From 31840902cdf27fd9443d909bce69de8b8d4d379a Mon Sep 17 00:00:00 2001
From: Owen Mansel-Chan <owen-mc@github.com>
Date: Thu, 12 Feb 2026 12:32:25 +0000
Subject: [PATCH] Fix places which already dealt with both javax and jakarta

---
 java/ql/lib/semmle/code/java/frameworks/JaxWS.qll     | 11 ++++-------
 java/ql/lib/semmle/code/java/frameworks/Jms.qll       |  2 +-
 java/ql/lib/semmle/code/java/frameworks/Mail.qll      |  2 +-
 java/ql/lib/semmle/code/java/frameworks/Servlets.qll  |  2 +-
 .../code/java/frameworks/javaee/Persistence.qll       |  4 +---
 .../code/java/frameworks/javaee/jsf/JSFRenderer.qll   |  5 +----
 .../CWE/CWE-1004/SensitiveCookieNotHttpOnly.ql        |  3 +--
 .../CWE/CWE-094/JakartaExpressionInjectionLib.qll     |  2 +-
 .../Security/CWE/CWE-400/LocalThreadResourceAbuse.ql  |  5 ++---
 .../experimental/semmle/code/java/frameworks/Jsf.qll  |  3 +--
 10 files changed, 14 insertions(+), 25 deletions(-)

diff --git a/java/ql/lib/semmle/code/java/frameworks/JaxWS.qll b/java/ql/lib/semmle/code/java/frameworks/JaxWS.qll
index 37494136565..46feac077c5 100644
--- a/java/ql/lib/semmle/code/java/frameworks/JaxWS.qll
+++ b/java/ql/lib/semmle/code/java/frameworks/JaxWS.qll
@@ -13,7 +13,7 @@ private import semmle.code.java.security.XSS
 /**
  * Gets a name for the root package of JAX-RS.
  */
-string getAJaxRsPackage() { result in [javaxOrJakarta() + ".ws.rs", "jakarta.ws.rs"] }
+string getAJaxRsPackage() { result in [javaxOrJakarta() + ".ws.rs"] }
 
 /**
  * Gets a name for package `subpackage` within the JAX-RS hierarchy.
@@ -42,7 +42,7 @@ class JaxWsEndpoint extends Class {
     result.isPublic() and
     not result instanceof InitializerMethod and
     not exists(Annotation a | a = result.getAnAnnotation() |
-      a.getType().hasQualifiedName([javaxOrJakarta() + "", "jakarta"] + ".jws", "WebMethod") and
+      a.getType().hasQualifiedName(javaxOrJakarta() + ".jws", "WebMethod") and
       a.getValue("exclude").(BooleanLiteral).getBooleanValue() = true
     ) and
     forex(ParamOrReturn paramOrRet | paramOrRet = result.getAParameter() or paramOrRet = result |
@@ -62,8 +62,7 @@ class JaxWsEndpoint extends Class {
 /** The annotation type `@XmlJavaTypeAdapter`. */
 class XmlJavaTypeAdapter extends AnnotationType {
   XmlJavaTypeAdapter() {
-    this.hasQualifiedName([javaxOrJakarta() + "", "jakarta"] + ".xml.bind.annotation.adapters",
-      "XmlJavaTypeAdapter")
+    this.hasQualifiedName(javaxOrJakarta() + ".xml.bind.annotation.adapters", "XmlJavaTypeAdapter")
   }
 }
 
@@ -292,9 +291,7 @@ class JaxRSAnnotation extends Annotation {
   JaxRSAnnotation() {
     exists(AnnotationType a |
       a = this.getType() and
-      a.getPackage()
-          .getName()
-          .regexpMatch([javaxOrJakarta() + "\\.ws\\.rs(\\..*)?", "jakarta\\.ws\\.rs(\\..*)?"])
+      a.getPackage().getName().regexpMatch(javaxOrJakarta() + "\\.ws\\.rs(\\..*)?")
     )
   }
 }
diff --git a/java/ql/lib/semmle/code/java/frameworks/Jms.qll b/java/ql/lib/semmle/code/java/frameworks/Jms.qll
index 8c86481b4ca..abee6b3a427 100644
--- a/java/ql/lib/semmle/code/java/frameworks/Jms.qll
+++ b/java/ql/lib/semmle/code/java/frameworks/Jms.qll
@@ -7,6 +7,6 @@ import java
 /** The method `ObjectMessage.getObject`. */
 class ObjectMessageGetObjectMethod extends Method {
   ObjectMessageGetObjectMethod() {
-    this.hasQualifiedName([javaxOrJakarta() + "", "jakarta"] + ".jms", "ObjectMessage", "getObject")
+    this.hasQualifiedName(javaxOrJakarta() + ".jms", "ObjectMessage", "getObject")
   }
 }
diff --git a/java/ql/lib/semmle/code/java/frameworks/Mail.qll b/java/ql/lib/semmle/code/java/frameworks/Mail.qll
index 5793da4cceb..b99220c1737 100644
--- a/java/ql/lib/semmle/code/java/frameworks/Mail.qll
+++ b/java/ql/lib/semmle/code/java/frameworks/Mail.qll
@@ -8,7 +8,7 @@ import java
  * The class `javax.mail.Session` or `jakarta.mail.Session`.
  */
 class MailSession extends Class {
-  MailSession() { this.hasQualifiedName([javaxOrJakarta() + ".mail", "jakarta.mail"], "Session") }
+  MailSession() { this.hasQualifiedName(javaxOrJakarta() + ".mail", "Session") }
 }
 
 /**
diff --git a/java/ql/lib/semmle/code/java/frameworks/Servlets.qll b/java/ql/lib/semmle/code/java/frameworks/Servlets.qll
index 30cd248d4d1..826636ce073 100644
--- a/java/ql/lib/semmle/code/java/frameworks/Servlets.qll
+++ b/java/ql/lib/semmle/code/java/frameworks/Servlets.qll
@@ -377,7 +377,7 @@ predicate isRequestGetParamMethod(MethodCall ma) {
 /** The Java EE RequestDispatcher. */
 class RequestDispatcher extends RefType {
   RequestDispatcher() {
-    this.hasQualifiedName([javaxOrJakarta() + ".servlet", "jakarta.servlet"], "RequestDispatcher") or
+    this.hasQualifiedName(javaxOrJakarta() + ".servlet", "RequestDispatcher") or
     this.hasQualifiedName(javaxOrJakarta() + ".portlet", "PortletRequestDispatcher")
   }
 }
diff --git a/java/ql/lib/semmle/code/java/frameworks/javaee/Persistence.qll b/java/ql/lib/semmle/code/java/frameworks/javaee/Persistence.qll
index 05a7e615552..a6cedcc3fee 100644
--- a/java/ql/lib/semmle/code/java/frameworks/javaee/Persistence.qll
+++ b/java/ql/lib/semmle/code/java/frameworks/javaee/Persistence.qll
@@ -9,9 +9,7 @@ import java
 /**
  * Gets a JavaEE Persistence API package name.
  */
-string getAPersistencePackageName() {
-  result = [javaxOrJakarta() + ".persistence", "jakarta.persistence"]
-}
+string getAPersistencePackageName() { result = javaxOrJakarta() + ".persistence" }
 
 /**
  * A `RefType` with the `@Entity` annotation that indicates that it can be persisted using a JPA
diff --git a/java/ql/lib/semmle/code/java/frameworks/javaee/jsf/JSFRenderer.qll b/java/ql/lib/semmle/code/java/frameworks/javaee/jsf/JSFRenderer.qll
index 6e6bad91d47..21f8fba6785 100644
--- a/java/ql/lib/semmle/code/java/frameworks/javaee/jsf/JSFRenderer.qll
+++ b/java/ql/lib/semmle/code/java/frameworks/javaee/jsf/JSFRenderer.qll
@@ -8,10 +8,7 @@ import java
  * The JSF class `FacesContext` for processing HTTP requests.
  */
 class FacesContext extends RefType {
-  FacesContext() {
-    this.hasQualifiedName([javaxOrJakarta() + ".faces.context", "jakarta.faces.context"],
-      "FacesContext")
-  }
+  FacesContext() { this.hasQualifiedName(javaxOrJakarta() + ".faces.context", "FacesContext") }
 }
 
 /**
diff --git a/java/ql/src/Security/CWE/CWE-1004/SensitiveCookieNotHttpOnly.ql b/java/ql/src/Security/CWE/CWE-1004/SensitiveCookieNotHttpOnly.ql
index 08d622b576e..afa08fb6928 100644
--- a/java/ql/src/Security/CWE/CWE-1004/SensitiveCookieNotHttpOnly.ql
+++ b/java/ql/src/Security/CWE/CWE-1004/SensitiveCookieNotHttpOnly.ql
@@ -145,8 +145,7 @@ class CookieResponseWithoutHttpOnlySink extends DataFlow::ExprNode {
 
 /** Holds if `cie` is an invocation of a JAX-RS `NewCookie` constructor that sets `HttpOnly` to true. */
 predicate setsHttpOnlyInNewCookie(ClassInstanceExpr cie) {
-  cie.getConstructedType()
-      .hasQualifiedName([javaxOrJakarta() + ".ws.rs.core", "jakarta.ws.rs.core"], "NewCookie") and
+  cie.getConstructedType().hasQualifiedName(javaxOrJakarta() + ".ws.rs.core", "NewCookie") and
   (
     cie.getNumArgument() = 6 and
     mayBeBooleanTrue(cie.getArgument(5)) // NewCookie(Cookie cookie, String comment, int maxAge, Date expiry, boolean secure, boolean httpOnly)
diff --git a/java/ql/src/experimental/Security/CWE/CWE-094/JakartaExpressionInjectionLib.qll b/java/ql/src/experimental/Security/CWE/CWE-094/JakartaExpressionInjectionLib.qll
index 0b59f1b723a..6f7cb040e79 100644
--- a/java/ql/src/experimental/Security/CWE/CWE-094/JakartaExpressionInjectionLib.qll
+++ b/java/ql/src/experimental/Security/CWE/CWE-094/JakartaExpressionInjectionLib.qll
@@ -89,7 +89,7 @@ private class TaintPropagatingCall extends Call {
 }
 
 private class JakartaType extends RefType {
-  JakartaType() { this.getPackage().hasName([javaxOrJakarta() + ".el", "jakarta.el"]) }
+  JakartaType() { this.getPackage().hasName(javaxOrJakarta() + ".el") }
 }
 
 private class ELProcessor extends JakartaType {
diff --git a/java/ql/src/experimental/Security/CWE/CWE-400/LocalThreadResourceAbuse.ql b/java/ql/src/experimental/Security/CWE/CWE-400/LocalThreadResourceAbuse.ql
index eb5353af4c7..fc9eea83219 100644
--- a/java/ql/src/experimental/Security/CWE/CWE-400/LocalThreadResourceAbuse.ql
+++ b/java/ql/src/experimental/Security/CWE/CWE-400/LocalThreadResourceAbuse.ql
@@ -21,12 +21,11 @@ class GetInitParameter extends Method {
     (
       this.getDeclaringType()
           .getAnAncestor()
-          .hasQualifiedName([javaxOrJakarta() + ".servlet", "jakarta.servlet"],
+          .hasQualifiedName(javaxOrJakarta() + ".servlet",
             ["FilterConfig", "Registration", "ServletConfig", "ServletContext"]) or
       this.getDeclaringType()
           .getAnAncestor()
-          .hasQualifiedName([javaxOrJakarta() + ".faces.context", "jakarta.faces.context"],
-            "ExternalContext")
+          .hasQualifiedName(javaxOrJakarta() + ".faces.context", "ExternalContext")
     ) and
     this.getName() = "getInitParameter"
   }
diff --git a/java/ql/src/experimental/semmle/code/java/frameworks/Jsf.qll b/java/ql/src/experimental/semmle/code/java/frameworks/Jsf.qll
index aa5a29f85cb..97706ea6d63 100644
--- a/java/ql/src/experimental/semmle/code/java/frameworks/Jsf.qll
+++ b/java/ql/src/experimental/semmle/code/java/frameworks/Jsf.qll
@@ -10,8 +10,7 @@ import java
  */
 class ExternalContext extends RefType {
   ExternalContext() {
-    this.hasQualifiedName([javaxOrJakarta() + ".faces.context", "jakarta.faces.context"],
-      "ExternalContext")
+    this.hasQualifiedName(javaxOrJakarta() + ".faces.context", "ExternalContext")
   }
 }