codewarrior: detect sinks of SQL injection, SSTI, XXE, LFI, XSS