diff --git a/utbot-framework/src/main/resources/taint/config.yaml b/utbot-framework/src/main/resources/taint/config.yaml
index 428fda9d5a..bc708767de 100644
--- a/utbot-framework/src/main/resources/taint/config.yaml
+++ b/utbot-framework/src/main/resources/taint/config.yaml
@@ -2,10 +2,123 @@ sources:
   - java.util.Scanner.next:
       add-to: return
       marks: user-input
+  - java.io.BufferedReader.readLine:
+      add-to: return
+      marks: user-input
+  - javax.servlet.http.HttpServletRequest.getParameter:
+      add-to: return
+      marks: user-input
+  - java.util.Properties.getProperty:
+      add-to: return
+      marks: user-input
+  - java.sql.ResultSet.getString:
+      add-to: return
+      marks: user-input
+  - javax.servlet.http.HttpServletRequest.getQueryString:
+      add-to: return
+      marks: user-input
 
-sinks:
-  - java.lang.RuntimeException.<init>:
-      check: arg1
-      marks: []
+cleaners:
+  - java.lang.String.isEmpty:
+      remove-from: this
+      marks: [ ]
+      conditions:
+        return: true
+
+passes:
+  - java.lang.String.getBytes:
+      get-from: this
+      add-to: return
+      marks: [ ]
+      conditions:
+        this: { not: "" }
+  - java.lang.String.split:
+      get-from: this
+      add-to: return
+      marks: [ ]
+      conditions:
+        this: { not: "" }
+  - java.lang.String.concat:
+      get-from: this
+      add-to: return
+      marks: [ ]
+      conditions:
+        this: { not: "" }
+  - java.lang.String.concat:
+      get-from: arg1
+      add-to: return
+      marks: [ ]
       conditions:
         arg1: { not: "" }
+  - java.lang.StringBuilder.append:
+      get-from: arg1
+      add-to: this
+      marks: [ ]
+      conditions:
+        arg1: { not: "" }
+  - java.lang.StringBuilder.toString:
+      get-from: this
+      add-to: return
+      marks: [ ]
+
+  - java.sql.Connection.prepareStatement:
+      get-from: arg1
+      add-to: [ this, return ]
+      marks: [ ]
+  - java.sql.PreparedStatement.setString:
+      get-from: arg2
+      add-to: this
+      marks: [ ]
+
+  - java.sql.Statement.addBatch:
+      get-from: arg1
+      add-to: this
+      marks: [ ]
+
+  - java.io.ByteArrayOutputStream.writeData:
+      get-from: arg1
+      add-to: this
+      marks: [ ]
+  - java.io.ByteArrayOutputStream.toByteArray:
+      get-from: this
+      add-to: return
+      marks: [ ]
+  - java.io.ByteArrayInputStream.<init>:
+      get-from: arg1
+      add-to: [ this, return ]
+      marks: [ ]
+  - java.io.ObjectInputStream.<init>:
+      get-from: arg1
+      add-to: [ this, return ]
+      marks: [ ]
+  - java.io.ObjectInputStream.readObject:
+      get-from: this
+      add-to: return
+      marks: [ ]
+
+sinks:
+  - java.sql.Statement.execute:
+      check: arg1
+      marks: user-input
+  - java.sql.Statement.executeUpdate:
+      check: arg1
+      marks: user-input
+  - java.sql.Statement.executeBatch:
+      check: this
+      marks: user-input
+  - java.sql.Statement.executeQuery:
+      check: arg1
+      marks: user-input
+
+  - java.sql.PreparedStatement.execute:
+      check: this
+      marks: user-input
+  - java.sql.PreparedStatement.executeUpdate:
+      check: this
+      marks: user-input
+  - java.sql.PreparedStatement.executeBatch:
+      check: this
+      marks: user-input
+  - java.sql.PreparedStatement.executeQuery:
+      check: this
+      marks: user-input