yml` 配置文件：
-
-1. 将 `taint-specification-collection/injection/source/jetty/jetty-http/jetty-http.yml` 文件中的 *Jetty 软件库* 相关的 `source` 配置添加到 `taint-config.yml`。
-2. 将 `taint-specification-collection/injection/sink/java/rce/command.yml` 文件中的 *RCE 类型注入漏洞* 相关的 `sink` 配置添加到 `taint-config.yml`。
-3. 将 `taint-specification-collection/transfer/string-transfers.yml` 文件中的关于 *String 类型* 的 `transfer` 配置添加到 `taint-config.yml`。
-
-示例 `taint-config.yml` 配置如下：
-
-```YAML
-source:
-  - { kind: call, method: "<org.eclipse.jetty.http.HttpCookie: java.lang.String getName()>", index: result, type: "java.lang.String" }
-  - { kind: call, method: "<org.eclipse.jetty.http.HttpCookie: java.lang.String getValue()>", index: result, type: "java.lang.String" }
-  - { kind: call, method: "<org.eclipse.jetty.http.HttpCookie: java.lang.String asString()>", index: result, type: "java.lang.String" }
-#...
-
-sinks:
-  - { method: "<java.lang.Runtime: java.lang.Process exec(java.lang.String)>", index: 0 }
-  - { method: "<java.lang.Runtime: java.lang.Process exec(java.lang.String[])>", index: 0 }
-  - { method: "<java.lang.Runtime: java.lang.Process exec(java.lang.String, java.lang.String[])>", index: 0 }
-#...
-
-transfer:
-  - { method: "<java.lang.String: java.lang.String substring(int)>", from: base, to: result }
-  - { method: "<java.lang.String: java.lang.String substring(int,int)>", from: base, to: result }
-#...
-```
-
-完成以上配置后，用户就可以使用 `Tai-e` 工具对待测试程序进行污点分析，以检测 `Jetty` 软件库作为入口导致的 `RCE` 类型漏洞。(＾▽＾)
-
-
diff --git a/src/main/resources/taint-specification-collection/infoleak/infoleak.yml b/src/main/resources/taint-specification-collection/infoleak/infoleak.yml
deleted file mode 100644
index 9f20e31ec..000000000
--- a/src/main/resources/taint-specification-collection/infoleak/infoleak.yml
+++ /dev/null
@@ -1,5 +0,0 @@
-- bugType: io_leak
-  severity: CRITICAL
-  description: Find potential io_leak
-  configPath: src/main/resources/security/taint/infoleak/config/sink/io.yml
-
diff --git a/src/main/resources/taint-specification-collection/injection/sink/java/sql-injection/sql-jdbc.yml b/src/main/resources/taint-specification-collection/injection/sink/java/sql-injection/sql-jdbc.yml
deleted file mode 100644
index a3ac57d77..000000000
--- a/src/main/resources/taint-specification-collection/injection/sink/java/sql-injection/sql-jdbc.yml
+++ /dev/null
@@ -1,13 +0,0 @@
-sinks:
-  # interface
-  # - { method: "<java.sql.PreparedStatement: void addBatch(java.lang.String)>", index: 0 }
-  # - { method: "<java.sql.Connection: java.sql.CallableStatement prepareCall(java.lang.String)>", index: 0 }
-  # - { method: "<java.sql.Connection: java.sql.CallableStatement prepareCall(java.lang.String,int,int)>", index: 2 }
-  # - { method: "<java.sql.Connection: java.sql.CallableStatement prepareCall(java.lang.String,int,int,int)>", index: 3 }
-  # - { method: "<java.sql.Connection: java.sql.PreparedStatement prepareStatement(java.lang.String)>", index: 0 }
-  # - { method: "<java.sql.Connection: java.sql.PreparedStatement prepareStatement(java.lang.String,int)>", index: 1 }
-  # - { method: "<java.sql.Connection: java.sql.PreparedStatement prepareStatement(java.lang.String,int,int)>", index: 2 }
-  # - { method: "<java.sql.Connection: java.sql.PreparedStatement prepareStatement(java.lang.String,int,int,int)>", index: 3 }
-  # - { method: "<java.sql.Connection: java.sql.PreparedStatement prepareStatement(java.lang.String,int[])>", index: 1 }
-  # - { method: "<java.sql.Connection: java.sql.PreparedStatement prepareStatement(java.lang.String,java.lang.String[])>", index: 1 }
-  # - { method: "<java.sql.Connection: java.lang.String nativeSQL(java.lang.String)>", index: 0 }
diff --git a/src/main/resources/taint-specification-collection/injection/sink/javax/sql-injection/README.adoc b/src/main/resources/taint-specification-collection/injection/sink/javax/sql-injection/README.adoc
deleted file mode 100644
index 1c57cea19..000000000
--- a/src/main/resources/taint-specification-collection/injection/sink/javax/sql-injection/README.adoc
+++ /dev/null
@@ -1,10 +0,0 @@
-= Description
-
-- **Overview**: 
-    The APIs in this directory provide multiple ways to execute SQL queries and return results. These methods are used to interact with databases by executing SQL queries to retrieve data.
-
-- **Common Use Cases**:
-    These APIs are commonly used for handling user-input data queries and executing SQL statements. Users typically have some level of control over the parameters.
-
-- **Security Risks**:
-    SQL Injection: Attackers can exploit these APIs by crafting malicious input to inject SQL commands, allowing them to manipulate the database.
diff --git a/src/main/resources/taint-specification-collection/injection/sink/javax/sql-injection/sql-jdo.yml b/src/main/resources/taint-specification-collection/injection/sink/javax/sql-injection/sql-jdo.yml
deleted file mode 100644
index 5e540666d..000000000
--- a/src/main/resources/taint-specification-collection/injection/sink/javax/sql-injection/sql-jdo.yml
+++ /dev/null
@@ -1,10 +0,0 @@
-sinks:
-  # interface
-  # - { method: "<javax.jdo.PersistenceManager: javax.jdo.Query newQuery(java.lang.String)>", index: 0 }
-  # - { method: "<javax.jdo.PersistenceManager: javax.jdo.Query newQuery(java.lang.String,java.lang.Object)>", index: 0 }
-  # - { method: "<javax.jdo.PersistenceManager: javax.jdo.Query newQuery(java.lang.Class,java.util.Collection,java.lang.String)>", index: 0 }
-  # - { method: "<javax.jdo.PersistenceManager: javax.jdo.Query newQuery(java.lang.Class,java.lang.String)>", index: 0 }
-  # - { method: "<javax.jdo.PersistenceManager: javax.jdo.Query newQuery(javax.jdo.Extent,java.lang.String)>", index: 0 }
-
-  # - { method: "<javax.jdo.Query: void setFilter(java.lang.String)>", index: 0 }
-  # - { method: "<javax.jdo.Query: void setGrouping(java.lang.String)>", index: 0 }
diff --git a/src/main/resources/taint-specification-collection/injection/sink/javax/sql-injection/sql-jpa.yml b/src/main/resources/taint-specification-collection/injection/sink/javax/sql-injection/sql-jpa.yml
deleted file mode 100644
index c5ff4e8b2..000000000
--- a/src/main/resources/taint-specification-collection/injection/sink/javax/sql-injection/sql-jpa.yml
+++ /dev/null
@@ -1,7 +0,0 @@
-sinks:
-  # interface
-  # - { method: "<javax.persistence.EntityManager: javax.persistence.Query createQuery(java.lang.String)>", index: 0 }
-  # - { method: "<javax.persistence.EntityManager: javax.persistence.TypedQuery createQuery(java.lang.String,java.lang.Class)>", index: 1 }
-  # - { method: "<javax.persistence.EntityManager: javax.persistence.Query createNativeQuery(java.lang.String)>", index: 0 }
-  # - { method: "<javax.persistence.EntityManager: javax.persistence.Query createNativeQuery(java.lang.String,java.lang.String)>", index: 1 }
-  # - { method: "<javax.persistence.EntityManager: javax.persistence.Query createNativeQuery(java.lang.String,java.lang.Class)>", index: 1 }
diff --git a/src/main/resources/taint-specification-collection/injection/sink/javax/xpath-injection/README.adoc b/src/main/resources/taint-specification-collection/injection/sink/javax/xpath-injection/README.adoc
deleted file mode 100644
index ddcfce661..000000000
--- a/src/main/resources/taint-specification-collection/injection/sink/javax/xpath-injection/README.adoc
+++ /dev/null
@@ -1,10 +0,0 @@
-= Description
-
-- **Overview**: 
-    Java EE provides a set of methods for evaluating XPath expressions and selecting nodes within XML documents. These methods enable developers to easily locate, filter, and process specific nodes and data within XML documents.
-
-- **Common Use Cases**:
-    These APIs are commonly used to parse and execute XPath expressions, returning corresponding results based on the content of XML documents.
-
-- **Security Risks**:
-    XPath Injection: Similar to SQL injection attacks, attackers can craft malicious XPath expressions to reveal the structure of XML data or access data that is normally restricted. If the XML data is used for user authentication, attackers could even escalate their privileges.
diff --git a/src/main/resources/taint-specification-collection/injection/sink/javax/xpath-injection/xpath.yml b/src/main/resources/taint-specification-collection/injection/sink/javax/xpath-injection/xpath.yml
deleted file mode 100644
index 1cbf4e41b..000000000
--- a/src/main/resources/taint-specification-collection/injection/sink/javax/xpath-injection/xpath.yml
+++ /dev/null
@@ -1,7 +0,0 @@
-sinks:
-  # interface
-  # - { method: "<javax.xml.xpath.XPath: javax.xml.xpath.XPathExpression compile(java.lang.String)>", index: 0 }
-  # - { method: "<javax.xml.xpath.XPath: java.lang.String evaluate(java.lang.String,java.lang.Object)>", index: 1 }
-  # - { method: "<javax.xml.xpath.XPath: java.lang.Object evaluate(java.lang.String,java.lang.Object,javax.xml.namespace.QName)>", index: 2 }
-  # - { method: "<javax.xml.xpath.XPath: java.lang.String evaluate(java.lang.String,org.xml.sax.InputSource)>", index: 1 }
-  # - { method: "<javax.xml.xpath.XPath: java.lang.Object evaluate(java.lang.String,org.xml.sax.InputSource,javax.xml.namespace.QName)>", index: 2 }
diff --git a/src/main/resources/taint-specification-collection/injection/source/javax/javax-servlet/HttpServletRequest.yml b/src/main/resources/taint-specification-collection/injection/source/javax/javax-servlet/HttpServletRequest.yml
deleted file mode 100644
index 359b8c0bf..000000000
--- a/src/main/resources/taint-specification-collection/injection/source/javax/javax-servlet/HttpServletRequest.yml
+++ /dev/null
@@ -1,44 +0,0 @@
-sources:
-  # interface
-  # - { kind: call, method: "<javax.servlet.http.HttpServletRequest: java.lang.String getParameter(java.lang.String)>", index: result, type: "java.lang.String" }
-  # - { kind: call, method: "<javax.servlet.http.HttpServletRequest: java.lang.String getHeader(java.lang.String)>", index: result, type: "java.lang.String" }
-  # - { kind: call, method: "<javax.servlet.http.HttpServletRequest: java.util.Enumeration getHeaders(java.lang.String)>", index: result, type: "java.util.Enumeration" }
-  # - { kind: call, method: "<javax.servlet.http.HttpServletRequest: java.util.Enumeration getHeaderNames()>", index: result, type: "java.util.Enumeration" }
-  # - { kind: call, method: "<javax.servlet.http.HttpServletRequest: java.lang.String getContextPath()>", index: result, type: "java.lang.String" }
-  # - { kind: call, method: "<javax.servlet.http.HttpServletRequest: javax.servlet.http.Cookie[] getCookies()>", index: result, type: "javax.servlet.http.Cookie[]" }
-  # - { kind: call, method: "<javax.servlet.http.HttpServletRequest: java.lang.String getPathInfo()>", index: result, type: "java.lang.String" }
-  # - { kind: call, method: "<javax.servlet.http.HttpServletRequest: java.lang.String getPathTranslated()>", index: result, type: "java.lang.String" }
-  # - { kind: call, method: "<javax.servlet.http.HttpServletRequest: java.lang.String getRemoteUser()>", index: result, type: "java.lang.String" }
-  # - { kind: call, method: "<javax.servlet.http.HttpServletRequest: java.lang.String getRequestedSessionId()>", index: result, type: "java.lang.String" }
-  # - { kind: call, method: "<javax.servlet.http.HttpServletRequest: java.lang.String getRequestURI()>", index: result, type: "java.lang.String" }
-  # - { kind: call, method: "<javax.servlet.http.HttpServletRequest: java.lang.String getRequestURL()>", index: result, type: "java.lang.String" }
-  # - { kind: call, method: "<javax.servlet.http.HttpServletRequest: java.lang.String getServletPath()>", index: result, type: "java.lang.String" }
-  # - { kind: call, method: "<javax.servlet.http.HttpServletRequest: java.lang.String getAuthType()>", index: result, type: "java.lang.String" }
-  # - { kind: call, method: "<javax.servlet.http.HttpServletRequest: java.lang.String getMethod()>", index: result, type: "java.lang.String" }
-  # - { kind: call, method: "<javax.servlet.http.HttpServletRequest: java.lang.String getRemoteAddr()>", index: result, type: "java.lang.String" }
-  # - { kind: call, method: "<javax.servlet.http.HttpServletRequest: java.lang.String getRemoteHost()>", index: result, type: "java.lang.String" }
-  # - { kind: call, method: "<javax.servlet.http.HttpServletRequest: java.lang.String getLocalAddr()>", index: result, type: "java.lang.String" }
-  # - { kind: call, method: "<javax.servlet.http.HttpServletRequest: java.lang.String getLocalName()>", index: result, type: "java.lang.String" }
-  # - { kind: call, method: "<javax.servlet.http.HttpServletRequest: java.lang.String getProtocol()>", index: result, type: "java.lang.String" }
-  # - { kind: call, method: "<javax.servlet.http.HttpServletRequest: java.lang.String getScheme()>", index: result, type: "java.lang.String" }
-  # - { kind: call, method: "<javax.servlet.http.HttpServletRequest: java.lang.String getServerName()>", index: result, type: "java.lang.String" }
-  # - { kind: call, method: "<javax.servlet.http.HttpServletRequest: java.lang.String getContentType()>", index: result, type: "java.lang.String" }
-  # - { kind: call, method: "<javax.servlet.http.HttpServletRequest: java.lang.String getCharacterEncoding()>", index: result, type: "java.lang.String" }
-  # - { kind: call, method: "<javax.servlet.http.HttpServletRequest: java.lang.String getLocalPort()>", index: result, type: "java.lang.String" }
-  # - { kind: call, method: "<javax.servlet.http.HttpServletRequest: java.lang.String getRemotePort()>", index: result, type: "java.lang.String" }
-  # - { kind: call, method: "<javax.servlet.http.HttpServletRequest: java.lang.String getServerPort()>", index: result, type: "java.lang.String" }
-  # - { kind: call, method: "<javax.servlet.http.HttpServletRequest: java.lang.String getRealPath(java.lang.String)>", index: result, type: "java.lang.String" }
-  # - { kind: call, method: "<javax.servlet.http.HttpServletRequest: java.lang.String getServletContext()>", index: result, type: "java.lang.String" }
-  # - { kind: call, method: "<javax.servlet.http.HttpServletRequest: java.lang.String getServletInfo()>", index: result, type: "java.lang.String" }
-  # - { kind: call, method: "<javax.servlet.http.HttpServletRequest: java.lang.String getServletName()>", index: result, type: "java.lang.String" }
-  # - { kind: call, method: "<javax.servlet.http.HttpServletRequest: java.lang.String getServletContext()>", index: result, type: "java.lang.String" }
-  # - { kind: call, method: "<javax.servlet.http.HttpServletRequest: java.lang.String getServletInfo()>", index: result, type: "java.lang.String" }
-  # - { kind: call, method: "<javax.servlet.http.HttpServletRequest: java.lang.String getServletName()>", index: result, type: "java.lang.String" }
-  # - { kind: call, method: "<javax.servlet.http.HttpServletRequest: java.lang.String getServletContext()>", index: result, type: "java.lang.String" }
-  # - { kind: call, method: "<javax.servlet.http.HttpServletRequest: java.lang.String getServletInfo()>", index: result, type: "java.lang.String" }
-  # - { kind: call, method: "<javax.servlet.http.HttpServletRequest: java.lang.String getServletName()>", index: result, type: "java.lang.String" }
-  # - { kind: call, method: "<javax.servlet.http.HttpServletRequest: java.lang.String getServletContext()>", index: result, type: "java.lang.String" }
-  # - { kind: call, method: "<javax.servlet.http.HttpServletRequest: java.lang.String getServletInfo()>", index: result, type: "java.lang.String" }
-  # - { kind: call, method: "<javax.servlet.http.HttpServletRequest: java.lang.String getServletName()>", index: result, type: "java.lang.String" }
-  # - { kind: call, method: "<javax.servlet.http.HttpServletRequest: java.lang.String getServletContext()>", index: result, type: "java.lang.String" }
-
diff --git a/src/main/resources/taint-specification-collection/injection/source/javax/javax-servlet/ServletRequest.yml b/src/main/resources/taint-specification-collection/injection/source/javax/javax-servlet/ServletRequest.yml
deleted file mode 100644
index 15df1f464..000000000
--- a/src/main/resources/taint-specification-collection/injection/source/javax/javax-servlet/ServletRequest.yml
+++ /dev/null
@@ -1,11 +0,0 @@
-sources:
-  # interface
-  # - { kind: call, method: "<javax.servlet.ServletRequest: java.lang.String getContentType()>", index: result, type: "java.lang.String" }
-  # - { kind: call, method: "<javax.servlet.ServletRequest: java.lang.String getLocalAddr()>", index: result, type: "java.lang.String" }
-  # - { kind: call, method: "<javax.servlet.ServletRequest: java.lang.String getLocalName()>", index: result, type: "java.lang.String" }
-  # - { kind: call, method: "<javax.servlet.ServletRequest: java.lang.String getParameter(java.lang.String)>", index: result, type: "java.lang.String" }
-  # - { kind: call, method: "<javax.servlet.ServletRequest: java.util.Map getParameterMap()>", index: result, type: "java.util.Map" }
-  # - { kind: call, method: "<javax.servlet.ServletRequest: java.util.Enumeration getParameterNames()>", index: result, type: "java.util.Enumeration" }
-  # - { kind: call, method: "<javax.servlet.ServletRequest: java.lang.String[] getParameterValues(java.lang.String)>", index: result, type: "java.lang.String[]" }
-  # - { kind: call, method: "<javax.servlet.ServletRequest: java.lang.String getRemoteHost()>", index: result, type: "java.lang.String" }
-  # - { kind: call, method: "<javax.servlet.ServletRequest: java.lang.String getServerName()>", index: result, type: "java.lang.String" }

From 6cc5f5987b195acdbbe7648ae639e6ced89f0ebd Mon Sep 17 00:00:00 2001
From: Xiao Yinning <211220110@smail.nju.edu.cn>
Date: Sun, 29 Dec 2024 07:48:42 +0000
Subject: [PATCH 3/9] add taint-configuration

Co-authored-by: auroraberry <2507097782@qq.com>
Co-authored-by: Isla-top <211220177@smail.nju.edu.cn>
---
 docs/en/taint-configuration.adoc              | 108 +++++++++---------
 .../infoleak}/java-io/README.adoc             |   0
 .../infoleak}/java-io/java-io.yml             |   0
 .../android/sql-injection/ContentProvider.yml |   0
 .../android/sql-injection/DatabaseUtils.yml   |   0
 .../android/sql-injection/README.adoc         |   0
 .../android/sql-injection/SQLiteDatabase.yml  |   0
 .../sql-injection/SQLiteQueryBuilder.yml      |   0
 .../apache-Xalan/xpath-injection/README.adoc  |   0
 .../apache-Xalan/xpath-injection/xpath.yml    |   0
 .../apache-log4j/log4j_1x/crlf/Category.yml   |   0
 .../apache-log4j/log4j_1x/crlf/Logger.yml     |   0
 .../apache-log4j/log4j_1x/crlf/README.adoc    |   0
 .../apache-log4j/log4j_2/crlf/Logger.yml      |   0
 .../apache-log4j/log4j_2/crlf/README.adoc     |   0
 .../xpath/RAEDME.adoc                         |   0
 .../xpath/xpath.yml                           |   0
 .../apache-struts/file-disclosure/README.adoc |   0
 .../struts-file-disclosure.yml                |   0
 .../apache-struts/ognl-injection/OgnlUtil.yml |   0
 .../apache-struts/ognl-injection/README.adoc  |   0
 .../ognl-injection/TextParseUtil.yml          |   0
 .../ognl-injection/reflection-relative.yml    |   0
 .../injection}/apache-struts/other/other.yml  |   0
 .../apache-turbine/sql-injection/README.adoc  |   0
 .../sql-injection/sql-turbine.yml             |   0
 .../attribute-injection/README.adoc           |   0
 .../beanutils2/attribute-injection/beans.yml  |   0
 .../apahce-commons/logging/crlf/README.adoc   |   0
 .../apahce-commons/logging/crlf/crlf-logs.yml |   0
 .../injection}/java/crlf/README.adoc          |   0
 .../injection}/java/crlf/crlf-logs.yml        |   0
 .../java/path-traversal/README.adoc           |   0
 .../java/path-traversal/path-traversal.yml    |   0
 .../injection}/java/rce/README.adoc           |   0
 .../injection}/java/rce/command.yml           |   0
 .../java/xpath-injection/README.adoc          |   0
 .../injection}/java/xpath-injection/xpath.yml |   0
 .../injection}/java/xss/README.adoc           |   0
 .../injection}/java/xss/formatter.yml         |   0
 .../injection}/java/xss/output.yml            |   0
 .../javax/ldap-injection/README.adoc          |   0
 .../injection}/javax/ldap-injection/ldap.yml  |   0
 .../injection}/javax/other/el.yml             |   0
 .../javax/other/response-splitting.yml        |   0
 .../injection}/javax/other/script-engine.yml  |   0
 .../injection}/javax/other/smtp.yml           |   0
 .../javax/other/trust-boundary-violation.yml  |   0
 .../injection}/javax/other/xslt.yml           |   0
 .../injection}/javax/xss/README.adoc          |   0
 .../injection}/javax/xss/output.yml           |   0
 .../javax/xss/request-dispatcher.yml          |   0
 .../injection}/slf4j/crlf/README.adoc         |   0
 .../injection}/slf4j/crlf/crlf-logs.yml       |   0
 .../spring-framework/beans/README.adoc        |   0
 .../spring-framework/beans/beans.yml          |   0
 .../file-disclosure/README.adoc               |   0
 .../spring-file-disclosure.yml                |   0
 .../ldap-injection/README.adoc                |   0
 .../spring-framework/ldap-injection/ldap.yml  |   0
 .../spel-inejction/README.adoc                |   0
 .../spel-inejction/spring-expression.yml      |   0
 .../sql-injection/README.adoc                 |   0
 .../sql-injection/sql-spring.yml              |   0
 .../injection}/tinylog/crlf/README.adoc       |   0
 .../injection}/tinylog/crlf/crlf-logs.yml     |   0
 .../infoleak}/java/README.adoc                |   0
 .../infoleak}/java/java-io.yml                |   0
 .../infoleak}/java/java-lang-system.yml       |   0
 .../infoleak}/java/java-net.yml               |   0
 .../infoleak}/java/java-sql.yml               |   0
 .../injection}/apache-struts2/README.adoc     |   0
 .../injection}/apache-struts2/struts2.yml     |   0
 .../injection}/apache-wicket/README.adoc      |   0
 .../injection}/apache-wicket/wicket.yml       |   0
 .../injection}/dropwizard/README.adoc         |   0
 .../dropwizard-jersey/dropwizard-jersey.yml   |   0
 .../dropwizard-servlet.yml                    |   0
 .../injection}/java/README.adoc               |   0
 .../injection}/java/java-awt.yml              |   0
 .../injection}/java/java-io.yml               |   0
 .../injection}/java/java-net.yml              |   0
 .../injection}/java/java-util-Scanner.yml     |   0
 .../injection}/javax/README.adoc              |   0
 .../javax/javax-portlet/PortletRequest.yml    |   0
 .../javax/javax-portlet/portlet-other.yml     |   0
 .../injection}/javax/javax-servlet/Cookie.yml |   0
 .../HttpServletRequestWrapper.yml             |   0
 .../javax-servlet/ServletRequestWrapper.yml   |   0
 .../injection}/javax/javax-swing/swing.yml    |   0
 .../injection}/jetty/README.adoc              |   0
 .../jetty/jetty-http/jetty-http.yml           |   0
 .../jetty/jetty-server/jetty-server.yml       |   0
 .../jetty/jetty-session/jetty-session.yml     |   0
 .../injection}/sonarqube/README.adoc          |   0
 .../sonarqube/sonarqube-ws/sonarqube-ws.yml   |   0
 96 files changed, 53 insertions(+), 55 deletions(-)
 rename src/main/resources/taint-configuration/{infoleak/sink => sink/infoleak}/java-io/README.adoc (100%)
 rename src/main/resources/taint-configuration/{infoleak/sink => sink/infoleak}/java-io/java-io.yml (100%)
 rename src/main/resources/taint-configuration/{injection/sink => sink/injection}/android/sql-injection/ContentProvider.yml (100%)
 rename src/main/resources/taint-configuration/{injection/sink => sink/injection}/android/sql-injection/DatabaseUtils.yml (100%)
 rename src/main/resources/taint-configuration/{injection/sink => sink/injection}/android/sql-injection/README.adoc (100%)
 rename src/main/resources/taint-configuration/{injection/sink => sink/injection}/android/sql-injection/SQLiteDatabase.yml (100%)
 rename src/main/resources/taint-configuration/{injection/sink => sink/injection}/android/sql-injection/SQLiteQueryBuilder.yml (100%)
 rename src/main/resources/taint-configuration/{injection/sink => sink/injection}/apache-Xalan/xpath-injection/README.adoc (100%)
 rename src/main/resources/taint-configuration/{injection/sink => sink/injection}/apache-Xalan/xpath-injection/xpath.yml (100%)
 rename src/main/resources/taint-configuration/{injection/sink => sink/injection}/apache-log4j/log4j_1x/crlf/Category.yml (100%)
 rename src/main/resources/taint-configuration/{injection/sink => sink/injection}/apache-log4j/log4j_1x/crlf/Logger.yml (100%)
 rename src/main/resources/taint-configuration/{injection/sink => sink/injection}/apache-log4j/log4j_1x/crlf/README.adoc (100%)
 rename src/main/resources/taint-configuration/{injection/sink => sink/injection}/apache-log4j/log4j_2/crlf/Logger.yml (100%)
 rename src/main/resources/taint-configuration/{injection/sink => sink/injection}/apache-log4j/log4j_2/crlf/README.adoc (100%)
 rename src/main/resources/taint-configuration/{injection/sink => sink/injection}/apache-santuario-xml-security/xpath/RAEDME.adoc (100%)
 rename src/main/resources/taint-configuration/{injection/sink => sink/injection}/apache-santuario-xml-security/xpath/xpath.yml (100%)
 rename src/main/resources/taint-configuration/{injection/sink => sink/injection}/apache-struts/file-disclosure/README.adoc (100%)
 rename src/main/resources/taint-configuration/{injection/sink => sink/injection}/apache-struts/file-disclosure/struts-file-disclosure.yml (100%)
 rename src/main/resources/taint-configuration/{injection/sink => sink/injection}/apache-struts/ognl-injection/OgnlUtil.yml (100%)
 rename src/main/resources/taint-configuration/{injection/sink => sink/injection}/apache-struts/ognl-injection/README.adoc (100%)
 rename src/main/resources/taint-configuration/{injection/sink => sink/injection}/apache-struts/ognl-injection/TextParseUtil.yml (100%)
 rename src/main/resources/taint-configuration/{injection/sink => sink/injection}/apache-struts/ognl-injection/reflection-relative.yml (100%)
 rename src/main/resources/taint-configuration/{injection/sink => sink/injection}/apache-struts/other/other.yml (100%)
 rename src/main/resources/taint-configuration/{injection/sink => sink/injection}/apache-turbine/sql-injection/README.adoc (100%)
 rename src/main/resources/taint-configuration/{injection/sink => sink/injection}/apache-turbine/sql-injection/sql-turbine.yml (100%)
 rename src/main/resources/taint-configuration/{injection/sink => sink/injection}/apahce-commons/beanutils2/attribute-injection/README.adoc (100%)
 rename src/main/resources/taint-configuration/{injection/sink => sink/injection}/apahce-commons/beanutils2/attribute-injection/beans.yml (100%)
 rename src/main/resources/taint-configuration/{injection/sink => sink/injection}/apahce-commons/logging/crlf/README.adoc (100%)
 rename src/main/resources/taint-configuration/{injection/sink => sink/injection}/apahce-commons/logging/crlf/crlf-logs.yml (100%)
 rename src/main/resources/taint-configuration/{injection/sink => sink/injection}/java/crlf/README.adoc (100%)
 rename src/main/resources/taint-configuration/{injection/sink => sink/injection}/java/crlf/crlf-logs.yml (100%)
 rename src/main/resources/taint-configuration/{injection/sink => sink/injection}/java/path-traversal/README.adoc (100%)
 rename src/main/resources/taint-configuration/{injection/sink => sink/injection}/java/path-traversal/path-traversal.yml (100%)
 rename src/main/resources/taint-configuration/{injection/sink => sink/injection}/java/rce/README.adoc (100%)
 rename src/main/resources/taint-configuration/{injection/sink => sink/injection}/java/rce/command.yml (100%)
 rename src/main/resources/taint-configuration/{injection/sink => sink/injection}/java/xpath-injection/README.adoc (100%)
 rename src/main/resources/taint-configuration/{injection/sink => sink/injection}/java/xpath-injection/xpath.yml (100%)
 rename src/main/resources/taint-configuration/{injection/sink => sink/injection}/java/xss/README.adoc (100%)
 rename src/main/resources/taint-configuration/{injection/sink => sink/injection}/java/xss/formatter.yml (100%)
 rename src/main/resources/taint-configuration/{injection/sink => sink/injection}/java/xss/output.yml (100%)
 rename src/main/resources/taint-configuration/{injection/sink => sink/injection}/javax/ldap-injection/README.adoc (100%)
 rename src/main/resources/taint-configuration/{injection/sink => sink/injection}/javax/ldap-injection/ldap.yml (100%)
 rename src/main/resources/taint-configuration/{injection/sink => sink/injection}/javax/other/el.yml (100%)
 rename src/main/resources/taint-configuration/{injection/sink => sink/injection}/javax/other/response-splitting.yml (100%)
 rename src/main/resources/taint-configuration/{injection/sink => sink/injection}/javax/other/script-engine.yml (100%)
 rename src/main/resources/taint-configuration/{injection/sink => sink/injection}/javax/other/smtp.yml (100%)
 rename src/main/resources/taint-configuration/{injection/sink => sink/injection}/javax/other/trust-boundary-violation.yml (100%)
 rename src/main/resources/taint-configuration/{injection/sink => sink/injection}/javax/other/xslt.yml (100%)
 rename src/main/resources/taint-configuration/{injection/sink => sink/injection}/javax/xss/README.adoc (100%)
 rename src/main/resources/taint-configuration/{injection/sink => sink/injection}/javax/xss/output.yml (100%)
 rename src/main/resources/taint-configuration/{injection/sink => sink/injection}/javax/xss/request-dispatcher.yml (100%)
 rename src/main/resources/taint-configuration/{injection/sink => sink/injection}/slf4j/crlf/README.adoc (100%)
 rename src/main/resources/taint-configuration/{injection/sink => sink/injection}/slf4j/crlf/crlf-logs.yml (100%)
 rename src/main/resources/taint-configuration/{injection/sink => sink/injection}/spring-framework/beans/README.adoc (100%)
 rename src/main/resources/taint-configuration/{injection/sink => sink/injection}/spring-framework/beans/beans.yml (100%)
 rename src/main/resources/taint-configuration/{injection/sink => sink/injection}/spring-framework/file-disclosure/README.adoc (100%)
 rename src/main/resources/taint-configuration/{injection/sink => sink/injection}/spring-framework/file-disclosure/spring-file-disclosure.yml (100%)
 rename src/main/resources/taint-configuration/{injection/sink => sink/injection}/spring-framework/ldap-injection/README.adoc (100%)
 rename src/main/resources/taint-configuration/{injection/sink => sink/injection}/spring-framework/ldap-injection/ldap.yml (100%)
 rename src/main/resources/taint-configuration/{injection/sink => sink/injection}/spring-framework/spel-inejction/README.adoc (100%)
 rename src/main/resources/taint-configuration/{injection/sink => sink/injection}/spring-framework/spel-inejction/spring-expression.yml (100%)
 rename src/main/resources/taint-configuration/{injection/sink => sink/injection}/spring-framework/sql-injection/README.adoc (100%)
 rename src/main/resources/taint-configuration/{injection/sink => sink/injection}/spring-framework/sql-injection/sql-spring.yml (100%)
 rename src/main/resources/taint-configuration/{injection/sink => sink/injection}/tinylog/crlf/README.adoc (100%)
 rename src/main/resources/taint-configuration/{injection/sink => sink/injection}/tinylog/crlf/crlf-logs.yml (100%)
 rename src/main/resources/taint-configuration/{infoleak/source => source/infoleak}/java/README.adoc (100%)
 rename src/main/resources/taint-configuration/{infoleak/source => source/infoleak}/java/java-io.yml (100%)
 rename src/main/resources/taint-configuration/{infoleak/source => source/infoleak}/java/java-lang-system.yml (100%)
 rename src/main/resources/taint-configuration/{infoleak/source => source/infoleak}/java/java-net.yml (100%)
 rename src/main/resources/taint-configuration/{infoleak/source => source/infoleak}/java/java-sql.yml (100%)
 rename src/main/resources/taint-configuration/{injection/source => source/injection}/apache-struts2/README.adoc (100%)
 rename src/main/resources/taint-configuration/{injection/source => source/injection}/apache-struts2/struts2.yml (100%)
 rename src/main/resources/taint-configuration/{injection/source => source/injection}/apache-wicket/README.adoc (100%)
 rename src/main/resources/taint-configuration/{injection/source => source/injection}/apache-wicket/wicket.yml (100%)
 rename src/main/resources/taint-configuration/{injection/source => source/injection}/dropwizard/README.adoc (100%)
 rename src/main/resources/taint-configuration/{injection/source => source/injection}/dropwizard/dropwizard-jersey/dropwizard-jersey.yml (100%)
 rename src/main/resources/taint-configuration/{injection/source => source/injection}/dropwizard/dropwizard-servlets/dropwizard-servlet.yml (100%)
 rename src/main/resources/taint-configuration/{injection/source => source/injection}/java/README.adoc (100%)
 rename src/main/resources/taint-configuration/{injection/source => source/injection}/java/java-awt.yml (100%)
 rename src/main/resources/taint-configuration/{injection/source => source/injection}/java/java-io.yml (100%)
 rename src/main/resources/taint-configuration/{injection/source => source/injection}/java/java-net.yml (100%)
 rename src/main/resources/taint-configuration/{injection/source => source/injection}/java/java-util-Scanner.yml (100%)
 rename src/main/resources/taint-configuration/{injection/source => source/injection}/javax/README.adoc (100%)
 rename src/main/resources/taint-configuration/{injection/source => source/injection}/javax/javax-portlet/PortletRequest.yml (100%)
 rename src/main/resources/taint-configuration/{injection/source => source/injection}/javax/javax-portlet/portlet-other.yml (100%)
 rename src/main/resources/taint-configuration/{injection/source => source/injection}/javax/javax-servlet/Cookie.yml (100%)
 rename src/main/resources/taint-configuration/{injection/source => source/injection}/javax/javax-servlet/HttpServletRequestWrapper.yml (100%)
 rename src/main/resources/taint-configuration/{injection/source => source/injection}/javax/javax-servlet/ServletRequestWrapper.yml (100%)
 rename src/main/resources/taint-configuration/{injection/source => source/injection}/javax/javax-swing/swing.yml (100%)
 rename src/main/resources/taint-configuration/{injection/source => source/injection}/jetty/README.adoc (100%)
 rename src/main/resources/taint-configuration/{injection/source => source/injection}/jetty/jetty-http/jetty-http.yml (100%)
 rename src/main/resources/taint-configuration/{injection/source => source/injection}/jetty/jetty-server/jetty-server.yml (100%)
 rename src/main/resources/taint-configuration/{injection/source => source/injection}/jetty/jetty-session/jetty-session.yml (100%)
 rename src/main/resources/taint-configuration/{injection/source => source/injection}/sonarqube/README.adoc (100%)
 rename src/main/resources/taint-configuration/{injection/source => source/injection}/sonarqube/sonarqube-ws/sonarqube-ws.yml (100%)

diff --git a/docs/en/taint-configuration.adoc b/docs/en/taint-configuration.adoc
index 980d7b3df..aa7470bd0 100644
--- a/docs/en/taint-configuration.adoc
+++ b/docs/en/taint-configuration.adoc
@@ -1,79 +1,78 @@
 = Taint Configuration for Common Vulnerabilities
 
-`Taint Configuration for Common Vulnerabilities` is a collection of configuration files for `taint analysis`. 
-This collection includes taint specifications (`source`, `sink`, and `transfer`) for various common vulnerability types. 
-To facilitate user lookup and selection, the taint specifications are organized by packages and related vulnerability types, offering a comprehensive configuration scheme for taint analysis.
-Currently, this collection contains 327 `source` configurations, 920 `sink` configurations, and 138 `transfer` configurations, enabling users to adapt and extend them based on their specific needs.
+`Taint Configuration for Common Vulnerabilities` is a collection of `source`, `sink`, and `transfer` rules tailored for various common vulnerability types. 
+Currently, this collection contains 327 `source` rules, 920 `sink` rules, and 138 `transfer` rules, enabling users to adapt and extend them to detect 13 types of vulnerabilities.
 
-== How to Use Taint Configuration for Common Vulnerabilities?
-
-Users can directly integrate the configuration files from this collection into the `taint-config.yml` for the `Tai-e` taint analysis tool, 
-or modify and extend them as needed to better meet specific analysis requirements. 
-For information on properly configuring `Tai-e` taint analysis, please refer to the link:https://tai-e.pascal-lab.net/docs/0.2.2/reference/en/taint-analysis.html#configuring-taint-analysis[Configuring Taint Analysis].
 
 == Project Structure
 
-The file organization structure of this project is as follows:
+We have classified the rules by packages and vulnerability types to help users quickly locate the required ones.
+The structure of this project is as follows:
 
 [source]
 ----
 taint-configuration
-|
-├─ infoleak     
-│   ├─ sink                 contains 141 sinks
-│   │   └─ java-io
-|   |
-│   └─ source               contains 158 sources
-│   |   └─ java
-|
-├─ injection                contains 779 sinks
-│   ├─ sink
-│   │   ├─ android
-│   │   │   └─ sql-injection
-│   |   |
-│   │   ├─ java
-│   │   │   ├─ crlf
-│   │   │   ├─ path-traversal
-│   │   │   ├─ rce
-│   │   │   └─ ...
-|   |   |
-│   │   └─ ...
-|   |
-│   └─ source               contains 169 sources
-│   |   ├─ apache-struts2
-|   |   |
-│   |   ├─ javax
-|   |   |   ├─ javax-portlet
-|   |   |   ├─ javax-servlet
-|   |   |   └─ javax-swing
-|   |   |
-│   |   └─ ...    
-|
-└─transfer                  contains 138 transfers about String
+├── sink
+│   ├── infoleak                       contains 141 sinks
+│   │   └── java-io
+│   │
+│   └── injection                      contains 779 sinks
+│       ├── android
+│       │   └── sql-injection
+│       │
+│       ├── java
+│       │   ├── crlf
+│       │   ├── path-traversal
+│       │   ├── rce
+│       │   └── ...
+│       │
+│       └── ...
+│
+├── source                             
+│   ├── infoleak                       contains 158 sources
+│   │   └── java
+│   │
+│   └── injection                      contains 169 sources
+│       ├── apache-struts2
+│       │
+│       ├── javax
+│       │   ├── javax-portlet
+│       │   ├── javax-servlet
+│       │   └── javax-swing
+│       │
+│       └── ...
+│
+└── transfer                           contains 138 transfers about String
 ----
 
-This project first categorizes the configuration files into three main categories: `infoleak`, `injection`, and `transfer`.
+Specifically, this project firstly categorizes the configuration files into three main categories: sink, source, and transfer.
 
-* `infoleak` category: Contains configurations related to information leakage vulnerabilities, further subdivided into two subdirectories:
-  ** `source`: Categorized by package name.
-  ** `sink`: Categorized by package name.
+* `sink` category: Contains `sink` configurations files related to information leakage and injection vulnerabilities, further subdivided into two subdirectories:
+  ** `infoleak`: Categorized by package name.
+  ** `injection`: Categorized by vulnerability type.
   
-* `injection` category: Contains configurations related to injection vulnerabilities, also subdivided into two subdirectories:
-  ** `source`: Categorized by package name.
-  ** `sink`: Categorized by vulnerability type.
+* `source` category: Contains `source` configurations related to information leakage and injection vulnerabilities, further subdivided into two subdirectories:
+  ** `infoleak`: Categorized by package name.
+  ** `injection`: Categorized by package name.
 
 * `transfer` category: Contains commonly used `transfer` configurations.
 
-Due to the large number of `source` and `sink` configurations, we have classified them to help users quickly locate the required ones. Additionally, each subdirectory contains a corresponding README file for reference.
+Additionally, each subdirectory contains a corresponding `README` file that provides a brief overview of the relevant vulnerability types.
 
+== How to Use it?
+
+Users can directly integrate the configuration files from this collection into the `taint-config.yml` for the `Tai-e` taint analysis tool, 
+or modify and extend them as needed to better meet specific analysis requirements. 
+For information on properly configuring `Tai-e` taint analysis, please refer to the link:https://tai-e.pascal-lab.net/docs/0.2.2/reference/en/taint-analysis.html#configuring-taint-analysis[Configuring Taint Analysis].
 
 == An example
 
-Here is an example of how to use the configuration files from this collection. If the user needs to detect an `RCE (Remote Code Execution)` injection vulnerability in a program using the `Jetty` software library, the following steps can be taken to modify the `taint-config.yml` file:
+Here is an example of how to use the configuration files from this collection. 
+If the user needs to detect an `RCE (Remote Code Execution)` injection vulnerability in a Java project using the `Jetty` software library, the following steps can be taken to modify the `taint-config.yml` file:
 
-1. Add the `source` configuration related to the *Jetty software library* from the file `taint-configuration/injection/source/jetty/jetty-http/jetty-http.yml` to the `taint-config.yml`.
-2. Add the `sink` configuration related to the *RCE type injection vulnerability* from the file `taint-configuration/injection/sink/java/rce/command.yml` to the `taint-config.yml`.
-3. Add the `transfer` configuration related to *String type* from the file `taint-configuration/transfer/string-transfers.yml` to the `taint-config.yml`.
+1. Add the `source` rules related to the *Jetty software library* from the file `taint-configuration/source/injection/jetty/jetty-http/jetty-http.yml` to the `taint-config.yml`.
+2. Add the `sink` rules related to the *RCE type injection vulnerability* from the file `taint-configuration/sink/injection/java/rce/command.yml` to the `taint-config.yml`.
+3. Add the `transfer` rules related to *String type* from the file `taint-configuration/transfer/string-transfers.yml` to the `taint-config.yml`.
 
 Example `taint-config.yml` configuration:
 
@@ -96,4 +95,3 @@ transfer:
 #...
 ```
 
-Once the configuration is completed, the user can use the `Tai-e` tool to perform taint analysis on the program under test to detect `RCE` type vulnerabilities triggered by the `Jetty` software library as a taint entry point. 
\ No newline at end of file
diff --git a/src/main/resources/taint-configuration/infoleak/sink/java-io/README.adoc b/src/main/resources/taint-configuration/sink/infoleak/java-io/README.adoc
similarity index 100%
rename from src/main/resources/taint-configuration/infoleak/sink/java-io/README.adoc
rename to src/main/resources/taint-configuration/sink/infoleak/java-io/README.adoc
diff --git a/src/main/resources/taint-configuration/infoleak/sink/java-io/java-io.yml b/src/main/resources/taint-configuration/sink/infoleak/java-io/java-io.yml
similarity index 100%
rename from src/main/resources/taint-configuration/infoleak/sink/java-io/java-io.yml
rename to src/main/resources/taint-configuration/sink/infoleak/java-io/java-io.yml
diff --git a/src/main/resources/taint-configuration/injection/sink/android/sql-injection/ContentProvider.yml b/src/main/resources/taint-configuration/sink/injection/android/sql-injection/ContentProvider.yml
similarity index 100%
rename from src/main/resources/taint-configuration/injection/sink/android/sql-injection/ContentProvider.yml
rename to src/main/resources/taint-configuration/sink/injection/android/sql-injection/ContentProvider.yml
diff --git a/src/main/resources/taint-configuration/injection/sink/android/sql-injection/DatabaseUtils.yml b/src/main/resources/taint-configuration/sink/injection/android/sql-injection/DatabaseUtils.yml
similarity index 100%
rename from src/main/resources/taint-configuration/injection/sink/android/sql-injection/DatabaseUtils.yml
rename to src/main/resources/taint-configuration/sink/injection/android/sql-injection/DatabaseUtils.yml
diff --git a/src/main/resources/taint-configuration/injection/sink/android/sql-injection/README.adoc b/src/main/resources/taint-configuration/sink/injection/android/sql-injection/README.adoc
similarity index 100%
rename from src/main/resources/taint-configuration/injection/sink/android/sql-injection/README.adoc
rename to src/main/resources/taint-configuration/sink/injection/android/sql-injection/README.adoc
diff --git a/src/main/resources/taint-configuration/injection/sink/android/sql-injection/SQLiteDatabase.yml b/src/main/resources/taint-configuration/sink/injection/android/sql-injection/SQLiteDatabase.yml
similarity index 100%
rename from src/main/resources/taint-configuration/injection/sink/android/sql-injection/SQLiteDatabase.yml
rename to src/main/resources/taint-configuration/sink/injection/android/sql-injection/SQLiteDatabase.yml
diff --git a/src/main/resources/taint-configuration/injection/sink/android/sql-injection/SQLiteQueryBuilder.yml b/src/main/resources/taint-configuration/sink/injection/android/sql-injection/SQLiteQueryBuilder.yml
similarity index 100%
rename from src/main/resources/taint-configuration/injection/sink/android/sql-injection/SQLiteQueryBuilder.yml
rename to src/main/resources/taint-configuration/sink/injection/android/sql-injection/SQLiteQueryBuilder.yml
diff --git a/src/main/resources/taint-configuration/injection/sink/apache-Xalan/xpath-injection/README.adoc b/src/main/resources/taint-configuration/sink/injection/apache-Xalan/xpath-injection/README.adoc
similarity index 100%
rename from src/main/resources/taint-configuration/injection/sink/apache-Xalan/xpath-injection/README.adoc
rename to src/main/resources/taint-configuration/sink/injection/apache-Xalan/xpath-injection/README.adoc
diff --git a/src/main/resources/taint-configuration/injection/sink/apache-Xalan/xpath-injection/xpath.yml b/src/main/resources/taint-configuration/sink/injection/apache-Xalan/xpath-injection/xpath.yml
similarity index 100%
rename from src/main/resources/taint-configuration/injection/sink/apache-Xalan/xpath-injection/xpath.yml
rename to src/main/resources/taint-configuration/sink/injection/apache-Xalan/xpath-injection/xpath.yml
diff --git a/src/main/resources/taint-configuration/injection/sink/apache-log4j/log4j_1x/crlf/Category.yml b/src/main/resources/taint-configuration/sink/injection/apache-log4j/log4j_1x/crlf/Category.yml
similarity index 100%
rename from src/main/resources/taint-configuration/injection/sink/apache-log4j/log4j_1x/crlf/Category.yml
rename to src/main/resources/taint-configuration/sink/injection/apache-log4j/log4j_1x/crlf/Category.yml
diff --git a/src/main/resources/taint-configuration/injection/sink/apache-log4j/log4j_1x/crlf/Logger.yml b/src/main/resources/taint-configuration/sink/injection/apache-log4j/log4j_1x/crlf/Logger.yml
similarity index 100%
rename from src/main/resources/taint-configuration/injection/sink/apache-log4j/log4j_1x/crlf/Logger.yml
rename to src/main/resources/taint-configuration/sink/injection/apache-log4j/log4j_1x/crlf/Logger.yml
diff --git a/src/main/resources/taint-configuration/injection/sink/apache-log4j/log4j_1x/crlf/README.adoc b/src/main/resources/taint-configuration/sink/injection/apache-log4j/log4j_1x/crlf/README.adoc
similarity index 100%
rename from src/main/resources/taint-configuration/injection/sink/apache-log4j/log4j_1x/crlf/README.adoc
rename to src/main/resources/taint-configuration/sink/injection/apache-log4j/log4j_1x/crlf/README.adoc
diff --git a/src/main/resources/taint-configuration/injection/sink/apache-log4j/log4j_2/crlf/Logger.yml b/src/main/resources/taint-configuration/sink/injection/apache-log4j/log4j_2/crlf/Logger.yml
similarity index 100%
rename from src/main/resources/taint-configuration/injection/sink/apache-log4j/log4j_2/crlf/Logger.yml
rename to src/main/resources/taint-configuration/sink/injection/apache-log4j/log4j_2/crlf/Logger.yml
diff --git a/src/main/resources/taint-configuration/injection/sink/apache-log4j/log4j_2/crlf/README.adoc b/src/main/resources/taint-configuration/sink/injection/apache-log4j/log4j_2/crlf/README.adoc
similarity index 100%
rename from src/main/resources/taint-configuration/injection/sink/apache-log4j/log4j_2/crlf/README.adoc
rename to src/main/resources/taint-configuration/sink/injection/apache-log4j/log4j_2/crlf/README.adoc
diff --git a/src/main/resources/taint-configuration/injection/sink/apache-santuario-xml-security/xpath/RAEDME.adoc b/src/main/resources/taint-configuration/sink/injection/apache-santuario-xml-security/xpath/RAEDME.adoc
similarity index 100%
rename from src/main/resources/taint-configuration/injection/sink/apache-santuario-xml-security/xpath/RAEDME.adoc
rename to src/main/resources/taint-configuration/sink/injection/apache-santuario-xml-security/xpath/RAEDME.adoc
diff --git a/src/main/resources/taint-configuration/injection/sink/apache-santuario-xml-security/xpath/xpath.yml b/src/main/resources/taint-configuration/sink/injection/apache-santuario-xml-security/xpath/xpath.yml
similarity index 100%
rename from src/main/resources/taint-configuration/injection/sink/apache-santuario-xml-security/xpath/xpath.yml
rename to src/main/resources/taint-configuration/sink/injection/apache-santuario-xml-security/xpath/xpath.yml
diff --git a/src/main/resources/taint-configuration/injection/sink/apache-struts/file-disclosure/README.adoc b/src/main/resources/taint-configuration/sink/injection/apache-struts/file-disclosure/README.adoc
similarity index 100%
rename from src/main/resources/taint-configuration/injection/sink/apache-struts/file-disclosure/README.adoc
rename to src/main/resources/taint-configuration/sink/injection/apache-struts/file-disclosure/README.adoc
diff --git a/src/main/resources/taint-configuration/injection/sink/apache-struts/file-disclosure/struts-file-disclosure.yml b/src/main/resources/taint-configuration/sink/injection/apache-struts/file-disclosure/struts-file-disclosure.yml
similarity index 100%
rename from src/main/resources/taint-configuration/injection/sink/apache-struts/file-disclosure/struts-file-disclosure.yml
rename to src/main/resources/taint-configuration/sink/injection/apache-struts/file-disclosure/struts-file-disclosure.yml
diff --git a/src/main/resources/taint-configuration/injection/sink/apache-struts/ognl-injection/OgnlUtil.yml b/src/main/resources/taint-configuration/sink/injection/apache-struts/ognl-injection/OgnlUtil.yml
similarity index 100%
rename from src/main/resources/taint-configuration/injection/sink/apache-struts/ognl-injection/OgnlUtil.yml
rename to src/main/resources/taint-configuration/sink/injection/apache-struts/ognl-injection/OgnlUtil.yml
diff --git a/src/main/resources/taint-configuration/injection/sink/apache-struts/ognl-injection/README.adoc b/src/main/resources/taint-configuration/sink/injection/apache-struts/ognl-injection/README.adoc
similarity index 100%
rename from src/main/resources/taint-configuration/injection/sink/apache-struts/ognl-injection/README.adoc
rename to src/main/resources/taint-configuration/sink/injection/apache-struts/ognl-injection/README.adoc
diff --git a/src/main/resources/taint-configuration/injection/sink/apache-struts/ognl-injection/TextParseUtil.yml b/src/main/resources/taint-configuration/sink/injection/apache-struts/ognl-injection/TextParseUtil.yml
similarity index 100%
rename from src/main/resources/taint-configuration/injection/sink/apache-struts/ognl-injection/TextParseUtil.yml
rename to src/main/resources/taint-configuration/sink/injection/apache-struts/ognl-injection/TextParseUtil.yml
diff --git a/src/main/resources/taint-configuration/injection/sink/apache-struts/ognl-injection/reflection-relative.yml b/src/main/resources/taint-configuration/sink/injection/apache-struts/ognl-injection/reflection-relative.yml
similarity index 100%
rename from src/main/resources/taint-configuration/injection/sink/apache-struts/ognl-injection/reflection-relative.yml
rename to src/main/resources/taint-configuration/sink/injection/apache-struts/ognl-injection/reflection-relative.yml
diff --git a/src/main/resources/taint-configuration/injection/sink/apache-struts/other/other.yml b/src/main/resources/taint-configuration/sink/injection/apache-struts/other/other.yml
similarity index 100%
rename from src/main/resources/taint-configuration/injection/sink/apache-struts/other/other.yml
rename to src/main/resources/taint-configuration/sink/injection/apache-struts/other/other.yml
diff --git a/src/main/resources/taint-configuration/injection/sink/apache-turbine/sql-injection/README.adoc b/src/main/resources/taint-configuration/sink/injection/apache-turbine/sql-injection/README.adoc
similarity index 100%
rename from src/main/resources/taint-configuration/injection/sink/apache-turbine/sql-injection/README.adoc
rename to src/main/resources/taint-configuration/sink/injection/apache-turbine/sql-injection/README.adoc
diff --git a/src/main/resources/taint-configuration/injection/sink/apache-turbine/sql-injection/sql-turbine.yml b/src/main/resources/taint-configuration/sink/injection/apache-turbine/sql-injection/sql-turbine.yml
similarity index 100%
rename from src/main/resources/taint-configuration/injection/sink/apache-turbine/sql-injection/sql-turbine.yml
rename to src/main/resources/taint-configuration/sink/injection/apache-turbine/sql-injection/sql-turbine.yml
diff --git a/src/main/resources/taint-configuration/injection/sink/apahce-commons/beanutils2/attribute-injection/README.adoc b/src/main/resources/taint-configuration/sink/injection/apahce-commons/beanutils2/attribute-injection/README.adoc
similarity index 100%
rename from src/main/resources/taint-configuration/injection/sink/apahce-commons/beanutils2/attribute-injection/README.adoc
rename to src/main/resources/taint-configuration/sink/injection/apahce-commons/beanutils2/attribute-injection/README.adoc
diff --git a/src/main/resources/taint-configuration/injection/sink/apahce-commons/beanutils2/attribute-injection/beans.yml b/src/main/resources/taint-configuration/sink/injection/apahce-commons/beanutils2/attribute-injection/beans.yml
similarity index 100%
rename from src/main/resources/taint-configuration/injection/sink/apahce-commons/beanutils2/attribute-injection/beans.yml
rename to src/main/resources/taint-configuration/sink/injection/apahce-commons/beanutils2/attribute-injection/beans.yml
diff --git a/src/main/resources/taint-configuration/injection/sink/apahce-commons/logging/crlf/README.adoc b/src/main/resources/taint-configuration/sink/injection/apahce-commons/logging/crlf/README.adoc
similarity index 100%
rename from src/main/resources/taint-configuration/injection/sink/apahce-commons/logging/crlf/README.adoc
rename to src/main/resources/taint-configuration/sink/injection/apahce-commons/logging/crlf/README.adoc
diff --git a/src/main/resources/taint-configuration/injection/sink/apahce-commons/logging/crlf/crlf-logs.yml b/src/main/resources/taint-configuration/sink/injection/apahce-commons/logging/crlf/crlf-logs.yml
similarity index 100%
rename from src/main/resources/taint-configuration/injection/sink/apahce-commons/logging/crlf/crlf-logs.yml
rename to src/main/resources/taint-configuration/sink/injection/apahce-commons/logging/crlf/crlf-logs.yml
diff --git a/src/main/resources/taint-configuration/injection/sink/java/crlf/README.adoc b/src/main/resources/taint-configuration/sink/injection/java/crlf/README.adoc
similarity index 100%
rename from src/main/resources/taint-configuration/injection/sink/java/crlf/README.adoc
rename to src/main/resources/taint-configuration/sink/injection/java/crlf/README.adoc
diff --git a/src/main/resources/taint-configuration/injection/sink/java/crlf/crlf-logs.yml b/src/main/resources/taint-configuration/sink/injection/java/crlf/crlf-logs.yml
similarity index 100%
rename from src/main/resources/taint-configuration/injection/sink/java/crlf/crlf-logs.yml
rename to src/main/resources/taint-configuration/sink/injection/java/crlf/crlf-logs.yml
diff --git a/src/main/resources/taint-configuration/injection/sink/java/path-traversal/README.adoc b/src/main/resources/taint-configuration/sink/injection/java/path-traversal/README.adoc
similarity index 100%
rename from src/main/resources/taint-configuration/injection/sink/java/path-traversal/README.adoc
rename to src/main/resources/taint-configuration/sink/injection/java/path-traversal/README.adoc
diff --git a/src/main/resources/taint-configuration/injection/sink/java/path-traversal/path-traversal.yml b/src/main/resources/taint-configuration/sink/injection/java/path-traversal/path-traversal.yml
similarity index 100%
rename from src/main/resources/taint-configuration/injection/sink/java/path-traversal/path-traversal.yml
rename to src/main/resources/taint-configuration/sink/injection/java/path-traversal/path-traversal.yml
diff --git a/src/main/resources/taint-configuration/injection/sink/java/rce/README.adoc b/src/main/resources/taint-configuration/sink/injection/java/rce/README.adoc
similarity index 100%
rename from src/main/resources/taint-configuration/injection/sink/java/rce/README.adoc
rename to src/main/resources/taint-configuration/sink/injection/java/rce/README.adoc
diff --git a/src/main/resources/taint-configuration/injection/sink/java/rce/command.yml b/src/main/resources/taint-configuration/sink/injection/java/rce/command.yml
similarity index 100%
rename from src/main/resources/taint-configuration/injection/sink/java/rce/command.yml
rename to src/main/resources/taint-configuration/sink/injection/java/rce/command.yml
diff --git a/src/main/resources/taint-configuration/injection/sink/java/xpath-injection/README.adoc b/src/main/resources/taint-configuration/sink/injection/java/xpath-injection/README.adoc
similarity index 100%
rename from src/main/resources/taint-configuration/injection/sink/java/xpath-injection/README.adoc
rename to src/main/resources/taint-configuration/sink/injection/java/xpath-injection/README.adoc
diff --git a/src/main/resources/taint-configuration/injection/sink/java/xpath-injection/xpath.yml b/src/main/resources/taint-configuration/sink/injection/java/xpath-injection/xpath.yml
similarity index 100%
rename from src/main/resources/taint-configuration/injection/sink/java/xpath-injection/xpath.yml
rename to src/main/resources/taint-configuration/sink/injection/java/xpath-injection/xpath.yml
diff --git a/src/main/resources/taint-configuration/injection/sink/java/xss/README.adoc b/src/main/resources/taint-configuration/sink/injection/java/xss/README.adoc
similarity index 100%
rename from src/main/resources/taint-configuration/injection/sink/java/xss/README.adoc
rename to src/main/resources/taint-configuration/sink/injection/java/xss/README.adoc
diff --git a/src/main/resources/taint-configuration/injection/sink/java/xss/formatter.yml b/src/main/resources/taint-configuration/sink/injection/java/xss/formatter.yml
similarity index 100%
rename from src/main/resources/taint-configuration/injection/sink/java/xss/formatter.yml
rename to src/main/resources/taint-configuration/sink/injection/java/xss/formatter.yml
diff --git a/src/main/resources/taint-configuration/injection/sink/java/xss/output.yml b/src/main/resources/taint-configuration/sink/injection/java/xss/output.yml
similarity index 100%
rename from src/main/resources/taint-configuration/injection/sink/java/xss/output.yml
rename to src/main/resources/taint-configuration/sink/injection/java/xss/output.yml
diff --git a/src/main/resources/taint-configuration/injection/sink/javax/ldap-injection/README.adoc b/src/main/resources/taint-configuration/sink/injection/javax/ldap-injection/README.adoc
similarity index 100%
rename from src/main/resources/taint-configuration/injection/sink/javax/ldap-injection/README.adoc
rename to src/main/resources/taint-configuration/sink/injection/javax/ldap-injection/README.adoc
diff --git a/src/main/resources/taint-configuration/injection/sink/javax/ldap-injection/ldap.yml b/src/main/resources/taint-configuration/sink/injection/javax/ldap-injection/ldap.yml
similarity index 100%
rename from src/main/resources/taint-configuration/injection/sink/javax/ldap-injection/ldap.yml
rename to src/main/resources/taint-configuration/sink/injection/javax/ldap-injection/ldap.yml
diff --git a/src/main/resources/taint-configuration/injection/sink/javax/other/el.yml b/src/main/resources/taint-configuration/sink/injection/javax/other/el.yml
similarity index 100%
rename from src/main/resources/taint-configuration/injection/sink/javax/other/el.yml
rename to src/main/resources/taint-configuration/sink/injection/javax/other/el.yml
diff --git a/src/main/resources/taint-configuration/injection/sink/javax/other/response-splitting.yml b/src/main/resources/taint-configuration/sink/injection/javax/other/response-splitting.yml
similarity index 100%
rename from src/main/resources/taint-configuration/injection/sink/javax/other/response-splitting.yml
rename to src/main/resources/taint-configuration/sink/injection/javax/other/response-splitting.yml
diff --git a/src/main/resources/taint-configuration/injection/sink/javax/other/script-engine.yml b/src/main/resources/taint-configuration/sink/injection/javax/other/script-engine.yml
similarity index 100%
rename from src/main/resources/taint-configuration/injection/sink/javax/other/script-engine.yml
rename to src/main/resources/taint-configuration/sink/injection/javax/other/script-engine.yml
diff --git a/src/main/resources/taint-configuration/injection/sink/javax/other/smtp.yml b/src/main/resources/taint-configuration/sink/injection/javax/other/smtp.yml
similarity index 100%
rename from src/main/resources/taint-configuration/injection/sink/javax/other/smtp.yml
rename to src/main/resources/taint-configuration/sink/injection/javax/other/smtp.yml
diff --git a/src/main/resources/taint-configuration/injection/sink/javax/other/trust-boundary-violation.yml b/src/main/resources/taint-configuration/sink/injection/javax/other/trust-boundary-violation.yml
similarity index 100%
rename from src/main/resources/taint-configuration/injection/sink/javax/other/trust-boundary-violation.yml
rename to src/main/resources/taint-configuration/sink/injection/javax/other/trust-boundary-violation.yml
diff --git a/src/main/resources/taint-configuration/injection/sink/javax/other/xslt.yml b/src/main/resources/taint-configuration/sink/injection/javax/other/xslt.yml
similarity index 100%
rename from src/main/resources/taint-configuration/injection/sink/javax/other/xslt.yml
rename to src/main/resources/taint-configuration/sink/injection/javax/other/xslt.yml
diff --git a/src/main/resources/taint-configuration/injection/sink/javax/xss/README.adoc b/src/main/resources/taint-configuration/sink/injection/javax/xss/README.adoc
similarity index 100%
rename from src/main/resources/taint-configuration/injection/sink/javax/xss/README.adoc
rename to src/main/resources/taint-configuration/sink/injection/javax/xss/README.adoc
diff --git a/src/main/resources/taint-configuration/injection/sink/javax/xss/output.yml b/src/main/resources/taint-configuration/sink/injection/javax/xss/output.yml
similarity index 100%
rename from src/main/resources/taint-configuration/injection/sink/javax/xss/output.yml
rename to src/main/resources/taint-configuration/sink/injection/javax/xss/output.yml
diff --git a/src/main/resources/taint-configuration/injection/sink/javax/xss/request-dispatcher.yml b/src/main/resources/taint-configuration/sink/injection/javax/xss/request-dispatcher.yml
similarity index 100%
rename from src/main/resources/taint-configuration/injection/sink/javax/xss/request-dispatcher.yml
rename to src/main/resources/taint-configuration/sink/injection/javax/xss/request-dispatcher.yml
diff --git a/src/main/resources/taint-configuration/injection/sink/slf4j/crlf/README.adoc b/src/main/resources/taint-configuration/sink/injection/slf4j/crlf/README.adoc
similarity index 100%
rename from src/main/resources/taint-configuration/injection/sink/slf4j/crlf/README.adoc
rename to src/main/resources/taint-configuration/sink/injection/slf4j/crlf/README.adoc
diff --git a/src/main/resources/taint-configuration/injection/sink/slf4j/crlf/crlf-logs.yml b/src/main/resources/taint-configuration/sink/injection/slf4j/crlf/crlf-logs.yml
similarity index 100%
rename from src/main/resources/taint-configuration/injection/sink/slf4j/crlf/crlf-logs.yml
rename to src/main/resources/taint-configuration/sink/injection/slf4j/crlf/crlf-logs.yml
diff --git a/src/main/resources/taint-configuration/injection/sink/spring-framework/beans/README.adoc b/src/main/resources/taint-configuration/sink/injection/spring-framework/beans/README.adoc
similarity index 100%
rename from src/main/resources/taint-configuration/injection/sink/spring-framework/beans/README.adoc
rename to src/main/resources/taint-configuration/sink/injection/spring-framework/beans/README.adoc
diff --git a/src/main/resources/taint-configuration/injection/sink/spring-framework/beans/beans.yml b/src/main/resources/taint-configuration/sink/injection/spring-framework/beans/beans.yml
similarity index 100%
rename from src/main/resources/taint-configuration/injection/sink/spring-framework/beans/beans.yml
rename to src/main/resources/taint-configuration/sink/injection/spring-framework/beans/beans.yml
diff --git a/src/main/resources/taint-configuration/injection/sink/spring-framework/file-disclosure/README.adoc b/src/main/resources/taint-configuration/sink/injection/spring-framework/file-disclosure/README.adoc
similarity index 100%
rename from src/main/resources/taint-configuration/injection/sink/spring-framework/file-disclosure/README.adoc
rename to src/main/resources/taint-configuration/sink/injection/spring-framework/file-disclosure/README.adoc
diff --git a/src/main/resources/taint-configuration/injection/sink/spring-framework/file-disclosure/spring-file-disclosure.yml b/src/main/resources/taint-configuration/sink/injection/spring-framework/file-disclosure/spring-file-disclosure.yml
similarity index 100%
rename from src/main/resources/taint-configuration/injection/sink/spring-framework/file-disclosure/spring-file-disclosure.yml
rename to src/main/resources/taint-configuration/sink/injection/spring-framework/file-disclosure/spring-file-disclosure.yml
diff --git a/src/main/resources/taint-configuration/injection/sink/spring-framework/ldap-injection/README.adoc b/src/main/resources/taint-configuration/sink/injection/spring-framework/ldap-injection/README.adoc
similarity index 100%
rename from src/main/resources/taint-configuration/injection/sink/spring-framework/ldap-injection/README.adoc
rename to src/main/resources/taint-configuration/sink/injection/spring-framework/ldap-injection/README.adoc
diff --git a/src/main/resources/taint-configuration/injection/sink/spring-framework/ldap-injection/ldap.yml b/src/main/resources/taint-configuration/sink/injection/spring-framework/ldap-injection/ldap.yml
similarity index 100%
rename from src/main/resources/taint-configuration/injection/sink/spring-framework/ldap-injection/ldap.yml
rename to src/main/resources/taint-configuration/sink/injection/spring-framework/ldap-injection/ldap.yml
diff --git a/src/main/resources/taint-configuration/injection/sink/spring-framework/spel-inejction/README.adoc b/src/main/resources/taint-configuration/sink/injection/spring-framework/spel-inejction/README.adoc
similarity index 100%
rename from src/main/resources/taint-configuration/injection/sink/spring-framework/spel-inejction/README.adoc
rename to src/main/resources/taint-configuration/sink/injection/spring-framework/spel-inejction/README.adoc
diff --git a/src/main/resources/taint-configuration/injection/sink/spring-framework/spel-inejction/spring-expression.yml b/src/main/resources/taint-configuration/sink/injection/spring-framework/spel-inejction/spring-expression.yml
similarity index 100%
rename from src/main/resources/taint-configuration/injection/sink/spring-framework/spel-inejction/spring-expression.yml
rename to src/main/resources/taint-configuration/sink/injection/spring-framework/spel-inejction/spring-expression.yml
diff --git a/src/main/resources/taint-configuration/injection/sink/spring-framework/sql-injection/README.adoc b/src/main/resources/taint-configuration/sink/injection/spring-framework/sql-injection/README.adoc
similarity index 100%
rename from src/main/resources/taint-configuration/injection/sink/spring-framework/sql-injection/README.adoc
rename to src/main/resources/taint-configuration/sink/injection/spring-framework/sql-injection/README.adoc
diff --git a/src/main/resources/taint-configuration/injection/sink/spring-framework/sql-injection/sql-spring.yml b/src/main/resources/taint-configuration/sink/injection/spring-framework/sql-injection/sql-spring.yml
similarity index 100%
rename from src/main/resources/taint-configuration/injection/sink/spring-framework/sql-injection/sql-spring.yml
rename to src/main/resources/taint-configuration/sink/injection/spring-framework/sql-injection/sql-spring.yml
diff --git a/src/main/resources/taint-configuration/injection/sink/tinylog/crlf/README.adoc b/src/main/resources/taint-configuration/sink/injection/tinylog/crlf/README.adoc
similarity index 100%
rename from src/main/resources/taint-configuration/injection/sink/tinylog/crlf/README.adoc
rename to src/main/resources/taint-configuration/sink/injection/tinylog/crlf/README.adoc
diff --git a/src/main/resources/taint-configuration/injection/sink/tinylog/crlf/crlf-logs.yml b/src/main/resources/taint-configuration/sink/injection/tinylog/crlf/crlf-logs.yml
similarity index 100%
rename from src/main/resources/taint-configuration/injection/sink/tinylog/crlf/crlf-logs.yml
rename to src/main/resources/taint-configuration/sink/injection/tinylog/crlf/crlf-logs.yml
diff --git a/src/main/resources/taint-configuration/infoleak/source/java/README.adoc b/src/main/resources/taint-configuration/source/infoleak/java/README.adoc
similarity index 100%
rename from src/main/resources/taint-configuration/infoleak/source/java/README.adoc
rename to src/main/resources/taint-configuration/source/infoleak/java/README.adoc
diff --git a/src/main/resources/taint-configuration/infoleak/source/java/java-io.yml b/src/main/resources/taint-configuration/source/infoleak/java/java-io.yml
similarity index 100%
rename from src/main/resources/taint-configuration/infoleak/source/java/java-io.yml
rename to src/main/resources/taint-configuration/source/infoleak/java/java-io.yml
diff --git a/src/main/resources/taint-configuration/infoleak/source/java/java-lang-system.yml b/src/main/resources/taint-configuration/source/infoleak/java/java-lang-system.yml
similarity index 100%
rename from src/main/resources/taint-configuration/infoleak/source/java/java-lang-system.yml
rename to src/main/resources/taint-configuration/source/infoleak/java/java-lang-system.yml
diff --git a/src/main/resources/taint-configuration/infoleak/source/java/java-net.yml b/src/main/resources/taint-configuration/source/infoleak/java/java-net.yml
similarity index 100%
rename from src/main/resources/taint-configuration/infoleak/source/java/java-net.yml
rename to src/main/resources/taint-configuration/source/infoleak/java/java-net.yml
diff --git a/src/main/resources/taint-configuration/infoleak/source/java/java-sql.yml b/src/main/resources/taint-configuration/source/infoleak/java/java-sql.yml
similarity index 100%
rename from src/main/resources/taint-configuration/infoleak/source/java/java-sql.yml
rename to src/main/resources/taint-configuration/source/infoleak/java/java-sql.yml
diff --git a/src/main/resources/taint-configuration/injection/source/apache-struts2/README.adoc b/src/main/resources/taint-configuration/source/injection/apache-struts2/README.adoc
similarity index 100%
rename from src/main/resources/taint-configuration/injection/source/apache-struts2/README.adoc
rename to src/main/resources/taint-configuration/source/injection/apache-struts2/README.adoc
diff --git a/src/main/resources/taint-configuration/injection/source/apache-struts2/struts2.yml b/src/main/resources/taint-configuration/source/injection/apache-struts2/struts2.yml
similarity index 100%
rename from src/main/resources/taint-configuration/injection/source/apache-struts2/struts2.yml
rename to src/main/resources/taint-configuration/source/injection/apache-struts2/struts2.yml
diff --git a/src/main/resources/taint-configuration/injection/source/apache-wicket/README.adoc b/src/main/resources/taint-configuration/source/injection/apache-wicket/README.adoc
similarity index 100%
rename from src/main/resources/taint-configuration/injection/source/apache-wicket/README.adoc
rename to src/main/resources/taint-configuration/source/injection/apache-wicket/README.adoc
diff --git a/src/main/resources/taint-configuration/injection/source/apache-wicket/wicket.yml b/src/main/resources/taint-configuration/source/injection/apache-wicket/wicket.yml
similarity index 100%
rename from src/main/resources/taint-configuration/injection/source/apache-wicket/wicket.yml
rename to src/main/resources/taint-configuration/source/injection/apache-wicket/wicket.yml
diff --git a/src/main/resources/taint-configuration/injection/source/dropwizard/README.adoc b/src/main/resources/taint-configuration/source/injection/dropwizard/README.adoc
similarity index 100%
rename from src/main/resources/taint-configuration/injection/source/dropwizard/README.adoc
rename to src/main/resources/taint-configuration/source/injection/dropwizard/README.adoc
diff --git a/src/main/resources/taint-configuration/injection/source/dropwizard/dropwizard-jersey/dropwizard-jersey.yml b/src/main/resources/taint-configuration/source/injection/dropwizard/dropwizard-jersey/dropwizard-jersey.yml
similarity index 100%
rename from src/main/resources/taint-configuration/injection/source/dropwizard/dropwizard-jersey/dropwizard-jersey.yml
rename to src/main/resources/taint-configuration/source/injection/dropwizard/dropwizard-jersey/dropwizard-jersey.yml
diff --git a/src/main/resources/taint-configuration/injection/source/dropwizard/dropwizard-servlets/dropwizard-servlet.yml b/src/main/resources/taint-configuration/source/injection/dropwizard/dropwizard-servlets/dropwizard-servlet.yml
similarity index 100%
rename from src/main/resources/taint-configuration/injection/source/dropwizard/dropwizard-servlets/dropwizard-servlet.yml
rename to src/main/resources/taint-configuration/source/injection/dropwizard/dropwizard-servlets/dropwizard-servlet.yml
diff --git a/src/main/resources/taint-configuration/injection/source/java/README.adoc b/src/main/resources/taint-configuration/source/injection/java/README.adoc
similarity index 100%
rename from src/main/resources/taint-configuration/injection/source/java/README.adoc
rename to src/main/resources/taint-configuration/source/injection/java/README.adoc
diff --git a/src/main/resources/taint-configuration/injection/source/java/java-awt.yml b/src/main/resources/taint-configuration/source/injection/java/java-awt.yml
similarity index 100%
rename from src/main/resources/taint-configuration/injection/source/java/java-awt.yml
rename to src/main/resources/taint-configuration/source/injection/java/java-awt.yml
diff --git a/src/main/resources/taint-configuration/injection/source/java/java-io.yml b/src/main/resources/taint-configuration/source/injection/java/java-io.yml
similarity index 100%
rename from src/main/resources/taint-configuration/injection/source/java/java-io.yml
rename to src/main/resources/taint-configuration/source/injection/java/java-io.yml
diff --git a/src/main/resources/taint-configuration/injection/source/java/java-net.yml b/src/main/resources/taint-configuration/source/injection/java/java-net.yml
similarity index 100%
rename from src/main/resources/taint-configuration/injection/source/java/java-net.yml
rename to src/main/resources/taint-configuration/source/injection/java/java-net.yml
diff --git a/src/main/resources/taint-configuration/injection/source/java/java-util-Scanner.yml b/src/main/resources/taint-configuration/source/injection/java/java-util-Scanner.yml
similarity index 100%
rename from src/main/resources/taint-configuration/injection/source/java/java-util-Scanner.yml
rename to src/main/resources/taint-configuration/source/injection/java/java-util-Scanner.yml
diff --git a/src/main/resources/taint-configuration/injection/source/javax/README.adoc b/src/main/resources/taint-configuration/source/injection/javax/README.adoc
similarity index 100%
rename from src/main/resources/taint-configuration/injection/source/javax/README.adoc
rename to src/main/resources/taint-configuration/source/injection/javax/README.adoc
diff --git a/src/main/resources/taint-configuration/injection/source/javax/javax-portlet/PortletRequest.yml b/src/main/resources/taint-configuration/source/injection/javax/javax-portlet/PortletRequest.yml
similarity index 100%
rename from src/main/resources/taint-configuration/injection/source/javax/javax-portlet/PortletRequest.yml
rename to src/main/resources/taint-configuration/source/injection/javax/javax-portlet/PortletRequest.yml
diff --git a/src/main/resources/taint-configuration/injection/source/javax/javax-portlet/portlet-other.yml b/src/main/resources/taint-configuration/source/injection/javax/javax-portlet/portlet-other.yml
similarity index 100%
rename from src/main/resources/taint-configuration/injection/source/javax/javax-portlet/portlet-other.yml
rename to src/main/resources/taint-configuration/source/injection/javax/javax-portlet/portlet-other.yml
diff --git a/src/main/resources/taint-configuration/injection/source/javax/javax-servlet/Cookie.yml b/src/main/resources/taint-configuration/source/injection/javax/javax-servlet/Cookie.yml
similarity index 100%
rename from src/main/resources/taint-configuration/injection/source/javax/javax-servlet/Cookie.yml
rename to src/main/resources/taint-configuration/source/injection/javax/javax-servlet/Cookie.yml
diff --git a/src/main/resources/taint-configuration/injection/source/javax/javax-servlet/HttpServletRequestWrapper.yml b/src/main/resources/taint-configuration/source/injection/javax/javax-servlet/HttpServletRequestWrapper.yml
similarity index 100%
rename from src/main/resources/taint-configuration/injection/source/javax/javax-servlet/HttpServletRequestWrapper.yml
rename to src/main/resources/taint-configuration/source/injection/javax/javax-servlet/HttpServletRequestWrapper.yml
diff --git a/src/main/resources/taint-configuration/injection/source/javax/javax-servlet/ServletRequestWrapper.yml b/src/main/resources/taint-configuration/source/injection/javax/javax-servlet/ServletRequestWrapper.yml
similarity index 100%
rename from src/main/resources/taint-configuration/injection/source/javax/javax-servlet/ServletRequestWrapper.yml
rename to src/main/resources/taint-configuration/source/injection/javax/javax-servlet/ServletRequestWrapper.yml
diff --git a/src/main/resources/taint-configuration/injection/source/javax/javax-swing/swing.yml b/src/main/resources/taint-configuration/source/injection/javax/javax-swing/swing.yml
similarity index 100%
rename from src/main/resources/taint-configuration/injection/source/javax/javax-swing/swing.yml
rename to src/main/resources/taint-configuration/source/injection/javax/javax-swing/swing.yml
diff --git a/src/main/resources/taint-configuration/injection/source/jetty/README.adoc b/src/main/resources/taint-configuration/source/injection/jetty/README.adoc
similarity index 100%
rename from src/main/resources/taint-configuration/injection/source/jetty/README.adoc
rename to src/main/resources/taint-configuration/source/injection/jetty/README.adoc
diff --git a/src/main/resources/taint-configuration/injection/source/jetty/jetty-http/jetty-http.yml b/src/main/resources/taint-configuration/source/injection/jetty/jetty-http/jetty-http.yml
similarity index 100%
rename from src/main/resources/taint-configuration/injection/source/jetty/jetty-http/jetty-http.yml
rename to src/main/resources/taint-configuration/source/injection/jetty/jetty-http/jetty-http.yml
diff --git a/src/main/resources/taint-configuration/injection/source/jetty/jetty-server/jetty-server.yml b/src/main/resources/taint-configuration/source/injection/jetty/jetty-server/jetty-server.yml
similarity index 100%
rename from src/main/resources/taint-configuration/injection/source/jetty/jetty-server/jetty-server.yml
rename to src/main/resources/taint-configuration/source/injection/jetty/jetty-server/jetty-server.yml
diff --git a/src/main/resources/taint-configuration/injection/source/jetty/jetty-session/jetty-session.yml b/src/main/resources/taint-configuration/source/injection/jetty/jetty-session/jetty-session.yml
similarity index 100%
rename from src/main/resources/taint-configuration/injection/source/jetty/jetty-session/jetty-session.yml
rename to src/main/resources/taint-configuration/source/injection/jetty/jetty-session/jetty-session.yml
diff --git a/src/main/resources/taint-configuration/injection/source/sonarqube/README.adoc b/src/main/resources/taint-configuration/source/injection/sonarqube/README.adoc
similarity index 100%
rename from src/main/resources/taint-configuration/injection/source/sonarqube/README.adoc
rename to src/main/resources/taint-configuration/source/injection/sonarqube/README.adoc
diff --git a/src/main/resources/taint-configuration/injection/source/sonarqube/sonarqube-ws/sonarqube-ws.yml b/src/main/resources/taint-configuration/source/injection/sonarqube/sonarqube-ws/sonarqube-ws.yml
similarity index 100%
rename from src/main/resources/taint-configuration/injection/source/sonarqube/sonarqube-ws/sonarqube-ws.yml
rename to src/main/resources/taint-configuration/source/injection/sonarqube/sonarqube-ws/sonarqube-ws.yml

From 6f218a7e5d80ea0f6b0f4227fc83801b587496eb Mon Sep 17 00:00:00 2001
From: Teng Zhang <zhangt2333@gmail.com>
Date: Mon, 30 Dec 2024 15:53:46 +0800
Subject: [PATCH 4/9] Revise

---
 ...n.adoc => commonly-used-taint-config.adoc} | 41 ++++++++-----------
 docs/en/index-single.adoc                     |  2 +
 docs/en/index.adoc                            |  1 +
 3 files changed, 20 insertions(+), 24 deletions(-)
 rename docs/en/{taint-configuration.adoc => commonly-used-taint-config.adoc} (75%)

diff --git a/docs/en/taint-configuration.adoc b/docs/en/commonly-used-taint-config.adoc
similarity index 75%
rename from docs/en/taint-configuration.adoc
rename to docs/en/commonly-used-taint-config.adoc
index aa7470bd0..87ba8358a 100644
--- a/docs/en/taint-configuration.adoc
+++ b/docs/en/commonly-used-taint-config.adoc
@@ -1,10 +1,13 @@
+[[commonly-used-taint-config.adoc]]
+include::attributes.adoc[]
+
 = Taint Configuration for Common Vulnerabilities
 
-`Taint Configuration for Common Vulnerabilities` is a collection of `source`, `sink`, and `transfer` rules tailored for various common vulnerability types. 
-Currently, this collection contains 327 `source` rules, 920 `sink` rules, and 138 `transfer` rules, enabling users to adapt and extend them to detect 13 types of vulnerabilities.
+_Taint Configuration for Common Vulnerabilities_ is a collection of `source`, `sink`, and `transfer` rules tailored for various common vulnerability types.
+Currently, this collection contains 327 `source` , 920 `sink`, and 138 `transfer` rules, enabling users to adapt and extend them to detect 13 types of vulnerabilities.
 
 
-== Project Structure
+== Organizational structure
 
 We have classified the rules by packages and vulnerability types to help users quickly locate the required ones.
 The structure of this project is as follows:
@@ -13,36 +16,28 @@ The structure of this project is as follows:
 ----
 taint-configuration
 ├── sink
-│   ├── infoleak                       contains 141 sinks
+│   ├── infoleak              # contains 141 sinks
 │   │   └── java-io
-│   │
-│   └── injection                      contains 779 sinks
+│   └── injection             # contains 779 sinks
 │       ├── android
 │       │   └── sql-injection
-│       │
 │       ├── java
 │       │   ├── crlf
 │       │   ├── path-traversal
 │       │   ├── rce
 │       │   └── ...
-│       │
 │       └── ...
-│
-├── source                             
-│   ├── infoleak                       contains 158 sources
+├── source
+│   ├── infoleak              # contains 158 sources
 │   │   └── java
-│   │
-│   └── injection                      contains 169 sources
+│   └── injection             # contains 169 sources
 │       ├── apache-struts2
-│       │
 │       ├── javax
 │       │   ├── javax-portlet
 │       │   ├── javax-servlet
 │       │   └── javax-swing
-│       │
 │       └── ...
-│
-└── transfer                           contains 138 transfers about String
+└── transfer                  # contains 138 transfers about String
 ----
 
 Specifically, this project firstly categorizes the configuration files into three main categories: sink, source, and transfer.
@@ -50,7 +45,7 @@ Specifically, this project firstly categorizes the configuration files into thre
 * `sink` category: Contains `sink` configurations files related to information leakage and injection vulnerabilities, further subdivided into two subdirectories:
   ** `infoleak`: Categorized by package name.
   ** `injection`: Categorized by vulnerability type.
-  
+
 * `source` category: Contains `source` configurations related to information leakage and injection vulnerabilities, further subdivided into two subdirectories:
   ** `infoleak`: Categorized by package name.
   ** `injection`: Categorized by package name.
@@ -59,15 +54,13 @@ Specifically, this project firstly categorizes the configuration files into thre
 
 Additionally, each subdirectory contains a corresponding `README` file that provides a brief overview of the relevant vulnerability types.
 
-== How to Use it?
+== How to Use it? (An Example)
 
-Users can directly integrate the configuration files from this collection into the `taint-config.yml` for the `Tai-e` taint analysis tool, 
-or modify and extend them as needed to better meet specific analysis requirements. 
-For information on properly configuring `Tai-e` taint analysis, please refer to the link:https://tai-e.pascal-lab.net/docs/0.2.2/reference/en/taint-analysis.html#configuring-taint-analysis[Configuring Taint Analysis].
 
-== An example
+Users can directly integrate the configuration files from this collection into the <<taint-analysis#taint-analysis,Configuration File for the Tai-e taint analysis>>,
+or modify and extend them as needed to better meet specific analysis requirements.
 
-Here is an example of how to use the configuration files from this collection. 
+Here is an example of how to use the configuration files from this collection.
 If the user needs to detect an `RCE (Remote Code Execution)` injection vulnerability in a Java project using the `Jetty` software library, the following steps can be taken to modify the `taint-config.yml` file:
 
 1. Add the `source` rules related to the *Jetty software library* from the file `taint-configuration/source/injection/jetty/jetty-http/jetty-http.yml` to the `taint-config.yml`.
diff --git a/docs/en/index-single.adoc b/docs/en/index-single.adoc
index f9e804d66..a2fe416f7 100644
--- a/docs/en/index-single.adoc
+++ b/docs/en/index-single.adoc
@@ -18,6 +18,8 @@ include::types-classes.adoc[leveloffset=+1]
 
 include::taint-analysis.adoc[leveloffset=+1]
 
+include::commonly-used-taint-config.adoc[leveloffset=+1]
+
 include::develop-new-analysis.adoc[leveloffset=+1]
 
 include::program-abstraction.adoc[leveloffset=+1]
diff --git a/docs/en/index.adoc b/docs/en/index.adoc
index ec8565712..d4361f9e8 100644
--- a/docs/en/index.adoc
+++ b/docs/en/index.adoc
@@ -11,6 +11,7 @@ The reference documentation consists of the following sections:
 * <<command-line-options#,How to Run Tai-e (command-line options)?>>
 * <<types-classes#,How to Specify and Access Types, Classes, and Class Members (Methods and Fields)?>>
 * <<taint-analysis#,How to Use Taint Analysis?>>
+** <<commonly-used-taint-config#,Commonly Used Taint Configuration>>
 * <<develop-new-analysis#,How to Develop A New Analysis on Tai-e?>>
 * <<program-abstraction#,Program Abstraction in Tai-e (core classes and IR)>>
 * <<analysis-management#,Analysis Management>>

From 1f75ebe8843c96583780016564ed241c18d55e96 Mon Sep 17 00:00:00 2001
From: Teng Zhang <zhangt2333@gmail.com>
Date: Mon, 30 Dec 2024 16:22:39 +0800
Subject: [PATCH 5/9] Reorganize

---
 docs/en/commonly-used-taint-config.adoc       | 90 -------------------
 docs/en/index-single.adoc                     |  2 -
 docs/en/index.adoc                            |  1 -
 docs/en/taint-analysis.adoc                   | 88 ++++++++++++++++++
 .../sink/infoleak/java-io/README.adoc         |  0
 .../sink/infoleak/java-io/java-io.yml         |  0
 .../android/sql-injection/ContentProvider.yml |  0
 .../android/sql-injection/DatabaseUtils.yml   |  0
 .../android/sql-injection/README.adoc         |  0
 .../android/sql-injection/SQLiteDatabase.yml  |  0
 .../sql-injection/SQLiteQueryBuilder.yml      |  0
 .../apache-Xalan/xpath-injection/README.adoc  |  0
 .../apache-Xalan/xpath-injection/xpath.yml    |  0
 .../apache-log4j/log4j_1x/crlf/Category.yml   |  0
 .../apache-log4j/log4j_1x/crlf/Logger.yml     |  0
 .../apache-log4j/log4j_1x/crlf/README.adoc    |  0
 .../apache-log4j/log4j_2/crlf/Logger.yml      |  0
 .../apache-log4j/log4j_2/crlf/README.adoc     |  0
 .../xpath/RAEDME.adoc                         |  0
 .../xpath/xpath.yml                           |  0
 .../apache-struts/file-disclosure/README.adoc |  0
 .../struts-file-disclosure.yml                |  0
 .../apache-struts/ognl-injection/OgnlUtil.yml |  0
 .../apache-struts/ognl-injection/README.adoc  |  0
 .../ognl-injection/TextParseUtil.yml          |  0
 .../ognl-injection/reflection-relative.yml    |  0
 .../injection/apache-struts/other/other.yml   |  0
 .../apache-turbine/sql-injection/README.adoc  |  0
 .../sql-injection/sql-turbine.yml             |  0
 .../attribute-injection/README.adoc           |  0
 .../beanutils2/attribute-injection/beans.yml  |  0
 .../apahce-commons/logging/crlf/README.adoc   |  0
 .../apahce-commons/logging/crlf/crlf-logs.yml |  0
 .../sink/injection/java/crlf/README.adoc      |  0
 .../sink/injection/java/crlf/crlf-logs.yml    |  0
 .../injection/java/path-traversal/README.adoc |  0
 .../java/path-traversal/path-traversal.yml    |  0
 .../sink/injection/java/rce/README.adoc       |  0
 .../sink/injection/java/rce/command.yml       |  0
 .../java/xpath-injection/README.adoc          |  0
 .../injection/java/xpath-injection/xpath.yml  |  0
 .../sink/injection/java/xss/README.adoc       |  0
 .../sink/injection/java/xss/formatter.yml     |  0
 .../sink/injection/java/xss/output.yml        |  0
 .../javax/ldap-injection/README.adoc          |  0
 .../injection/javax/ldap-injection/ldap.yml   |  0
 .../sink/injection/javax/other/el.yml         |  0
 .../javax/other/response-splitting.yml        |  0
 .../injection/javax/other/script-engine.yml   |  0
 .../sink/injection/javax/other/smtp.yml       |  0
 .../javax/other/trust-boundary-violation.yml  |  0
 .../sink/injection/javax/other/xslt.yml       |  0
 .../sink/injection/javax/xss/README.adoc      |  0
 .../sink/injection/javax/xss/output.yml       |  0
 .../javax/xss/request-dispatcher.yml          |  0
 .../sink/injection/slf4j/crlf/README.adoc     |  0
 .../sink/injection/slf4j/crlf/crlf-logs.yml   |  0
 .../spring-framework/beans/README.adoc        |  0
 .../spring-framework/beans/beans.yml          |  0
 .../file-disclosure/README.adoc               |  0
 .../spring-file-disclosure.yml                |  0
 .../ldap-injection/README.adoc                |  0
 .../spring-framework/ldap-injection/ldap.yml  |  0
 .../spel-inejction/README.adoc                |  0
 .../spel-inejction/spring-expression.yml      |  0
 .../sql-injection/README.adoc                 |  0
 .../sql-injection/sql-spring.yml              |  0
 .../sink/injection/tinylog/crlf/README.adoc   |  0
 .../sink/injection/tinylog/crlf/crlf-logs.yml |  0
 .../source/infoleak/java/README.adoc          |  0
 .../source/infoleak/java/java-io.yml          |  0
 .../source/infoleak/java/java-lang-system.yml |  0
 .../source/infoleak/java/java-net.yml         |  0
 .../source/infoleak/java/java-sql.yml         |  0
 .../injection/apache-struts2/README.adoc      |  0
 .../injection/apache-struts2/struts2.yml      |  0
 .../injection/apache-wicket/README.adoc       |  0
 .../source/injection/apache-wicket/wicket.yml |  0
 .../source/injection/dropwizard/README.adoc   |  0
 .../dropwizard-jersey/dropwizard-jersey.yml   |  0
 .../dropwizard-servlet.yml                    |  0
 .../source/injection/java/README.adoc         |  0
 .../source/injection/java/java-awt.yml        |  0
 .../source/injection/java/java-io.yml         |  0
 .../source/injection/java/java-net.yml        |  0
 .../injection/java/java-util-Scanner.yml      |  0
 .../source/injection/javax/README.adoc        |  0
 .../javax/javax-portlet/PortletRequest.yml    |  0
 .../javax/javax-portlet/portlet-other.yml     |  0
 .../injection/javax/javax-servlet/Cookie.yml  |  0
 .../HttpServletRequestWrapper.yml             |  0
 .../javax-servlet/ServletRequestWrapper.yml   |  0
 .../injection/javax/javax-swing/swing.yml     |  0
 .../source/injection/jetty/README.adoc        |  0
 .../injection/jetty/jetty-http/jetty-http.yml |  0
 .../jetty/jetty-server/jetty-server.yml       |  0
 .../jetty/jetty-session/jetty-session.yml     |  0
 .../source/injection/sonarqube/README.adoc    |  0
 .../sonarqube/sonarqube-ws/sonarqube-ws.yml   |  0
 .../transfer/string-transfers.yml             |  0
 100 files changed, 88 insertions(+), 93 deletions(-)
 delete mode 100644 docs/en/commonly-used-taint-config.adoc
 rename src/main/resources/{taint-configuration => commonly-used-taint-config}/sink/infoleak/java-io/README.adoc (100%)
 rename src/main/resources/{taint-configuration => commonly-used-taint-config}/sink/infoleak/java-io/java-io.yml (100%)
 rename src/main/resources/{taint-configuration => commonly-used-taint-config}/sink/injection/android/sql-injection/ContentProvider.yml (100%)
 rename src/main/resources/{taint-configuration => commonly-used-taint-config}/sink/injection/android/sql-injection/DatabaseUtils.yml (100%)
 rename src/main/resources/{taint-configuration => commonly-used-taint-config}/sink/injection/android/sql-injection/README.adoc (100%)
 rename src/main/resources/{taint-configuration => commonly-used-taint-config}/sink/injection/android/sql-injection/SQLiteDatabase.yml (100%)
 rename src/main/resources/{taint-configuration => commonly-used-taint-config}/sink/injection/android/sql-injection/SQLiteQueryBuilder.yml (100%)
 rename src/main/resources/{taint-configuration => commonly-used-taint-config}/sink/injection/apache-Xalan/xpath-injection/README.adoc (100%)
 rename src/main/resources/{taint-configuration => commonly-used-taint-config}/sink/injection/apache-Xalan/xpath-injection/xpath.yml (100%)
 rename src/main/resources/{taint-configuration => commonly-used-taint-config}/sink/injection/apache-log4j/log4j_1x/crlf/Category.yml (100%)
 rename src/main/resources/{taint-configuration => commonly-used-taint-config}/sink/injection/apache-log4j/log4j_1x/crlf/Logger.yml (100%)
 rename src/main/resources/{taint-configuration => commonly-used-taint-config}/sink/injection/apache-log4j/log4j_1x/crlf/README.adoc (100%)
 rename src/main/resources/{taint-configuration => commonly-used-taint-config}/sink/injection/apache-log4j/log4j_2/crlf/Logger.yml (100%)
 rename src/main/resources/{taint-configuration => commonly-used-taint-config}/sink/injection/apache-log4j/log4j_2/crlf/README.adoc (100%)
 rename src/main/resources/{taint-configuration => commonly-used-taint-config}/sink/injection/apache-santuario-xml-security/xpath/RAEDME.adoc (100%)
 rename src/main/resources/{taint-configuration => commonly-used-taint-config}/sink/injection/apache-santuario-xml-security/xpath/xpath.yml (100%)
 rename src/main/resources/{taint-configuration => commonly-used-taint-config}/sink/injection/apache-struts/file-disclosure/README.adoc (100%)
 rename src/main/resources/{taint-configuration => commonly-used-taint-config}/sink/injection/apache-struts/file-disclosure/struts-file-disclosure.yml (100%)
 rename src/main/resources/{taint-configuration => commonly-used-taint-config}/sink/injection/apache-struts/ognl-injection/OgnlUtil.yml (100%)
 rename src/main/resources/{taint-configuration => commonly-used-taint-config}/sink/injection/apache-struts/ognl-injection/README.adoc (100%)
 rename src/main/resources/{taint-configuration => commonly-used-taint-config}/sink/injection/apache-struts/ognl-injection/TextParseUtil.yml (100%)
 rename src/main/resources/{taint-configuration => commonly-used-taint-config}/sink/injection/apache-struts/ognl-injection/reflection-relative.yml (100%)
 rename src/main/resources/{taint-configuration => commonly-used-taint-config}/sink/injection/apache-struts/other/other.yml (100%)
 rename src/main/resources/{taint-configuration => commonly-used-taint-config}/sink/injection/apache-turbine/sql-injection/README.adoc (100%)
 rename src/main/resources/{taint-configuration => commonly-used-taint-config}/sink/injection/apache-turbine/sql-injection/sql-turbine.yml (100%)
 rename src/main/resources/{taint-configuration => commonly-used-taint-config}/sink/injection/apahce-commons/beanutils2/attribute-injection/README.adoc (100%)
 rename src/main/resources/{taint-configuration => commonly-used-taint-config}/sink/injection/apahce-commons/beanutils2/attribute-injection/beans.yml (100%)
 rename src/main/resources/{taint-configuration => commonly-used-taint-config}/sink/injection/apahce-commons/logging/crlf/README.adoc (100%)
 rename src/main/resources/{taint-configuration => commonly-used-taint-config}/sink/injection/apahce-commons/logging/crlf/crlf-logs.yml (100%)
 rename src/main/resources/{taint-configuration => commonly-used-taint-config}/sink/injection/java/crlf/README.adoc (100%)
 rename src/main/resources/{taint-configuration => commonly-used-taint-config}/sink/injection/java/crlf/crlf-logs.yml (100%)
 rename src/main/resources/{taint-configuration => commonly-used-taint-config}/sink/injection/java/path-traversal/README.adoc (100%)
 rename src/main/resources/{taint-configuration => commonly-used-taint-config}/sink/injection/java/path-traversal/path-traversal.yml (100%)
 rename src/main/resources/{taint-configuration => commonly-used-taint-config}/sink/injection/java/rce/README.adoc (100%)
 rename src/main/resources/{taint-configuration => commonly-used-taint-config}/sink/injection/java/rce/command.yml (100%)
 rename src/main/resources/{taint-configuration => commonly-used-taint-config}/sink/injection/java/xpath-injection/README.adoc (100%)
 rename src/main/resources/{taint-configuration => commonly-used-taint-config}/sink/injection/java/xpath-injection/xpath.yml (100%)
 rename src/main/resources/{taint-configuration => commonly-used-taint-config}/sink/injection/java/xss/README.adoc (100%)
 rename src/main/resources/{taint-configuration => commonly-used-taint-config}/sink/injection/java/xss/formatter.yml (100%)
 rename src/main/resources/{taint-configuration => commonly-used-taint-config}/sink/injection/java/xss/output.yml (100%)
 rename src/main/resources/{taint-configuration => commonly-used-taint-config}/sink/injection/javax/ldap-injection/README.adoc (100%)
 rename src/main/resources/{taint-configuration => commonly-used-taint-config}/sink/injection/javax/ldap-injection/ldap.yml (100%)
 rename src/main/resources/{taint-configuration => commonly-used-taint-config}/sink/injection/javax/other/el.yml (100%)
 rename src/main/resources/{taint-configuration => commonly-used-taint-config}/sink/injection/javax/other/response-splitting.yml (100%)
 rename src/main/resources/{taint-configuration => commonly-used-taint-config}/sink/injection/javax/other/script-engine.yml (100%)
 rename src/main/resources/{taint-configuration => commonly-used-taint-config}/sink/injection/javax/other/smtp.yml (100%)
 rename src/main/resources/{taint-configuration => commonly-used-taint-config}/sink/injection/javax/other/trust-boundary-violation.yml (100%)
 rename src/main/resources/{taint-configuration => commonly-used-taint-config}/sink/injection/javax/other/xslt.yml (100%)
 rename src/main/resources/{taint-configuration => commonly-used-taint-config}/sink/injection/javax/xss/README.adoc (100%)
 rename src/main/resources/{taint-configuration => commonly-used-taint-config}/sink/injection/javax/xss/output.yml (100%)
 rename src/main/resources/{taint-configuration => commonly-used-taint-config}/sink/injection/javax/xss/request-dispatcher.yml (100%)
 rename src/main/resources/{taint-configuration => commonly-used-taint-config}/sink/injection/slf4j/crlf/README.adoc (100%)
 rename src/main/resources/{taint-configuration => commonly-used-taint-config}/sink/injection/slf4j/crlf/crlf-logs.yml (100%)
 rename src/main/resources/{taint-configuration => commonly-used-taint-config}/sink/injection/spring-framework/beans/README.adoc (100%)
 rename src/main/resources/{taint-configuration => commonly-used-taint-config}/sink/injection/spring-framework/beans/beans.yml (100%)
 rename src/main/resources/{taint-configuration => commonly-used-taint-config}/sink/injection/spring-framework/file-disclosure/README.adoc (100%)
 rename src/main/resources/{taint-configuration => commonly-used-taint-config}/sink/injection/spring-framework/file-disclosure/spring-file-disclosure.yml (100%)
 rename src/main/resources/{taint-configuration => commonly-used-taint-config}/sink/injection/spring-framework/ldap-injection/README.adoc (100%)
 rename src/main/resources/{taint-configuration => commonly-used-taint-config}/sink/injection/spring-framework/ldap-injection/ldap.yml (100%)
 rename src/main/resources/{taint-configuration => commonly-used-taint-config}/sink/injection/spring-framework/spel-inejction/README.adoc (100%)
 rename src/main/resources/{taint-configuration => commonly-used-taint-config}/sink/injection/spring-framework/spel-inejction/spring-expression.yml (100%)
 rename src/main/resources/{taint-configuration => commonly-used-taint-config}/sink/injection/spring-framework/sql-injection/README.adoc (100%)
 rename src/main/resources/{taint-configuration => commonly-used-taint-config}/sink/injection/spring-framework/sql-injection/sql-spring.yml (100%)
 rename src/main/resources/{taint-configuration => commonly-used-taint-config}/sink/injection/tinylog/crlf/README.adoc (100%)
 rename src/main/resources/{taint-configuration => commonly-used-taint-config}/sink/injection/tinylog/crlf/crlf-logs.yml (100%)
 rename src/main/resources/{taint-configuration => commonly-used-taint-config}/source/infoleak/java/README.adoc (100%)
 rename src/main/resources/{taint-configuration => commonly-used-taint-config}/source/infoleak/java/java-io.yml (100%)
 rename src/main/resources/{taint-configuration => commonly-used-taint-config}/source/infoleak/java/java-lang-system.yml (100%)
 rename src/main/resources/{taint-configuration => commonly-used-taint-config}/source/infoleak/java/java-net.yml (100%)
 rename src/main/resources/{taint-configuration => commonly-used-taint-config}/source/infoleak/java/java-sql.yml (100%)
 rename src/main/resources/{taint-configuration => commonly-used-taint-config}/source/injection/apache-struts2/README.adoc (100%)
 rename src/main/resources/{taint-configuration => commonly-used-taint-config}/source/injection/apache-struts2/struts2.yml (100%)
 rename src/main/resources/{taint-configuration => commonly-used-taint-config}/source/injection/apache-wicket/README.adoc (100%)
 rename src/main/resources/{taint-configuration => commonly-used-taint-config}/source/injection/apache-wicket/wicket.yml (100%)
 rename src/main/resources/{taint-configuration => commonly-used-taint-config}/source/injection/dropwizard/README.adoc (100%)
 rename src/main/resources/{taint-configuration => commonly-used-taint-config}/source/injection/dropwizard/dropwizard-jersey/dropwizard-jersey.yml (100%)
 rename src/main/resources/{taint-configuration => commonly-used-taint-config}/source/injection/dropwizard/dropwizard-servlets/dropwizard-servlet.yml (100%)
 rename src/main/resources/{taint-configuration => commonly-used-taint-config}/source/injection/java/README.adoc (100%)
 rename src/main/resources/{taint-configuration => commonly-used-taint-config}/source/injection/java/java-awt.yml (100%)
 rename src/main/resources/{taint-configuration => commonly-used-taint-config}/source/injection/java/java-io.yml (100%)
 rename src/main/resources/{taint-configuration => commonly-used-taint-config}/source/injection/java/java-net.yml (100%)
 rename src/main/resources/{taint-configuration => commonly-used-taint-config}/source/injection/java/java-util-Scanner.yml (100%)
 rename src/main/resources/{taint-configuration => commonly-used-taint-config}/source/injection/javax/README.adoc (100%)
 rename src/main/resources/{taint-configuration => commonly-used-taint-config}/source/injection/javax/javax-portlet/PortletRequest.yml (100%)
 rename src/main/resources/{taint-configuration => commonly-used-taint-config}/source/injection/javax/javax-portlet/portlet-other.yml (100%)
 rename src/main/resources/{taint-configuration => commonly-used-taint-config}/source/injection/javax/javax-servlet/Cookie.yml (100%)
 rename src/main/resources/{taint-configuration => commonly-used-taint-config}/source/injection/javax/javax-servlet/HttpServletRequestWrapper.yml (100%)
 rename src/main/resources/{taint-configuration => commonly-used-taint-config}/source/injection/javax/javax-servlet/ServletRequestWrapper.yml (100%)
 rename src/main/resources/{taint-configuration => commonly-used-taint-config}/source/injection/javax/javax-swing/swing.yml (100%)
 rename src/main/resources/{taint-configuration => commonly-used-taint-config}/source/injection/jetty/README.adoc (100%)
 rename src/main/resources/{taint-configuration => commonly-used-taint-config}/source/injection/jetty/jetty-http/jetty-http.yml (100%)
 rename src/main/resources/{taint-configuration => commonly-used-taint-config}/source/injection/jetty/jetty-server/jetty-server.yml (100%)
 rename src/main/resources/{taint-configuration => commonly-used-taint-config}/source/injection/jetty/jetty-session/jetty-session.yml (100%)
 rename src/main/resources/{taint-configuration => commonly-used-taint-config}/source/injection/sonarqube/README.adoc (100%)
 rename src/main/resources/{taint-configuration => commonly-used-taint-config}/source/injection/sonarqube/sonarqube-ws/sonarqube-ws.yml (100%)
 rename src/main/resources/{taint-configuration => commonly-used-taint-config}/transfer/string-transfers.yml (100%)

diff --git a/docs/en/commonly-used-taint-config.adoc b/docs/en/commonly-used-taint-config.adoc
deleted file mode 100644
index 87ba8358a..000000000
--- a/docs/en/commonly-used-taint-config.adoc
+++ /dev/null
@@ -1,90 +0,0 @@
-[[commonly-used-taint-config.adoc]]
-include::attributes.adoc[]
-
-= Taint Configuration for Common Vulnerabilities
-
-_Taint Configuration for Common Vulnerabilities_ is a collection of `source`, `sink`, and `transfer` rules tailored for various common vulnerability types.
-Currently, this collection contains 327 `source` , 920 `sink`, and 138 `transfer` rules, enabling users to adapt and extend them to detect 13 types of vulnerabilities.
-
-
-== Organizational structure
-
-We have classified the rules by packages and vulnerability types to help users quickly locate the required ones.
-The structure of this project is as follows:
-
-[source]
-----
-taint-configuration
-├── sink
-│   ├── infoleak              # contains 141 sinks
-│   │   └── java-io
-│   └── injection             # contains 779 sinks
-│       ├── android
-│       │   └── sql-injection
-│       ├── java
-│       │   ├── crlf
-│       │   ├── path-traversal
-│       │   ├── rce
-│       │   └── ...
-│       └── ...
-├── source
-│   ├── infoleak              # contains 158 sources
-│   │   └── java
-│   └── injection             # contains 169 sources
-│       ├── apache-struts2
-│       ├── javax
-│       │   ├── javax-portlet
-│       │   ├── javax-servlet
-│       │   └── javax-swing
-│       └── ...
-└── transfer                  # contains 138 transfers about String
-----
-
-Specifically, this project firstly categorizes the configuration files into three main categories: sink, source, and transfer.
-
-* `sink` category: Contains `sink` configurations files related to information leakage and injection vulnerabilities, further subdivided into two subdirectories:
-  ** `infoleak`: Categorized by package name.
-  ** `injection`: Categorized by vulnerability type.
-
-* `source` category: Contains `source` configurations related to information leakage and injection vulnerabilities, further subdivided into two subdirectories:
-  ** `infoleak`: Categorized by package name.
-  ** `injection`: Categorized by package name.
-
-* `transfer` category: Contains commonly used `transfer` configurations.
-
-Additionally, each subdirectory contains a corresponding `README` file that provides a brief overview of the relevant vulnerability types.
-
-== How to Use it? (An Example)
-
-
-Users can directly integrate the configuration files from this collection into the <<taint-analysis#taint-analysis,Configuration File for the Tai-e taint analysis>>,
-or modify and extend them as needed to better meet specific analysis requirements.
-
-Here is an example of how to use the configuration files from this collection.
-If the user needs to detect an `RCE (Remote Code Execution)` injection vulnerability in a Java project using the `Jetty` software library, the following steps can be taken to modify the `taint-config.yml` file:
-
-1. Add the `source` rules related to the *Jetty software library* from the file `taint-configuration/source/injection/jetty/jetty-http/jetty-http.yml` to the `taint-config.yml`.
-2. Add the `sink` rules related to the *RCE type injection vulnerability* from the file `taint-configuration/sink/injection/java/rce/command.yml` to the `taint-config.yml`.
-3. Add the `transfer` rules related to *String type* from the file `taint-configuration/transfer/string-transfers.yml` to the `taint-config.yml`.
-
-Example `taint-config.yml` configuration:
-
-```YAML
-source:
-  - { kind: call, method: "<org.eclipse.jetty.http.HttpCookie: java.lang.String getName()>", index: result, type: "java.lang.String" }
-  - { kind: call, method: "<org.eclipse.jetty.http.HttpCookie: java.lang.String getValue()>", index: result, type: "java.lang.String" }
-  - { kind: call, method: "<org.eclipse.jetty.http.HttpCookie: java.lang.String asString()>", index: result, type: "java.lang.String" }
-#...
-
-sinks:
-  - { method: "<java.lang.Runtime: java.lang.Process exec(java.lang.String)>", index: 0 }
-  - { method: "<java.lang.Runtime: java.lang.Process exec(java.lang.String[])>", index: 0 }
-  - { method: "<java.lang.Runtime: java.lang.Process exec(java.lang.String, java.lang.String[])>", index: 0 }
-#...
-
-transfer:
-  - { method: "<java.lang.String: java.lang.String substring(int)>", from: base, to: result }
-  - { method: "<java.lang.String: java.lang.String substring(int,int)>", from: base, to: result }
-#...
-```
-
diff --git a/docs/en/index-single.adoc b/docs/en/index-single.adoc
index a2fe416f7..f9e804d66 100644
--- a/docs/en/index-single.adoc
+++ b/docs/en/index-single.adoc
@@ -18,8 +18,6 @@ include::types-classes.adoc[leveloffset=+1]
 
 include::taint-analysis.adoc[leveloffset=+1]
 
-include::commonly-used-taint-config.adoc[leveloffset=+1]
-
 include::develop-new-analysis.adoc[leveloffset=+1]
 
 include::program-abstraction.adoc[leveloffset=+1]
diff --git a/docs/en/index.adoc b/docs/en/index.adoc
index d4361f9e8..ec8565712 100644
--- a/docs/en/index.adoc
+++ b/docs/en/index.adoc
@@ -11,7 +11,6 @@ The reference documentation consists of the following sections:
 * <<command-line-options#,How to Run Tai-e (command-line options)?>>
 * <<types-classes#,How to Specify and Access Types, Classes, and Class Members (Methods and Fields)?>>
 * <<taint-analysis#,How to Use Taint Analysis?>>
-** <<commonly-used-taint-config#,Commonly Used Taint Configuration>>
 * <<develop-new-analysis#,How to Develop A New Analysis on Tai-e?>>
 * <<program-abstraction#,Program Abstraction in Tai-e (core classes and IR)>>
 * <<analysis-management#,Analysis Management>>
diff --git a/docs/en/taint-analysis.adoc b/docs/en/taint-analysis.adoc
index 26e290483..58ace8478 100644
--- a/docs/en/taint-analysis.adoc
+++ b/docs/en/taint-analysis.adoc
@@ -15,6 +15,7 @@ Taint analysis can be enabled in one of two ways, or both approaches together:
 
 * using the programmatic configuration provider.
 
+[[yaml-configuration-file]]
 === YAML Configuration File
 
 In Tai-e, taint analysis is designed and implemented as a plugin of pointer analysis framework.
@@ -513,3 +514,90 @@ then you can open the TFG with your web browser and examine it.
 NOTE: We plan to develop more user-friendly mechanisms for examining taint analysis results in the future.
 
 // TODO: == Troubleshooting
+
+== Pre-prepared Commonly Used Taint Configuration
+
+_Commonly Used Taint Configuration_ is a collection of _source_, _sink_, and _transfer_ rules tailored for various common vulnerability types.
+Currently, this collection contains 327 source, 920 sink, and 138 transfer rules, enabling users to adapt and extend them to detect 13 types of vulnerabilities.
+
+
+=== Organizational structure
+
+We have classified the rules by packages and vulnerability types to help users quickly locate the required ones.
+The structure of this project is as follows:
+
+[source]
+----
+Tai-e/src/main/resources/commonly-used-taint-config
+├── sink
+│   ├── infoleak              # contains 141 sinks
+│   │   └── java-io
+│   └── injection             # contains 779 sinks
+│       ├── android
+│       │   └── sql-injection
+│       ├── java
+│       │   ├── crlf
+│       │   ├── path-traversal
+│       │   ├── rce
+│       │   └── ...
+│       └── ...
+├── source
+│   ├── infoleak              # contains 158 sources
+│   │   └── java
+│   └── injection             # contains 169 sources
+│       ├── apache-struts2
+│       ├── javax
+│       │   ├── javax-portlet
+│       │   ├── javax-servlet
+│       │   └── javax-swing
+│       └── ...
+└── transfer                  # contains 138 transfers about String
+----
+
+Specifically, this project firstly categorizes the configuration files into three main categories: sink, source, and transfer.
+
+* `sink` category: Contains sinks configurations files related to information leakage and injection vulnerabilities, further subdivided into two subdirectories:
+** `infoleak`: Categorized by package name.
+** `injection`: Categorized by vulnerability type.
+
+* `source` category: Contains sources configurations related to information leakage and injection vulnerabilities, further subdivided into two subdirectories:
+** `infoleak`: Categorized by package name.
+** `injection`: Categorized by package name.
+
+* `transfer` category: Contains transfers.
+
+Additionally, each subdirectory contains a corresponding `README` file that provides a brief overview of the relevant vulnerability types.
+
+=== How to Use it? (An Example)
+
+Users can directly integrate the configuration files from this collection into the <<yaml-configuration-file,Configuration File for the Tai-e taint analysis>>,
+or modify and extend them as needed to better meet specific analysis requirements.
+
+Here is an example of how to use the configuration files from this collection.
+If the user needs to detect an RCE (Remote Code Execution) injection vulnerability in a Java project using the *Jetty software library*, the following steps can be taken to modify the taint configuration file:
+
+1. Add the source rules related to the *Jetty software library* from the file `source/injection/jetty/jetty-http/jetty-http.yml`.
+2. Add the sink rules related to the *RCE type injection vulnerability* from the file `sink/injection/java/rce/command.yml`.
+3. Add the transfer rules related to *String type* from the file `transfer/string-transfers.yml`.
+
+After these steps, the taint configuration file will be as follows:
+
+```YAML
+source:
+  - { kind: call, method: "<org.eclipse.jetty.http.HttpCookie: java.lang.String getName()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<org.eclipse.jetty.http.HttpCookie: java.lang.String getValue()>", index: result, type: "java.lang.String" }
+  - { kind: call, method: "<org.eclipse.jetty.http.HttpCookie: java.lang.String asString()>", index: result, type: "java.lang.String" }
+#...
+
+sinks:
+  - { method: "<java.lang.Runtime: java.lang.Process exec(java.lang.String)>", index: 0 }
+  - { method: "<java.lang.Runtime: java.lang.Process exec(java.lang.String[])>", index: 0 }
+  - { method: "<java.lang.Runtime: java.lang.Process exec(java.lang.String, java.lang.String[])>", index: 0 }
+#...
+
+transfer:
+  - { method: "<java.lang.String: java.lang.String substring(int)>", from: base, to: result }
+  - { method: "<java.lang.String: java.lang.String substring(int,int)>", from: base, to: result }
+#...
+```
+
diff --git a/src/main/resources/taint-configuration/sink/infoleak/java-io/README.adoc b/src/main/resources/commonly-used-taint-config/sink/infoleak/java-io/README.adoc
similarity index 100%
rename from src/main/resources/taint-configuration/sink/infoleak/java-io/README.adoc
rename to src/main/resources/commonly-used-taint-config/sink/infoleak/java-io/README.adoc
diff --git a/src/main/resources/taint-configuration/sink/infoleak/java-io/java-io.yml b/src/main/resources/commonly-used-taint-config/sink/infoleak/java-io/java-io.yml
similarity index 100%
rename from src/main/resources/taint-configuration/sink/infoleak/java-io/java-io.yml
rename to src/main/resources/commonly-used-taint-config/sink/infoleak/java-io/java-io.yml
diff --git a/src/main/resources/taint-configuration/sink/injection/android/sql-injection/ContentProvider.yml b/src/main/resources/commonly-used-taint-config/sink/injection/android/sql-injection/ContentProvider.yml
similarity index 100%
rename from src/main/resources/taint-configuration/sink/injection/android/sql-injection/ContentProvider.yml
rename to src/main/resources/commonly-used-taint-config/sink/injection/android/sql-injection/ContentProvider.yml
diff --git a/src/main/resources/taint-configuration/sink/injection/android/sql-injection/DatabaseUtils.yml b/src/main/resources/commonly-used-taint-config/sink/injection/android/sql-injection/DatabaseUtils.yml
similarity index 100%
rename from src/main/resources/taint-configuration/sink/injection/android/sql-injection/DatabaseUtils.yml
rename to src/main/resources/commonly-used-taint-config/sink/injection/android/sql-injection/DatabaseUtils.yml
diff --git a/src/main/resources/taint-configuration/sink/injection/android/sql-injection/README.adoc b/src/main/resources/commonly-used-taint-config/sink/injection/android/sql-injection/README.adoc
similarity index 100%
rename from src/main/resources/taint-configuration/sink/injection/android/sql-injection/README.adoc
rename to src/main/resources/commonly-used-taint-config/sink/injection/android/sql-injection/README.adoc
diff --git a/src/main/resources/taint-configuration/sink/injection/android/sql-injection/SQLiteDatabase.yml b/src/main/resources/commonly-used-taint-config/sink/injection/android/sql-injection/SQLiteDatabase.yml
similarity index 100%
rename from src/main/resources/taint-configuration/sink/injection/android/sql-injection/SQLiteDatabase.yml
rename to src/main/resources/commonly-used-taint-config/sink/injection/android/sql-injection/SQLiteDatabase.yml
diff --git a/src/main/resources/taint-configuration/sink/injection/android/sql-injection/SQLiteQueryBuilder.yml b/src/main/resources/commonly-used-taint-config/sink/injection/android/sql-injection/SQLiteQueryBuilder.yml
similarity index 100%
rename from src/main/resources/taint-configuration/sink/injection/android/sql-injection/SQLiteQueryBuilder.yml
rename to src/main/resources/commonly-used-taint-config/sink/injection/android/sql-injection/SQLiteQueryBuilder.yml
diff --git a/src/main/resources/taint-configuration/sink/injection/apache-Xalan/xpath-injection/README.adoc b/src/main/resources/commonly-used-taint-config/sink/injection/apache-Xalan/xpath-injection/README.adoc
similarity index 100%
rename from src/main/resources/taint-configuration/sink/injection/apache-Xalan/xpath-injection/README.adoc
rename to src/main/resources/commonly-used-taint-config/sink/injection/apache-Xalan/xpath-injection/README.adoc
diff --git a/src/main/resources/taint-configuration/sink/injection/apache-Xalan/xpath-injection/xpath.yml b/src/main/resources/commonly-used-taint-config/sink/injection/apache-Xalan/xpath-injection/xpath.yml
similarity index 100%
rename from src/main/resources/taint-configuration/sink/injection/apache-Xalan/xpath-injection/xpath.yml
rename to src/main/resources/commonly-used-taint-config/sink/injection/apache-Xalan/xpath-injection/xpath.yml
diff --git a/src/main/resources/taint-configuration/sink/injection/apache-log4j/log4j_1x/crlf/Category.yml b/src/main/resources/commonly-used-taint-config/sink/injection/apache-log4j/log4j_1x/crlf/Category.yml
similarity index 100%
rename from src/main/resources/taint-configuration/sink/injection/apache-log4j/log4j_1x/crlf/Category.yml
rename to src/main/resources/commonly-used-taint-config/sink/injection/apache-log4j/log4j_1x/crlf/Category.yml
diff --git a/src/main/resources/taint-configuration/sink/injection/apache-log4j/log4j_1x/crlf/Logger.yml b/src/main/resources/commonly-used-taint-config/sink/injection/apache-log4j/log4j_1x/crlf/Logger.yml
similarity index 100%
rename from src/main/resources/taint-configuration/sink/injection/apache-log4j/log4j_1x/crlf/Logger.yml
rename to src/main/resources/commonly-used-taint-config/sink/injection/apache-log4j/log4j_1x/crlf/Logger.yml
diff --git a/src/main/resources/taint-configuration/sink/injection/apache-log4j/log4j_1x/crlf/README.adoc b/src/main/resources/commonly-used-taint-config/sink/injection/apache-log4j/log4j_1x/crlf/README.adoc
similarity index 100%
rename from src/main/resources/taint-configuration/sink/injection/apache-log4j/log4j_1x/crlf/README.adoc
rename to src/main/resources/commonly-used-taint-config/sink/injection/apache-log4j/log4j_1x/crlf/README.adoc
diff --git a/src/main/resources/taint-configuration/sink/injection/apache-log4j/log4j_2/crlf/Logger.yml b/src/main/resources/commonly-used-taint-config/sink/injection/apache-log4j/log4j_2/crlf/Logger.yml
similarity index 100%
rename from src/main/resources/taint-configuration/sink/injection/apache-log4j/log4j_2/crlf/Logger.yml
rename to src/main/resources/commonly-used-taint-config/sink/injection/apache-log4j/log4j_2/crlf/Logger.yml
diff --git a/src/main/resources/taint-configuration/sink/injection/apache-log4j/log4j_2/crlf/README.adoc b/src/main/resources/commonly-used-taint-config/sink/injection/apache-log4j/log4j_2/crlf/README.adoc
similarity index 100%
rename from src/main/resources/taint-configuration/sink/injection/apache-log4j/log4j_2/crlf/README.adoc
rename to src/main/resources/commonly-used-taint-config/sink/injection/apache-log4j/log4j_2/crlf/README.adoc
diff --git a/src/main/resources/taint-configuration/sink/injection/apache-santuario-xml-security/xpath/RAEDME.adoc b/src/main/resources/commonly-used-taint-config/sink/injection/apache-santuario-xml-security/xpath/RAEDME.adoc
similarity index 100%
rename from src/main/resources/taint-configuration/sink/injection/apache-santuario-xml-security/xpath/RAEDME.adoc
rename to src/main/resources/commonly-used-taint-config/sink/injection/apache-santuario-xml-security/xpath/RAEDME.adoc
diff --git a/src/main/resources/taint-configuration/sink/injection/apache-santuario-xml-security/xpath/xpath.yml b/src/main/resources/commonly-used-taint-config/sink/injection/apache-santuario-xml-security/xpath/xpath.yml
similarity index 100%
rename from src/main/resources/taint-configuration/sink/injection/apache-santuario-xml-security/xpath/xpath.yml
rename to src/main/resources/commonly-used-taint-config/sink/injection/apache-santuario-xml-security/xpath/xpath.yml
diff --git a/src/main/resources/taint-configuration/sink/injection/apache-struts/file-disclosure/README.adoc b/src/main/resources/commonly-used-taint-config/sink/injection/apache-struts/file-disclosure/README.adoc
similarity index 100%
rename from src/main/resources/taint-configuration/sink/injection/apache-struts/file-disclosure/README.adoc
rename to src/main/resources/commonly-used-taint-config/sink/injection/apache-struts/file-disclosure/README.adoc
diff --git a/src/main/resources/taint-configuration/sink/injection/apache-struts/file-disclosure/struts-file-disclosure.yml b/src/main/resources/commonly-used-taint-config/sink/injection/apache-struts/file-disclosure/struts-file-disclosure.yml
similarity index 100%
rename from src/main/resources/taint-configuration/sink/injection/apache-struts/file-disclosure/struts-file-disclosure.yml
rename to src/main/resources/commonly-used-taint-config/sink/injection/apache-struts/file-disclosure/struts-file-disclosure.yml
diff --git a/src/main/resources/taint-configuration/sink/injection/apache-struts/ognl-injection/OgnlUtil.yml b/src/main/resources/commonly-used-taint-config/sink/injection/apache-struts/ognl-injection/OgnlUtil.yml
similarity index 100%
rename from src/main/resources/taint-configuration/sink/injection/apache-struts/ognl-injection/OgnlUtil.yml
rename to src/main/resources/commonly-used-taint-config/sink/injection/apache-struts/ognl-injection/OgnlUtil.yml
diff --git a/src/main/resources/taint-configuration/sink/injection/apache-struts/ognl-injection/README.adoc b/src/main/resources/commonly-used-taint-config/sink/injection/apache-struts/ognl-injection/README.adoc
similarity index 100%
rename from src/main/resources/taint-configuration/sink/injection/apache-struts/ognl-injection/README.adoc
rename to src/main/resources/commonly-used-taint-config/sink/injection/apache-struts/ognl-injection/README.adoc
diff --git a/src/main/resources/taint-configuration/sink/injection/apache-struts/ognl-injection/TextParseUtil.yml b/src/main/resources/commonly-used-taint-config/sink/injection/apache-struts/ognl-injection/TextParseUtil.yml
similarity index 100%
rename from src/main/resources/taint-configuration/sink/injection/apache-struts/ognl-injection/TextParseUtil.yml
rename to src/main/resources/commonly-used-taint-config/sink/injection/apache-struts/ognl-injection/TextParseUtil.yml
diff --git a/src/main/resources/taint-configuration/sink/injection/apache-struts/ognl-injection/reflection-relative.yml b/src/main/resources/commonly-used-taint-config/sink/injection/apache-struts/ognl-injection/reflection-relative.yml
similarity index 100%
rename from src/main/resources/taint-configuration/sink/injection/apache-struts/ognl-injection/reflection-relative.yml
rename to src/main/resources/commonly-used-taint-config/sink/injection/apache-struts/ognl-injection/reflection-relative.yml
diff --git a/src/main/resources/taint-configuration/sink/injection/apache-struts/other/other.yml b/src/main/resources/commonly-used-taint-config/sink/injection/apache-struts/other/other.yml
similarity index 100%
rename from src/main/resources/taint-configuration/sink/injection/apache-struts/other/other.yml
rename to src/main/resources/commonly-used-taint-config/sink/injection/apache-struts/other/other.yml
diff --git a/src/main/resources/taint-configuration/sink/injection/apache-turbine/sql-injection/README.adoc b/src/main/resources/commonly-used-taint-config/sink/injection/apache-turbine/sql-injection/README.adoc
similarity index 100%
rename from src/main/resources/taint-configuration/sink/injection/apache-turbine/sql-injection/README.adoc
rename to src/main/resources/commonly-used-taint-config/sink/injection/apache-turbine/sql-injection/README.adoc
diff --git a/src/main/resources/taint-configuration/sink/injection/apache-turbine/sql-injection/sql-turbine.yml b/src/main/resources/commonly-used-taint-config/sink/injection/apache-turbine/sql-injection/sql-turbine.yml
similarity index 100%
rename from src/main/resources/taint-configuration/sink/injection/apache-turbine/sql-injection/sql-turbine.yml
rename to src/main/resources/commonly-used-taint-config/sink/injection/apache-turbine/sql-injection/sql-turbine.yml
diff --git a/src/main/resources/taint-configuration/sink/injection/apahce-commons/beanutils2/attribute-injection/README.adoc b/src/main/resources/commonly-used-taint-config/sink/injection/apahce-commons/beanutils2/attribute-injection/README.adoc
similarity index 100%
rename from src/main/resources/taint-configuration/sink/injection/apahce-commons/beanutils2/attribute-injection/README.adoc
rename to src/main/resources/commonly-used-taint-config/sink/injection/apahce-commons/beanutils2/attribute-injection/README.adoc
diff --git a/src/main/resources/taint-configuration/sink/injection/apahce-commons/beanutils2/attribute-injection/beans.yml b/src/main/resources/commonly-used-taint-config/sink/injection/apahce-commons/beanutils2/attribute-injection/beans.yml
similarity index 100%
rename from src/main/resources/taint-configuration/sink/injection/apahce-commons/beanutils2/attribute-injection/beans.yml
rename to src/main/resources/commonly-used-taint-config/sink/injection/apahce-commons/beanutils2/attribute-injection/beans.yml
diff --git a/src/main/resources/taint-configuration/sink/injection/apahce-commons/logging/crlf/README.adoc b/src/main/resources/commonly-used-taint-config/sink/injection/apahce-commons/logging/crlf/README.adoc
similarity index 100%
rename from src/main/resources/taint-configuration/sink/injection/apahce-commons/logging/crlf/README.adoc
rename to src/main/resources/commonly-used-taint-config/sink/injection/apahce-commons/logging/crlf/README.adoc
diff --git a/src/main/resources/taint-configuration/sink/injection/apahce-commons/logging/crlf/crlf-logs.yml b/src/main/resources/commonly-used-taint-config/sink/injection/apahce-commons/logging/crlf/crlf-logs.yml
similarity index 100%
rename from src/main/resources/taint-configuration/sink/injection/apahce-commons/logging/crlf/crlf-logs.yml
rename to src/main/resources/commonly-used-taint-config/sink/injection/apahce-commons/logging/crlf/crlf-logs.yml
diff --git a/src/main/resources/taint-configuration/sink/injection/java/crlf/README.adoc b/src/main/resources/commonly-used-taint-config/sink/injection/java/crlf/README.adoc
similarity index 100%
rename from src/main/resources/taint-configuration/sink/injection/java/crlf/README.adoc
rename to src/main/resources/commonly-used-taint-config/sink/injection/java/crlf/README.adoc
diff --git a/src/main/resources/taint-configuration/sink/injection/java/crlf/crlf-logs.yml b/src/main/resources/commonly-used-taint-config/sink/injection/java/crlf/crlf-logs.yml
similarity index 100%
rename from src/main/resources/taint-configuration/sink/injection/java/crlf/crlf-logs.yml
rename to src/main/resources/commonly-used-taint-config/sink/injection/java/crlf/crlf-logs.yml
diff --git a/src/main/resources/taint-configuration/sink/injection/java/path-traversal/README.adoc b/src/main/resources/commonly-used-taint-config/sink/injection/java/path-traversal/README.adoc
similarity index 100%
rename from src/main/resources/taint-configuration/sink/injection/java/path-traversal/README.adoc
rename to src/main/resources/commonly-used-taint-config/sink/injection/java/path-traversal/README.adoc
diff --git a/src/main/resources/taint-configuration/sink/injection/java/path-traversal/path-traversal.yml b/src/main/resources/commonly-used-taint-config/sink/injection/java/path-traversal/path-traversal.yml
similarity index 100%
rename from src/main/resources/taint-configuration/sink/injection/java/path-traversal/path-traversal.yml
rename to src/main/resources/commonly-used-taint-config/sink/injection/java/path-traversal/path-traversal.yml
diff --git a/src/main/resources/taint-configuration/sink/injection/java/rce/README.adoc b/src/main/resources/commonly-used-taint-config/sink/injection/java/rce/README.adoc
similarity index 100%
rename from src/main/resources/taint-configuration/sink/injection/java/rce/README.adoc
rename to src/main/resources/commonly-used-taint-config/sink/injection/java/rce/README.adoc
diff --git a/src/main/resources/taint-configuration/sink/injection/java/rce/command.yml b/src/main/resources/commonly-used-taint-config/sink/injection/java/rce/command.yml
similarity index 100%
rename from src/main/resources/taint-configuration/sink/injection/java/rce/command.yml
rename to src/main/resources/commonly-used-taint-config/sink/injection/java/rce/command.yml
diff --git a/src/main/resources/taint-configuration/sink/injection/java/xpath-injection/README.adoc b/src/main/resources/commonly-used-taint-config/sink/injection/java/xpath-injection/README.adoc
similarity index 100%
rename from src/main/resources/taint-configuration/sink/injection/java/xpath-injection/README.adoc
rename to src/main/resources/commonly-used-taint-config/sink/injection/java/xpath-injection/README.adoc
diff --git a/src/main/resources/taint-configuration/sink/injection/java/xpath-injection/xpath.yml b/src/main/resources/commonly-used-taint-config/sink/injection/java/xpath-injection/xpath.yml
similarity index 100%
rename from src/main/resources/taint-configuration/sink/injection/java/xpath-injection/xpath.yml
rename to src/main/resources/commonly-used-taint-config/sink/injection/java/xpath-injection/xpath.yml
diff --git a/src/main/resources/taint-configuration/sink/injection/java/xss/README.adoc b/src/main/resources/commonly-used-taint-config/sink/injection/java/xss/README.adoc
similarity index 100%
rename from src/main/resources/taint-configuration/sink/injection/java/xss/README.adoc
rename to src/main/resources/commonly-used-taint-config/sink/injection/java/xss/README.adoc
diff --git a/src/main/resources/taint-configuration/sink/injection/java/xss/formatter.yml b/src/main/resources/commonly-used-taint-config/sink/injection/java/xss/formatter.yml
similarity index 100%
rename from src/main/resources/taint-configuration/sink/injection/java/xss/formatter.yml
rename to src/main/resources/commonly-used-taint-config/sink/injection/java/xss/formatter.yml
diff --git a/src/main/resources/taint-configuration/sink/injection/java/xss/output.yml b/src/main/resources/commonly-used-taint-config/sink/injection/java/xss/output.yml
similarity index 100%
rename from src/main/resources/taint-configuration/sink/injection/java/xss/output.yml
rename to src/main/resources/commonly-used-taint-config/sink/injection/java/xss/output.yml
diff --git a/src/main/resources/taint-configuration/sink/injection/javax/ldap-injection/README.adoc b/src/main/resources/commonly-used-taint-config/sink/injection/javax/ldap-injection/README.adoc
similarity index 100%
rename from src/main/resources/taint-configuration/sink/injection/javax/ldap-injection/README.adoc
rename to src/main/resources/commonly-used-taint-config/sink/injection/javax/ldap-injection/README.adoc
diff --git a/src/main/resources/taint-configuration/sink/injection/javax/ldap-injection/ldap.yml b/src/main/resources/commonly-used-taint-config/sink/injection/javax/ldap-injection/ldap.yml
similarity index 100%
rename from src/main/resources/taint-configuration/sink/injection/javax/ldap-injection/ldap.yml
rename to src/main/resources/commonly-used-taint-config/sink/injection/javax/ldap-injection/ldap.yml
diff --git a/src/main/resources/taint-configuration/sink/injection/javax/other/el.yml b/src/main/resources/commonly-used-taint-config/sink/injection/javax/other/el.yml
similarity index 100%
rename from src/main/resources/taint-configuration/sink/injection/javax/other/el.yml
rename to src/main/resources/commonly-used-taint-config/sink/injection/javax/other/el.yml
diff --git a/src/main/resources/taint-configuration/sink/injection/javax/other/response-splitting.yml b/src/main/resources/commonly-used-taint-config/sink/injection/javax/other/response-splitting.yml
similarity index 100%
rename from src/main/resources/taint-configuration/sink/injection/javax/other/response-splitting.yml
rename to src/main/resources/commonly-used-taint-config/sink/injection/javax/other/response-splitting.yml
diff --git a/src/main/resources/taint-configuration/sink/injection/javax/other/script-engine.yml b/src/main/resources/commonly-used-taint-config/sink/injection/javax/other/script-engine.yml
similarity index 100%
rename from src/main/resources/taint-configuration/sink/injection/javax/other/script-engine.yml
rename to src/main/resources/commonly-used-taint-config/sink/injection/javax/other/script-engine.yml
diff --git a/src/main/resources/taint-configuration/sink/injection/javax/other/smtp.yml b/src/main/resources/commonly-used-taint-config/sink/injection/javax/other/smtp.yml
similarity index 100%
rename from src/main/resources/taint-configuration/sink/injection/javax/other/smtp.yml
rename to src/main/resources/commonly-used-taint-config/sink/injection/javax/other/smtp.yml
diff --git a/src/main/resources/taint-configuration/sink/injection/javax/other/trust-boundary-violation.yml b/src/main/resources/commonly-used-taint-config/sink/injection/javax/other/trust-boundary-violation.yml
similarity index 100%
rename from src/main/resources/taint-configuration/sink/injection/javax/other/trust-boundary-violation.yml
rename to src/main/resources/commonly-used-taint-config/sink/injection/javax/other/trust-boundary-violation.yml
diff --git a/src/main/resources/taint-configuration/sink/injection/javax/other/xslt.yml b/src/main/resources/commonly-used-taint-config/sink/injection/javax/other/xslt.yml
similarity index 100%
rename from src/main/resources/taint-configuration/sink/injection/javax/other/xslt.yml
rename to src/main/resources/commonly-used-taint-config/sink/injection/javax/other/xslt.yml
diff --git a/src/main/resources/taint-configuration/sink/injection/javax/xss/README.adoc b/src/main/resources/commonly-used-taint-config/sink/injection/javax/xss/README.adoc
similarity index 100%
rename from src/main/resources/taint-configuration/sink/injection/javax/xss/README.adoc
rename to src/main/resources/commonly-used-taint-config/sink/injection/javax/xss/README.adoc
diff --git a/src/main/resources/taint-configuration/sink/injection/javax/xss/output.yml b/src/main/resources/commonly-used-taint-config/sink/injection/javax/xss/output.yml
similarity index 100%
rename from src/main/resources/taint-configuration/sink/injection/javax/xss/output.yml
rename to src/main/resources/commonly-used-taint-config/sink/injection/javax/xss/output.yml
diff --git a/src/main/resources/taint-configuration/sink/injection/javax/xss/request-dispatcher.yml b/src/main/resources/commonly-used-taint-config/sink/injection/javax/xss/request-dispatcher.yml
similarity index 100%
rename from src/main/resources/taint-configuration/sink/injection/javax/xss/request-dispatcher.yml
rename to src/main/resources/commonly-used-taint-config/sink/injection/javax/xss/request-dispatcher.yml
diff --git a/src/main/resources/taint-configuration/sink/injection/slf4j/crlf/README.adoc b/src/main/resources/commonly-used-taint-config/sink/injection/slf4j/crlf/README.adoc
similarity index 100%
rename from src/main/resources/taint-configuration/sink/injection/slf4j/crlf/README.adoc
rename to src/main/resources/commonly-used-taint-config/sink/injection/slf4j/crlf/README.adoc
diff --git a/src/main/resources/taint-configuration/sink/injection/slf4j/crlf/crlf-logs.yml b/src/main/resources/commonly-used-taint-config/sink/injection/slf4j/crlf/crlf-logs.yml
similarity index 100%
rename from src/main/resources/taint-configuration/sink/injection/slf4j/crlf/crlf-logs.yml
rename to src/main/resources/commonly-used-taint-config/sink/injection/slf4j/crlf/crlf-logs.yml
diff --git a/src/main/resources/taint-configuration/sink/injection/spring-framework/beans/README.adoc b/src/main/resources/commonly-used-taint-config/sink/injection/spring-framework/beans/README.adoc
similarity index 100%
rename from src/main/resources/taint-configuration/sink/injection/spring-framework/beans/README.adoc
rename to src/main/resources/commonly-used-taint-config/sink/injection/spring-framework/beans/README.adoc
diff --git a/src/main/resources/taint-configuration/sink/injection/spring-framework/beans/beans.yml b/src/main/resources/commonly-used-taint-config/sink/injection/spring-framework/beans/beans.yml
similarity index 100%
rename from src/main/resources/taint-configuration/sink/injection/spring-framework/beans/beans.yml
rename to src/main/resources/commonly-used-taint-config/sink/injection/spring-framework/beans/beans.yml
diff --git a/src/main/resources/taint-configuration/sink/injection/spring-framework/file-disclosure/README.adoc b/src/main/resources/commonly-used-taint-config/sink/injection/spring-framework/file-disclosure/README.adoc
similarity index 100%
rename from src/main/resources/taint-configuration/sink/injection/spring-framework/file-disclosure/README.adoc
rename to src/main/resources/commonly-used-taint-config/sink/injection/spring-framework/file-disclosure/README.adoc
diff --git a/src/main/resources/taint-configuration/sink/injection/spring-framework/file-disclosure/spring-file-disclosure.yml b/src/main/resources/commonly-used-taint-config/sink/injection/spring-framework/file-disclosure/spring-file-disclosure.yml
similarity index 100%
rename from src/main/resources/taint-configuration/sink/injection/spring-framework/file-disclosure/spring-file-disclosure.yml
rename to src/main/resources/commonly-used-taint-config/sink/injection/spring-framework/file-disclosure/spring-file-disclosure.yml
diff --git a/src/main/resources/taint-configuration/sink/injection/spring-framework/ldap-injection/README.adoc b/src/main/resources/commonly-used-taint-config/sink/injection/spring-framework/ldap-injection/README.adoc
similarity index 100%
rename from src/main/resources/taint-configuration/sink/injection/spring-framework/ldap-injection/README.adoc
rename to src/main/resources/commonly-used-taint-config/sink/injection/spring-framework/ldap-injection/README.adoc
diff --git a/src/main/resources/taint-configuration/sink/injection/spring-framework/ldap-injection/ldap.yml b/src/main/resources/commonly-used-taint-config/sink/injection/spring-framework/ldap-injection/ldap.yml
similarity index 100%
rename from src/main/resources/taint-configuration/sink/injection/spring-framework/ldap-injection/ldap.yml
rename to src/main/resources/commonly-used-taint-config/sink/injection/spring-framework/ldap-injection/ldap.yml
diff --git a/src/main/resources/taint-configuration/sink/injection/spring-framework/spel-inejction/README.adoc b/src/main/resources/commonly-used-taint-config/sink/injection/spring-framework/spel-inejction/README.adoc
similarity index 100%
rename from src/main/resources/taint-configuration/sink/injection/spring-framework/spel-inejction/README.adoc
rename to src/main/resources/commonly-used-taint-config/sink/injection/spring-framework/spel-inejction/README.adoc
diff --git a/src/main/resources/taint-configuration/sink/injection/spring-framework/spel-inejction/spring-expression.yml b/src/main/resources/commonly-used-taint-config/sink/injection/spring-framework/spel-inejction/spring-expression.yml
similarity index 100%
rename from src/main/resources/taint-configuration/sink/injection/spring-framework/spel-inejction/spring-expression.yml
rename to src/main/resources/commonly-used-taint-config/sink/injection/spring-framework/spel-inejction/spring-expression.yml
diff --git a/src/main/resources/taint-configuration/sink/injection/spring-framework/sql-injection/README.adoc b/src/main/resources/commonly-used-taint-config/sink/injection/spring-framework/sql-injection/README.adoc
similarity index 100%
rename from src/main/resources/taint-configuration/sink/injection/spring-framework/sql-injection/README.adoc
rename to src/main/resources/commonly-used-taint-config/sink/injection/spring-framework/sql-injection/README.adoc
diff --git a/src/main/resources/taint-configuration/sink/injection/spring-framework/sql-injection/sql-spring.yml b/src/main/resources/commonly-used-taint-config/sink/injection/spring-framework/sql-injection/sql-spring.yml
similarity index 100%
rename from src/main/resources/taint-configuration/sink/injection/spring-framework/sql-injection/sql-spring.yml
rename to src/main/resources/commonly-used-taint-config/sink/injection/spring-framework/sql-injection/sql-spring.yml
diff --git a/src/main/resources/taint-configuration/sink/injection/tinylog/crlf/README.adoc b/src/main/resources/commonly-used-taint-config/sink/injection/tinylog/crlf/README.adoc
similarity index 100%
rename from src/main/resources/taint-configuration/sink/injection/tinylog/crlf/README.adoc
rename to src/main/resources/commonly-used-taint-config/sink/injection/tinylog/crlf/README.adoc
diff --git a/src/main/resources/taint-configuration/sink/injection/tinylog/crlf/crlf-logs.yml b/src/main/resources/commonly-used-taint-config/sink/injection/tinylog/crlf/crlf-logs.yml
similarity index 100%
rename from src/main/resources/taint-configuration/sink/injection/tinylog/crlf/crlf-logs.yml
rename to src/main/resources/commonly-used-taint-config/sink/injection/tinylog/crlf/crlf-logs.yml
diff --git a/src/main/resources/taint-configuration/source/infoleak/java/README.adoc b/src/main/resources/commonly-used-taint-config/source/infoleak/java/README.adoc
similarity index 100%
rename from src/main/resources/taint-configuration/source/infoleak/java/README.adoc
rename to src/main/resources/commonly-used-taint-config/source/infoleak/java/README.adoc
diff --git a/src/main/resources/taint-configuration/source/infoleak/java/java-io.yml b/src/main/resources/commonly-used-taint-config/source/infoleak/java/java-io.yml
similarity index 100%
rename from src/main/resources/taint-configuration/source/infoleak/java/java-io.yml
rename to src/main/resources/commonly-used-taint-config/source/infoleak/java/java-io.yml
diff --git a/src/main/resources/taint-configuration/source/infoleak/java/java-lang-system.yml b/src/main/resources/commonly-used-taint-config/source/infoleak/java/java-lang-system.yml
similarity index 100%
rename from src/main/resources/taint-configuration/source/infoleak/java/java-lang-system.yml
rename to src/main/resources/commonly-used-taint-config/source/infoleak/java/java-lang-system.yml
diff --git a/src/main/resources/taint-configuration/source/infoleak/java/java-net.yml b/src/main/resources/commonly-used-taint-config/source/infoleak/java/java-net.yml
similarity index 100%
rename from src/main/resources/taint-configuration/source/infoleak/java/java-net.yml
rename to src/main/resources/commonly-used-taint-config/source/infoleak/java/java-net.yml
diff --git a/src/main/resources/taint-configuration/source/infoleak/java/java-sql.yml b/src/main/resources/commonly-used-taint-config/source/infoleak/java/java-sql.yml
similarity index 100%
rename from src/main/resources/taint-configuration/source/infoleak/java/java-sql.yml
rename to src/main/resources/commonly-used-taint-config/source/infoleak/java/java-sql.yml
diff --git a/src/main/resources/taint-configuration/source/injection/apache-struts2/README.adoc b/src/main/resources/commonly-used-taint-config/source/injection/apache-struts2/README.adoc
similarity index 100%
rename from src/main/resources/taint-configuration/source/injection/apache-struts2/README.adoc
rename to src/main/resources/commonly-used-taint-config/source/injection/apache-struts2/README.adoc
diff --git a/src/main/resources/taint-configuration/source/injection/apache-struts2/struts2.yml b/src/main/resources/commonly-used-taint-config/source/injection/apache-struts2/struts2.yml
similarity index 100%
rename from src/main/resources/taint-configuration/source/injection/apache-struts2/struts2.yml
rename to src/main/resources/commonly-used-taint-config/source/injection/apache-struts2/struts2.yml
diff --git a/src/main/resources/taint-configuration/source/injection/apache-wicket/README.adoc b/src/main/resources/commonly-used-taint-config/source/injection/apache-wicket/README.adoc
similarity index 100%
rename from src/main/resources/taint-configuration/source/injection/apache-wicket/README.adoc
rename to src/main/resources/commonly-used-taint-config/source/injection/apache-wicket/README.adoc
diff --git a/src/main/resources/taint-configuration/source/injection/apache-wicket/wicket.yml b/src/main/resources/commonly-used-taint-config/source/injection/apache-wicket/wicket.yml
similarity index 100%
rename from src/main/resources/taint-configuration/source/injection/apache-wicket/wicket.yml
rename to src/main/resources/commonly-used-taint-config/source/injection/apache-wicket/wicket.yml
diff --git a/src/main/resources/taint-configuration/source/injection/dropwizard/README.adoc b/src/main/resources/commonly-used-taint-config/source/injection/dropwizard/README.adoc
similarity index 100%
rename from src/main/resources/taint-configuration/source/injection/dropwizard/README.adoc
rename to src/main/resources/commonly-used-taint-config/source/injection/dropwizard/README.adoc
diff --git a/src/main/resources/taint-configuration/source/injection/dropwizard/dropwizard-jersey/dropwizard-jersey.yml b/src/main/resources/commonly-used-taint-config/source/injection/dropwizard/dropwizard-jersey/dropwizard-jersey.yml
similarity index 100%
rename from src/main/resources/taint-configuration/source/injection/dropwizard/dropwizard-jersey/dropwizard-jersey.yml
rename to src/main/resources/commonly-used-taint-config/source/injection/dropwizard/dropwizard-jersey/dropwizard-jersey.yml
diff --git a/src/main/resources/taint-configuration/source/injection/dropwizard/dropwizard-servlets/dropwizard-servlet.yml b/src/main/resources/commonly-used-taint-config/source/injection/dropwizard/dropwizard-servlets/dropwizard-servlet.yml
similarity index 100%
rename from src/main/resources/taint-configuration/source/injection/dropwizard/dropwizard-servlets/dropwizard-servlet.yml
rename to src/main/resources/commonly-used-taint-config/source/injection/dropwizard/dropwizard-servlets/dropwizard-servlet.yml
diff --git a/src/main/resources/taint-configuration/source/injection/java/README.adoc b/src/main/resources/commonly-used-taint-config/source/injection/java/README.adoc
similarity index 100%
rename from src/main/resources/taint-configuration/source/injection/java/README.adoc
rename to src/main/resources/commonly-used-taint-config/source/injection/java/README.adoc
diff --git a/src/main/resources/taint-configuration/source/injection/java/java-awt.yml b/src/main/resources/commonly-used-taint-config/source/injection/java/java-awt.yml
similarity index 100%
rename from src/main/resources/taint-configuration/source/injection/java/java-awt.yml
rename to src/main/resources/commonly-used-taint-config/source/injection/java/java-awt.yml
diff --git a/src/main/resources/taint-configuration/source/injection/java/java-io.yml b/src/main/resources/commonly-used-taint-config/source/injection/java/java-io.yml
similarity index 100%
rename from src/main/resources/taint-configuration/source/injection/java/java-io.yml
rename to src/main/resources/commonly-used-taint-config/source/injection/java/java-io.yml
diff --git a/src/main/resources/taint-configuration/source/injection/java/java-net.yml b/src/main/resources/commonly-used-taint-config/source/injection/java/java-net.yml
similarity index 100%
rename from src/main/resources/taint-configuration/source/injection/java/java-net.yml
rename to src/main/resources/commonly-used-taint-config/source/injection/java/java-net.yml
diff --git a/src/main/resources/taint-configuration/source/injection/java/java-util-Scanner.yml b/src/main/resources/commonly-used-taint-config/source/injection/java/java-util-Scanner.yml
similarity index 100%
rename from src/main/resources/taint-configuration/source/injection/java/java-util-Scanner.yml
rename to src/main/resources/commonly-used-taint-config/source/injection/java/java-util-Scanner.yml
diff --git a/src/main/resources/taint-configuration/source/injection/javax/README.adoc b/src/main/resources/commonly-used-taint-config/source/injection/javax/README.adoc
similarity index 100%
rename from src/main/resources/taint-configuration/source/injection/javax/README.adoc
rename to src/main/resources/commonly-used-taint-config/source/injection/javax/README.adoc
diff --git a/src/main/resources/taint-configuration/source/injection/javax/javax-portlet/PortletRequest.yml b/src/main/resources/commonly-used-taint-config/source/injection/javax/javax-portlet/PortletRequest.yml
similarity index 100%
rename from src/main/resources/taint-configuration/source/injection/javax/javax-portlet/PortletRequest.yml
rename to src/main/resources/commonly-used-taint-config/source/injection/javax/javax-portlet/PortletRequest.yml
diff --git a/src/main/resources/taint-configuration/source/injection/javax/javax-portlet/portlet-other.yml b/src/main/resources/commonly-used-taint-config/source/injection/javax/javax-portlet/portlet-other.yml
similarity index 100%
rename from src/main/resources/taint-configuration/source/injection/javax/javax-portlet/portlet-other.yml
rename to src/main/resources/commonly-used-taint-config/source/injection/javax/javax-portlet/portlet-other.yml
diff --git a/src/main/resources/taint-configuration/source/injection/javax/javax-servlet/Cookie.yml b/src/main/resources/commonly-used-taint-config/source/injection/javax/javax-servlet/Cookie.yml
similarity index 100%
rename from src/main/resources/taint-configuration/source/injection/javax/javax-servlet/Cookie.yml
rename to src/main/resources/commonly-used-taint-config/source/injection/javax/javax-servlet/Cookie.yml
diff --git a/src/main/resources/taint-configuration/source/injection/javax/javax-servlet/HttpServletRequestWrapper.yml b/src/main/resources/commonly-used-taint-config/source/injection/javax/javax-servlet/HttpServletRequestWrapper.yml
similarity index 100%
rename from src/main/resources/taint-configuration/source/injection/javax/javax-servlet/HttpServletRequestWrapper.yml
rename to src/main/resources/commonly-used-taint-config/source/injection/javax/javax-servlet/HttpServletRequestWrapper.yml
diff --git a/src/main/resources/taint-configuration/source/injection/javax/javax-servlet/ServletRequestWrapper.yml b/src/main/resources/commonly-used-taint-config/source/injection/javax/javax-servlet/ServletRequestWrapper.yml
similarity index 100%
rename from src/main/resources/taint-configuration/source/injection/javax/javax-servlet/ServletRequestWrapper.yml
rename to src/main/resources/commonly-used-taint-config/source/injection/javax/javax-servlet/ServletRequestWrapper.yml
diff --git a/src/main/resources/taint-configuration/source/injection/javax/javax-swing/swing.yml b/src/main/resources/commonly-used-taint-config/source/injection/javax/javax-swing/swing.yml
similarity index 100%
rename from src/main/resources/taint-configuration/source/injection/javax/javax-swing/swing.yml
rename to src/main/resources/commonly-used-taint-config/source/injection/javax/javax-swing/swing.yml
diff --git a/src/main/resources/taint-configuration/source/injection/jetty/README.adoc b/src/main/resources/commonly-used-taint-config/source/injection/jetty/README.adoc
similarity index 100%
rename from src/main/resources/taint-configuration/source/injection/jetty/README.adoc
rename to src/main/resources/commonly-used-taint-config/source/injection/jetty/README.adoc
diff --git a/src/main/resources/taint-configuration/source/injection/jetty/jetty-http/jetty-http.yml b/src/main/resources/commonly-used-taint-config/source/injection/jetty/jetty-http/jetty-http.yml
similarity index 100%
rename from src/main/resources/taint-configuration/source/injection/jetty/jetty-http/jetty-http.yml
rename to src/main/resources/commonly-used-taint-config/source/injection/jetty/jetty-http/jetty-http.yml
diff --git a/src/main/resources/taint-configuration/source/injection/jetty/jetty-server/jetty-server.yml b/src/main/resources/commonly-used-taint-config/source/injection/jetty/jetty-server/jetty-server.yml
similarity index 100%
rename from src/main/resources/taint-configuration/source/injection/jetty/jetty-server/jetty-server.yml
rename to src/main/resources/commonly-used-taint-config/source/injection/jetty/jetty-server/jetty-server.yml
diff --git a/src/main/resources/taint-configuration/source/injection/jetty/jetty-session/jetty-session.yml b/src/main/resources/commonly-used-taint-config/source/injection/jetty/jetty-session/jetty-session.yml
similarity index 100%
rename from src/main/resources/taint-configuration/source/injection/jetty/jetty-session/jetty-session.yml
rename to src/main/resources/commonly-used-taint-config/source/injection/jetty/jetty-session/jetty-session.yml
diff --git a/src/main/resources/taint-configuration/source/injection/sonarqube/README.adoc b/src/main/resources/commonly-used-taint-config/source/injection/sonarqube/README.adoc
similarity index 100%
rename from src/main/resources/taint-configuration/source/injection/sonarqube/README.adoc
rename to src/main/resources/commonly-used-taint-config/source/injection/sonarqube/README.adoc
diff --git a/src/main/resources/taint-configuration/source/injection/sonarqube/sonarqube-ws/sonarqube-ws.yml b/src/main/resources/commonly-used-taint-config/source/injection/sonarqube/sonarqube-ws/sonarqube-ws.yml
similarity index 100%
rename from src/main/resources/taint-configuration/source/injection/sonarqube/sonarqube-ws/sonarqube-ws.yml
rename to src/main/resources/commonly-used-taint-config/source/injection/sonarqube/sonarqube-ws/sonarqube-ws.yml
diff --git a/src/main/resources/taint-configuration/transfer/string-transfers.yml b/src/main/resources/commonly-used-taint-config/transfer/string-transfers.yml
similarity index 100%
rename from src/main/resources/taint-configuration/transfer/string-transfers.yml
rename to src/main/resources/commonly-used-taint-config/transfer/string-transfers.yml

From 1629b6fb044aeb71b9bc6b5c3a653ceae724eeca Mon Sep 17 00:00:00 2001
From: Xiao Yinning <211220110@smail.nju.edu.cn>
Date: Tue, 31 Dec 2024 03:34:08 +0000
Subject: [PATCH 6/9] Update commonly used taint-configuration

Co-authored-by: auroraberry <2507097782@qq.com>
Co-authored-by: Isla-top <211220177@smail.nju.edu.cn>
---
 docs/en/taint-analysis.adoc | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/docs/en/taint-analysis.adoc b/docs/en/taint-analysis.adoc
index 58ace8478..3ba401a86 100644
--- a/docs/en/taint-analysis.adoc
+++ b/docs/en/taint-analysis.adoc
@@ -517,13 +517,17 @@ NOTE: We plan to develop more user-friendly mechanisms for examining taint analy
 
 == Pre-prepared Commonly Used Taint Configuration
 
-_Commonly Used Taint Configuration_ is a collection of _source_, _sink_, and _transfer_ rules tailored for various common vulnerability types.
-Currently, this collection contains 327 source, 920 sink, and 138 transfer rules, enabling users to adapt and extend them to detect 13 types of vulnerabilities.
+Manually collecting and writing taint analysis configurations for different vulnerability types can be time-consuming and challenging, especially for developers and security researchers with limited experience.
+To help users streamline this process and improve the efficiency and accuracy of vulnerability detection, we have curated _Commonly Used Taint Configuration_. 
+
+Commonly Used Taint Configuration is a comprehensive collection of source, sink, and transfer rules tailored for various common vulnerability types.
+Currently, this collection contains 327 source rules, 920 sink rules, and 138 transfer rules, enabling users to adapt and extend them to detect 13 types of vulnerabilities.
+
+To further enhance the user experience, we have also carefully organized the project structure by packages and vulnerability types to ensure clarity and ease of understanding of the rules, allowing users to quickly locate and apply the relevant rules.
 
 
 === Organizational structure
 
-We have classified the rules by packages and vulnerability types to help users quickly locate the required ones.
 The structure of this project is as follows:
 
 [source]

From 8c75f0f224a134abf380d06d13ac4f44f71f0b4a Mon Sep 17 00:00:00 2001
From: Xiao Yinning <211220110@smail.nju.edu.cn>
Date: Tue, 31 Dec 2024 05:30:30 +0000
Subject: [PATCH 7/9] Update commonly used taint-configuration

Co-authored-by: auroraberry <2507097782@qq.com>
Co-authored-by: Isla-top <211220177@smail.nju.edu.cn>
---
 docs/en/taint-analysis.adoc | 7 ++++---
 1 file changed, 4 insertions(+), 3 deletions(-)

diff --git a/docs/en/taint-analysis.adoc b/docs/en/taint-analysis.adoc
index 3ba401a86..9796c7f3d 100644
--- a/docs/en/taint-analysis.adoc
+++ b/docs/en/taint-analysis.adoc
@@ -518,10 +518,11 @@ NOTE: We plan to develop more user-friendly mechanisms for examining taint analy
 == Pre-prepared Commonly Used Taint Configuration
 
 Manually collecting and writing taint analysis configurations for different vulnerability types can be time-consuming and challenging, especially for developers and security researchers with limited experience.
-To help users streamline this process and improve the efficiency and accuracy of vulnerability detection, we have curated _Commonly Used Taint Configuration_. 
+To help users streamline this process and improve the efficiency and accuracy of vulnerability detection, we have curated `Taint Configuration for Common Vulnerabilities`. 
+When creating or modifying your own taint analysis configuration, you can refer to this configuration for guidance in your process.
 
-Commonly Used Taint Configuration is a comprehensive collection of source, sink, and transfer rules tailored for various common vulnerability types.
-Currently, this collection contains 327 source rules, 920 sink rules, and 138 transfer rules, enabling users to adapt and extend them to detect 13 types of vulnerabilities.
+Taint Configuration for Common Vulnerabilities is a comprehensive collection of source, sink, and transfer rules tailored for various common vulnerability types.
+ Currently, this collection contains 327 source rules, 920 sink rules, and 138 transfer rules, enabling users to adapt and extend them to detect 13 types of vulnerabilities.
 
 To further enhance the user experience, we have also carefully organized the project structure by packages and vulnerability types to ensure clarity and ease of understanding of the rules, allowing users to quickly locate and apply the relevant rules.
 

From 58de2223aa71f30bbca0d37caaf9f574a9042b5a Mon Sep 17 00:00:00 2001
From: Xiao Yinning <211220110@smail.nju.edu.cn>
Date: Tue, 31 Dec 2024 05:42:45 +0000
Subject: [PATCH 8/9] Update commonly used taint-configuration

Co-authored-by: auroraberry <2507097782@qq.com>
Co-authored-by: Isla-top <211220177@smail.nju.edu.cn>
---
 docs/en/taint-analysis.adoc | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/docs/en/taint-analysis.adoc b/docs/en/taint-analysis.adoc
index 9796c7f3d..13b247e07 100644
--- a/docs/en/taint-analysis.adoc
+++ b/docs/en/taint-analysis.adoc
@@ -518,10 +518,10 @@ NOTE: We plan to develop more user-friendly mechanisms for examining taint analy
 == Pre-prepared Commonly Used Taint Configuration
 
 Manually collecting and writing taint analysis configurations for different vulnerability types can be time-consuming and challenging, especially for developers and security researchers with limited experience.
-To help users streamline this process and improve the efficiency and accuracy of vulnerability detection, we have curated `Taint Configuration for Common Vulnerabilities`. 
+To help users streamline this process and improve the efficiency and accuracy of vulnerability detection, we have curated `Commonly Used Taint Configuration`. 
 When creating or modifying your own taint analysis configuration, you can refer to this configuration for guidance in your process.
 
-Taint Configuration for Common Vulnerabilities is a comprehensive collection of source, sink, and transfer rules tailored for various common vulnerability types.
+Commonly Used Taint Configuration is a comprehensive collection of source, sink, and transfer rules tailored for various common vulnerability types.
  Currently, this collection contains 327 source rules, 920 sink rules, and 138 transfer rules, enabling users to adapt and extend them to detect 13 types of vulnerabilities.
 
 To further enhance the user experience, we have also carefully organized the project structure by packages and vulnerability types to ensure clarity and ease of understanding of the rules, allowing users to quickly locate and apply the relevant rules.

From b9ea4fea656ae4c30666352b085b17c10c60506b Mon Sep 17 00:00:00 2001
From: Xiao Yinning <211220110@smail.nju.edu.cn>
Date: Tue, 31 Dec 2024 05:43:42 +0000
Subject: [PATCH 9/9] Update commonly used taint-configuration

Co-authored-by: auroraberry <2507097782@qq.com>
Co-authored-by: Isla-top <211220177@smail.nju.edu.cn>
---
 docs/en/taint-analysis.adoc | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/docs/en/taint-analysis.adoc b/docs/en/taint-analysis.adoc
index 13b247e07..fb3eb1076 100644
--- a/docs/en/taint-analysis.adoc
+++ b/docs/en/taint-analysis.adoc
@@ -518,7 +518,7 @@ NOTE: We plan to develop more user-friendly mechanisms for examining taint analy
 == Pre-prepared Commonly Used Taint Configuration
 
 Manually collecting and writing taint analysis configurations for different vulnerability types can be time-consuming and challenging, especially for developers and security researchers with limited experience.
-To help users streamline this process and improve the efficiency and accuracy of vulnerability detection, we have curated `Commonly Used Taint Configuration`. 
+To help users streamline this process and improve the efficiency and accuracy of vulnerability detection, we have curated _Commonly Used Taint Configuration_. 
 When creating or modifying your own taint analysis configuration, you can refer to this configuration for guidance in your process.
 
 Commonly Used Taint Configuration is a comprehensive collection of source, sink, and transfer rules tailored for various common vulnerability types.