Fix places which already dealt with both javax and jakarta

2026-02-23 10:23:41 +01:00 · 2026-02-12 12:32:25 +00:00
parent 4b240ebf8a
commit 31840902cd
10 changed files with 14 additions and 25 deletions
--- a/java/ql/lib/semmle/code/java/frameworks/JaxWS.qll
+++ b/java/ql/lib/semmle/code/java/frameworks/JaxWS.qll
@@ -13,7 +13,7 @@ private import semmle.code.java.security.XSS
 /**
 * Gets a name for the root package of JAX-RS.
 */
-string getAJaxRsPackage() { result in [javaxOrJakarta() + ".ws.rs", "jakarta.ws.rs"] }
+string getAJaxRsPackage() { result in [javaxOrJakarta() + ".ws.rs"] }

 /**
 * Gets a name for package `subpackage` within the JAX-RS hierarchy.
@@ -42,7 +42,7 @@ class JaxWsEndpoint extends Class {
    result.isPublic() and
    not result instanceof InitializerMethod and
    not exists(Annotation a | a = result.getAnAnnotation() |
-      a.getType().hasQualifiedName([javaxOrJakarta() + "", "jakarta"] + ".jws", "WebMethod") and
+      a.getType().hasQualifiedName(javaxOrJakarta() + ".jws", "WebMethod") and
      a.getValue("exclude").(BooleanLiteral).getBooleanValue() = true
    ) and
    forex(ParamOrReturn paramOrRet | paramOrRet = result.getAParameter() or paramOrRet = result |
@@ -62,8 +62,7 @@ class JaxWsEndpoint extends Class {
 /** The annotation type `@XmlJavaTypeAdapter`. */
 class XmlJavaTypeAdapter extends AnnotationType {
  XmlJavaTypeAdapter() {
-    this.hasQualifiedName([javaxOrJakarta() + "", "jakarta"] + ".xml.bind.annotation.adapters",
-      "XmlJavaTypeAdapter")
+    this.hasQualifiedName(javaxOrJakarta() + ".xml.bind.annotation.adapters", "XmlJavaTypeAdapter")
  }
 }

@@ -292,9 +291,7 @@ class JaxRSAnnotation extends Annotation {
  JaxRSAnnotation() {
    exists(AnnotationType a |
      a = this.getType() and
-      a.getPackage()
-          .getName()
-          .regexpMatch([javaxOrJakarta() + "\\.ws\\.rs(\\..*)?", "jakarta\\.ws\\.rs(\\..*)?"])
+      a.getPackage().getName().regexpMatch(javaxOrJakarta() + "\\.ws\\.rs(\\..*)?")
    )
  }
 }
--- a/java/ql/lib/semmle/code/java/frameworks/Jms.qll
+++ b/java/ql/lib/semmle/code/java/frameworks/Jms.qll
@@ -7,6 +7,6 @@ import java
 /** The method `ObjectMessage.getObject`. */
 class ObjectMessageGetObjectMethod extends Method {
  ObjectMessageGetObjectMethod() {
-    this.hasQualifiedName([javaxOrJakarta() + "", "jakarta"] + ".jms", "ObjectMessage", "getObject")
+    this.hasQualifiedName(javaxOrJakarta() + ".jms", "ObjectMessage", "getObject")
  }
 }
--- a/java/ql/lib/semmle/code/java/frameworks/Mail.qll
+++ b/java/ql/lib/semmle/code/java/frameworks/Mail.qll
@@ -8,7 +8,7 @@ import java
 * The class `javax.mail.Session` or `jakarta.mail.Session`.
 */
 class MailSession extends Class {
-  MailSession() { this.hasQualifiedName([javaxOrJakarta() + ".mail", "jakarta.mail"], "Session") }
+  MailSession() { this.hasQualifiedName(javaxOrJakarta() + ".mail", "Session") }
 }

 /**
--- a/java/ql/lib/semmle/code/java/frameworks/Servlets.qll
+++ b/java/ql/lib/semmle/code/java/frameworks/Servlets.qll
@@ -377,7 +377,7 @@ predicate isRequestGetParamMethod(MethodCall ma) {
 /** The Java EE RequestDispatcher. */
 class RequestDispatcher extends RefType {
  RequestDispatcher() {
-    this.hasQualifiedName([javaxOrJakarta() + ".servlet", "jakarta.servlet"], "RequestDispatcher") or
+    this.hasQualifiedName(javaxOrJakarta() + ".servlet", "RequestDispatcher") or
    this.hasQualifiedName(javaxOrJakarta() + ".portlet", "PortletRequestDispatcher")
  }
 }
--- a/java/ql/lib/semmle/code/java/frameworks/javaee/Persistence.qll
+++ b/java/ql/lib/semmle/code/java/frameworks/javaee/Persistence.qll
@@ -9,9 +9,7 @@ import java
 /**
 * Gets a JavaEE Persistence API package name.
 */
-string getAPersistencePackageName() {
-  result = [javaxOrJakarta() + ".persistence", "jakarta.persistence"]
-}
+string getAPersistencePackageName() { result = javaxOrJakarta() + ".persistence" }

 /**
 * A `RefType` with the `@Entity` annotation that indicates that it can be persisted using a JPA
--- a/java/ql/lib/semmle/code/java/frameworks/javaee/jsf/JSFRenderer.qll
+++ b/java/ql/lib/semmle/code/java/frameworks/javaee/jsf/JSFRenderer.qll
@@ -8,10 +8,7 @@ import java
 * The JSF class `FacesContext` for processing HTTP requests.
 */
 class FacesContext extends RefType {
-  FacesContext() {
-    this.hasQualifiedName([javaxOrJakarta() + ".faces.context", "jakarta.faces.context"],
-      "FacesContext")
-  }
+  FacesContext() { this.hasQualifiedName(javaxOrJakarta() + ".faces.context", "FacesContext") }
 }

 /**
--- a/java/ql/src/Security/CWE/CWE-1004/SensitiveCookieNotHttpOnly.ql
+++ b/java/ql/src/Security/CWE/CWE-1004/SensitiveCookieNotHttpOnly.ql
@@ -145,8 +145,7 @@ class CookieResponseWithoutHttpOnlySink extends DataFlow::ExprNode {

 /** Holds if `cie` is an invocation of a JAX-RS `NewCookie` constructor that sets `HttpOnly` to true. */
 predicate setsHttpOnlyInNewCookie(ClassInstanceExpr cie) {
-  cie.getConstructedType()
-      .hasQualifiedName([javaxOrJakarta() + ".ws.rs.core", "jakarta.ws.rs.core"], "NewCookie") and
+  cie.getConstructedType().hasQualifiedName(javaxOrJakarta() + ".ws.rs.core", "NewCookie") and
  (
    cie.getNumArgument() = 6 and
    mayBeBooleanTrue(cie.getArgument(5)) // NewCookie(Cookie cookie, String comment, int maxAge, Date expiry, boolean secure, boolean httpOnly)
--- a/java/ql/src/experimental/Security/CWE/CWE-094/JakartaExpressionInjectionLib.qll
+++ b/java/ql/src/experimental/Security/CWE/CWE-094/JakartaExpressionInjectionLib.qll
@@ -89,7 +89,7 @@ private class TaintPropagatingCall extends Call {
 }

 private class JakartaType extends RefType {
-  JakartaType() { this.getPackage().hasName([javaxOrJakarta() + ".el", "jakarta.el"]) }
+  JakartaType() { this.getPackage().hasName(javaxOrJakarta() + ".el") }
 }

 private class ELProcessor extends JakartaType {
--- a/java/ql/src/experimental/Security/CWE/CWE-400/LocalThreadResourceAbuse.ql
+++ b/java/ql/src/experimental/Security/CWE/CWE-400/LocalThreadResourceAbuse.ql
@@ -21,12 +21,11 @@ class GetInitParameter extends Method {
    (
      this.getDeclaringType()
          .getAnAncestor()
-          .hasQualifiedName([javaxOrJakarta() + ".servlet", "jakarta.servlet"],
+          .hasQualifiedName(javaxOrJakarta() + ".servlet",
            ["FilterConfig", "Registration", "ServletConfig", "ServletContext"]) or
      this.getDeclaringType()
          .getAnAncestor()
-          .hasQualifiedName([javaxOrJakarta() + ".faces.context", "jakarta.faces.context"],
-            "ExternalContext")
+          .hasQualifiedName(javaxOrJakarta() + ".faces.context", "ExternalContext")
    ) and
    this.getName() = "getInitParameter"
  }
--- a/java/ql/src/experimental/semmle/code/java/frameworks/Jsf.qll
+++ b/java/ql/src/experimental/semmle/code/java/frameworks/Jsf.qll
@@ -10,8 +10,7 @@ import java
 */
 class ExternalContext extends RefType {
  ExternalContext() {
-    this.hasQualifiedName([javaxOrJakarta() + ".faces.context", "jakarta.faces.context"],
-      "ExternalContext")
+    this.hasQualifiedName(javaxOrJakarta() + ".faces.context", "ExternalContext")
  }
 }