New Rules Proposal: Detect exposure to log injection in java.

[righettod]

Hello,

This rule, for java language, is intended to detect and raise a warning when an unsanitized String method parameter is used as an argument to a logger call. The goal is to allow to detect such situation and perform a manual control that a validation is in place.

💡 To limit the false positives, I updated the rule to only trigger for methods that are exposed as a "web service". I added annotations used by Spring Web, JAX-RS and JAX-WS frameworks.

I tested the rule against the sample code using the online rule editor:

Thank you very much for your feedback 😉