From 2b8bb5c23134ff4cc29f8ea6d72940b92814da51 Mon Sep 17 00:00:00 2001 From: Owen Mansel-Chan Date: Thu, 29 Apr 2021 16:17:21 +0100 Subject: [PATCH] Fix JAX-RS models --- java/ql/src/semmle/code/java/frameworks/JaxWS.qll | 10 +++++++--- 1 file changed, 7 insertions(+), 3 deletions(-) diff --git a/java/ql/src/semmle/code/java/frameworks/JaxWS.qll b/java/ql/src/semmle/code/java/frameworks/JaxWS.qll index 25fcdab3ad7..b8cb0afcd5c 100644 --- a/java/ql/src/semmle/code/java/frameworks/JaxWS.qll +++ b/java/ql/src/semmle/code/java/frameworks/JaxWS.qll @@ -178,12 +178,14 @@ class JaxRsResourceClass extends Class { } } -/** An annotation from the `javax.ws.rs` package hierarchy. */ +/** + * An annotation from the `javax.ws.rs` or `jakarta.ws.rs` package hierarchy. + */ class JaxRSAnnotation extends Annotation { JaxRSAnnotation() { exists(AnnotationType a | a = this.getType() and - a.getPackage().getName().regexpMatch("javax\\.ws\\.rs(\\..*)?") + a.getPackage().getName().regexpMatch(["javax\\.ws\\.rs(\\..*)?", "jakarta\\.ws\\.rs(\\..*)?"]) ) } } @@ -264,7 +266,7 @@ class MessageBodyReader extends GenericInterface { */ class MessageBodyReaderReadFrom extends Method { MessageBodyReaderReadFrom() { - this.getDeclaringType() instanceof MessageBodyReader and + this.getDeclaringType().(RefType).getSourceDeclaration() instanceof MessageBodyReader and this.hasName("readFrom") } } @@ -504,9 +506,11 @@ private class FormModel extends SummaryModelCsv { override predicate row(string row) { row = [ + "javax.ws.rs.core;Form;false;Form;;;Argument;Argument[-1];taint", "javax.ws.rs.core;Form;true;asMap;;;Argument[-1];ReturnValue;taint", "javax.ws.rs.core;Form;true;param;;;Argument;Argument[-1];taint", "javax.ws.rs.core;Form;true;param;;;Argument[-1];ReturnValue;value", + "jakarta.ws.rs.core;Form;false;Form;;;Argument;Argument[-1];taint", "jakarta.ws.rs.core;Form;true;asMap;;;Argument[-1];ReturnValue;taint", "jakarta.ws.rs.core;Form;true;param;;;Argument;Argument[-1];taint", "jakarta.ws.rs.core;Form;true;param;;;Argument[-1];ReturnValue;value"