revert some mistakes

java/ql/src/utils/modeleditor/FrameworkModeEndpointsQuery.qll

@@ -1,6 +1,6 @@
 private import java
-private import semmle.code.java.dataflow.ExternalFlow
 private import semmle.code.java.dataflow.internal.DataFlowPrivate
+private import semmle.code.java.dataflow.internal.FlowSummaryImpl
 private import semmle.code.java.dataflow.internal.ModelExclusions
 private import ModelEditor
 
@@ -8,7 +8,7 @@ private import ModelEditor
  * A class of effectively public callables from source code.
  */
 class PublicEndpointFromSource extends Endpoint, ModelApi {
-  override predicate isSource() { this instanceof SourceCallable }
+  override predicate isSource() { SourceSinkInterpretationInput::sourceElement(this, _, _, _, _) }
 
-  override predicate isSink() { this instanceof SinkCallable }
+  override predicate isSink() { SourceSinkInterpretationInput::sinkElement(this, _, _, _, _) }
 }

java/ql/src/utils/modelgenerator/internal/CaptureModels.qll

@@ -41,21 +41,18 @@ private module Printing implements PrintingSig {
 
 module ModelPrinting = PrintingImpl<Printing>;
 
-/**
- * Holds if `c` is a relevant content kind, where the underlying type is relevant.
- */
-private predicate isRelevantTypeInContent(DataFlow::Content c) {
-  isRelevantType(getUnderlyingContentType(c))
-}
-
 /**
  * Holds if data can flow from `node1` to `node2` either via a read or a write of an intermediate field `f`.
  */
 private predicate isRelevantTaintStep(DataFlow::Node node1, DataFlow::Node node2) {
   exists(DataFlow::Content f |
     DataFlowPrivate::readStep(node1, f, node2) and
-    // Partially restrict the content types used for intermediate steps.
-    (not exists(getUnderlyingContentType(f)) or isRelevantTypeInContent(f))
+    if f instanceof DataFlow::FieldContent
+    then isRelevantType(f.(DataFlow::FieldContent).getField().getType())
+    else
+      if f instanceof DataFlow::SyntheticFieldContent
+      then isRelevantType(f.(DataFlow::SyntheticFieldContent).getField().getType())
+      else any()
   )
   or
   exists(DataFlow::Content f | DataFlowPrivate::storeStep(node1, f, node2) |
@@ -64,11 +61,12 @@ private predicate isRelevantTaintStep(DataFlow::Node node1, DataFlow::Node node2
 }
 
 /**
- * Holds if content `c` is either a field, a synthetic field or language specific
- * content of a relevant type or a container like content.
+ * Holds if content `c` is either a field or synthetic field of a relevant type
+ * or a container like content.
  */
 private predicate isRelevantContent(DataFlow::Content c) {
-  isRelevantTypeInContent(c) or
+  isRelevantType(c.(DataFlow::FieldContent).getField().getType()) or
+  isRelevantType(c.(DataFlow::SyntheticFieldContent).getField().getType()) or
   DataFlowPrivate::containerContent(c)
 }
 
@@ -260,10 +258,6 @@ module PropagateToSinkConfig implements DataFlow::ConfigSig {
   predicate isBarrier(DataFlow::Node node) { sinkModelSanitizer(node) }
 
   DataFlow::FlowFeature getAFeature() { result instanceof DataFlow::FeatureHasSourceCallContext }
-
-  predicate isAdditionalFlowStep(DataFlow::Node node1, DataFlow::Node node2) {
-    isRelevantTaintStep(node1, node2)
-  }
 }
 
 private module PropagateToSink = TaintTracking::Global<PropagateToSinkConfig>;

java/ql/src/utils/modelgenerator/internal/CaptureModelsSpecific.qll

@@ -186,14 +186,6 @@ predicate isRelevantType(J::Type t) {
   )
 }
 
-/**
- * Gets the underlying type of the content `c`.
- */
-J::Type getUnderlyingContentType(DataFlow::Content c) {
-  result = c.(DataFlow::FieldContent).getField().getType() or
-  result = c.(DataFlow::SyntheticFieldContent).getField().getType()
-}
-
 /**
  * Gets the MaD string representation of the qualifier.
  */

java/ql/test/query-tests/security/CWE-022/semmle/tests/NewPathInjection/PathInjection/pom.xml

@@ -1,110 +0,0 @@
-<project xmlns="http://maven.apache.org/POM/4.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance"
-         xsi:schemaLocation="http://maven.apache.org/POM/4.0.0 http://maven.apache.org/maven-v4_0_0.xsd">
-    <modelVersion>4.0.0</modelVersion>
-    <groupId>org.PathInjection</groupId>
-    <artifactId>PathInjection</artifactId>
-    <packaging>war</packaging>
-    <version>1.0-SNAPSHOT</version>
-    <name>PathInjection Maven Webapp</name>
-    <url>https://maven.apache.org</url>
-
-    <properties>
-        <aws.sdk.version>2.19.1</aws.sdk.version>
-    </properties>
-
-    <dependencyManagement>
-        <dependencies>
-            <dependency>
-                <groupId>software.amazon.awssdk</groupId>
-                <artifactId>bom</artifactId>
-                <version>${aws.sdk.version}</version>
-                <type>pom</type>
-                <scope>import</scope>
-            </dependency>
-        </dependencies>
-    </dependencyManagement>
-    <dependencies>
-        <dependency>
-            <groupId>javax.servlet</groupId>
-            <artifactId>javax.servlet-api</artifactId>
-            <version>4.0.1</version>
-            <scope>provided</scope>
-        </dependency>
-        <dependency>
-            <groupId>org.springframework</groupId>
-            <artifactId>spring-framework-bom</artifactId>
-            <version>6.1.4</version>
-            <scope>import</scope>
-            <type>pom</type>
-        </dependency>
-        <!-- https://mvnrepository.com/artifact/org.springframework/spring-core -->
-        <dependency>
-            <groupId>org.springframework</groupId>
-            <artifactId>spring-core</artifactId>
-            <version>6.1.4</version>
-        </dependency>
-        <dependency>
-            <groupId>software.amazon.awssdk</groupId>
-            <artifactId>s3-transfer-manager</artifactId>
-        </dependency>
-        <dependency>
-            <groupId>software.amazon.awssdk.crt</groupId>
-            <artifactId>aws-crt</artifactId>
-            <version>0.20.3</version>
-        </dependency>
-        <dependency>
-            <groupId>commons-io</groupId>
-            <artifactId>commons-io</artifactId>
-            <version>2.12.0</version>
-        </dependency>
-        <!-- https://mvnrepository.com/artifact/net.lingala.zip4j/zip4j -->
-        <dependency>
-            <groupId>net.lingala.zip4j</groupId>
-            <artifactId>zip4j</artifactId>
-            <version>2.11.5</version>
-        </dependency>
-        <!-- https://mvnrepository.com/artifact/com.github.luben/zstd-jni -->
-        <dependency>
-            <groupId>com.github.luben</groupId>
-            <artifactId>zstd-jni</artifactId>
-            <version>1.5.5-1</version>
-        </dependency>
-        <!-- https://mvnrepository.com/artifact/org.tukaani/xz -->
-        <dependency>
-            <groupId>org.tukaani</groupId>
-            <artifactId>xz</artifactId>
-            <version>1.9</version>
-        </dependency>
-        <!-- https://mvnrepository.com/artifact/org.lz4/lz4-java -->
-        <dependency>
-            <groupId>org.lz4</groupId>
-            <artifactId>lz4-java</artifactId>
-            <version>1.8.0</version>
-        </dependency>
-        <!-- https://mvnrepository.com/artifact/org.xerial.snappy/snappy-java -->
-        <dependency>
-            <groupId>org.xerial.snappy</groupId>
-            <artifactId>snappy-java</artifactId>
-            <version>1.1.10.5</version>
-        </dependency>
-        <!-- https://mvnrepository.com/artifact/org.apache.commons/commons-compress -->
-        <dependency>
-            <groupId>org.apache.commons</groupId>
-            <artifactId>commons-compress</artifactId>
-            <version>1.26.0</version>
-        </dependency>
-    </dependencies>
-    <build>
-        <finalName>PathInjection</finalName>
-        <plugins>
-            <plugin>
-                <groupId>org.apache.maven.plugins</groupId>
-                <artifactId>maven-compiler-plugin</artifactId>
-                <configuration>
-                    <source>11</source>
-                    <target>11</target>
-                </configuration>
-            </plugin>
-        </plugins>
-    </build>
-</project>