Replace "javax" with javaxOrJakarta()

This is just a find-replace of `"javax` with `javaxOrJakarta() + "`.
2026-02-23 10:23:41 +01:00 · 2026-02-12 12:21:04 +00:00
parent 149f3ed5b6
commit a5e6f6daf9
45 changed files with 370 additions and 218 deletions
--- a/java/ql/lib/experimental/quantum/JCA.qll
+++ b/java/ql/lib/experimental/quantum/JCA.qll
@@ -295,7 +295,7 @@ module JCAModel {

  class CipherGetInstanceCall extends MethodCall {
    CipherGetInstanceCall() {
-      this.getCallee().hasQualifiedName("javax.crypto", "Cipher", "getInstance")
+      this.getCallee().hasQualifiedName(javaxOrJakarta() + ".crypto", "Cipher", "getInstance")
    }

    Expr getAlgorithmArg() { result = this.getArgument(0) }
@@ -307,7 +307,8 @@ module JCAModel {
  private class CipherOperationCall extends MethodCall {
    CipherOperationCall() {
      this.getMethod()
-          .hasQualifiedName("javax.crypto", "Cipher", ["update", "doFinal", "wrap", "unwrap"])
+          .hasQualifiedName(javaxOrJakarta() + ".crypto", "Cipher",
+            ["update", "doFinal", "wrap", "unwrap"])
    }

    predicate isIntermediate() { this.getMethod().getName() = "update" }
@@ -474,7 +475,9 @@ module JCAModel {
   * An access to the `javax.crypto.Cipher` class.
   */
  private class CipherAccess extends TypeAccess {
-    CipherAccess() { this.getType().(Class).hasQualifiedName("javax.crypto", "Cipher") }
+    CipherAccess() {
+      this.getType().(Class).hasQualifiedName(javaxOrJakarta() + ".crypto", "Cipher")
+    }
  }

  /**
@@ -708,7 +711,9 @@ module JCAModel {
  // and through setter methods
  class IvParameterSpecInstance extends NonceParameterInstantiation {
    IvParameterSpecInstance() {
-      super.getConstructedType().hasQualifiedName("javax.crypto.spec", "IvParameterSpec")
+      super
+          .getConstructedType()
+          .hasQualifiedName(javaxOrJakarta() + ".crypto.spec", "IvParameterSpec")
    }

    override DataFlow::Node getInputNode() { result.asExpr() = super.getArgument(0) }
@@ -717,7 +722,9 @@ module JCAModel {
  // TODO: this also specifies the tag length for GCM
  class GCMParameterSpecInstance extends NonceParameterInstantiation {
    GCMParameterSpecInstance() {
-      super.getConstructedType().hasQualifiedName("javax.crypto.spec", "GCMParameterSpec")
+      super
+          .getConstructedType()
+          .hasQualifiedName(javaxOrJakarta() + ".crypto.spec", "GCMParameterSpec")
    }

    override DataFlow::Node getInputNode() { result.asExpr() = super.getArgument(1) }
@@ -725,7 +732,8 @@ module JCAModel {

  class IvParameterSpecGetIvCall extends MethodCall {
    IvParameterSpecGetIvCall() {
-      this.getMethod().hasQualifiedName("javax.crypto.spec", "IvParameterSpec", "getIV")
+      this.getMethod()
+          .hasQualifiedName(javaxOrJakarta() + ".crypto.spec", "IvParameterSpec", "getIV")
    }
  }

@@ -797,7 +805,9 @@ module JCAModel {
  }

  class CipherInitCall extends MethodCall {
-    CipherInitCall() { this.getCallee().hasQualifiedName("javax.crypto", "Cipher", "init") }
+    CipherInitCall() {
+      this.getCallee().hasQualifiedName(javaxOrJakarta() + ".crypto", "Cipher", "init")
+    }

    /**
     * Returns the mode argument to the `init` method
@@ -966,7 +976,9 @@ module JCAModel {

  class DHGenParameterSpecInstance extends KeyGeneratorParameterSpecClassInstanceExpr {
    DHGenParameterSpecInstance() {
-      super.getConstructedType().hasQualifiedName("javax.crypto.spec", "DHGenParameterSpec")
+      super
+          .getConstructedType()
+          .hasQualifiedName(javaxOrJakarta() + ".crypto.spec", "DHGenParameterSpec")
    }

    Expr getPrimeSizeArg() { result = this.getArgument(0) }
@@ -1067,7 +1079,7 @@ module JCAModel {
  //TODO: Link getAlgorithm from KeyPairGenerator to algorithm instances or AVCs? High priority.
  class KeyGeneratorGetInstanceCall extends MethodCall {
    KeyGeneratorGetInstanceCall() {
-      this.getCallee().hasQualifiedName("javax.crypto", "KeyGenerator", "getInstance")
+      this.getCallee().hasQualifiedName(javaxOrJakarta() + ".crypto", "KeyGenerator", "getInstance")
      or
      this.getCallee().hasQualifiedName("java.security", "KeyPairGenerator", "getInstance")
    }
@@ -1082,7 +1094,8 @@ module JCAModel {
      this.getCallee().hasQualifiedName("java.security", "KeyPairGenerator", "initialize") and
      keyType = Crypto::TAsymmetricKeyType()
      or
-      this.getCallee().hasQualifiedName("javax.crypto", "KeyGenerator", ["init", "initialize"]) and
+      this.getCallee()
+          .hasQualifiedName(javaxOrJakarta() + ".crypto", "KeyGenerator", ["init", "initialize"]) and
      keyType = Crypto::TSymmetricKeyType()
    }

@@ -1111,7 +1124,7 @@ module JCAModel {
    Crypto::KeyArtifactType type;

    KeyGeneratorGenerateCall() {
-      this.getCallee().hasQualifiedName("javax.crypto", "KeyGenerator", "generateKey") and
+      this.getCallee().hasQualifiedName(javaxOrJakarta() + ".crypto", "KeyGenerator", "generateKey") and
      type instanceof Crypto::TSymmetricKeyType
      or
      this.getCallee()
@@ -1176,7 +1189,7 @@ module JCAModel {
  class KeySpecInstantiation extends ClassInstanceExpr {
    KeySpecInstantiation() {
      this.getConstructedType()
-          .hasQualifiedName("javax.crypto.spec",
+          .hasQualifiedName(javaxOrJakarta() + ".crypto.spec",
            ["PBEKeySpec", "SecretKeySpec", "PBEKeySpec", "DESedeKeySpec"])
    }

@@ -1227,7 +1240,8 @@ module JCAModel {

  class SecretKeyFactoryGetInstanceCall extends MethodCall {
    SecretKeyFactoryGetInstanceCall() {
-      this.getCallee().hasQualifiedName("javax.crypto", "SecretKeyFactory", "getInstance")
+      this.getCallee()
+          .hasQualifiedName(javaxOrJakarta() + ".crypto", "SecretKeyFactory", "getInstance")
    }

    Expr getAlgorithmArg() { result = this.getArgument(0) }
@@ -1235,7 +1249,8 @@ module JCAModel {

  class SecretKeyFactoryGenerateSecretCall extends MethodCall {
    SecretKeyFactoryGenerateSecretCall() {
-      this.getCallee().hasQualifiedName("javax.crypto", "SecretKeyFactory", "generateSecret")
+      this.getCallee()
+          .hasQualifiedName(javaxOrJakarta() + ".crypto", "SecretKeyFactory", "generateSecret")
    }

    Expr getKeySpecArg() { result = this.getArgument(0) }
@@ -1430,7 +1445,7 @@ module JCAModel {

  class KeyAgreementInitCall extends MethodCall {
    KeyAgreementInitCall() {
-      this.getCallee().hasQualifiedName("javax.crypto", "KeyAgreement", "init")
+      this.getCallee().hasQualifiedName(javaxOrJakarta() + ".crypto", "KeyAgreement", "init")
    }

    Expr getServerKeyArg() { result = this.getArgument(0) }
@@ -1438,7 +1453,7 @@ module JCAModel {

  class KeyAgreementGetInstanceCall extends MethodCall {
    KeyAgreementGetInstanceCall() {
-      this.getCallee().hasQualifiedName("javax.crypto", "KeyAgreement", "getInstance")
+      this.getCallee().hasQualifiedName(javaxOrJakarta() + ".crypto", "KeyAgreement", "getInstance")
    }

    Expr getAlgorithmArg() { result = super.getArgument(0) }
@@ -1482,7 +1497,8 @@ module JCAModel {
  class KeyAgreementCall extends MethodCall {
    KeyAgreementCall() {
      this.getCallee()
-          .hasQualifiedName("javax.crypto", "KeyAgreement", ["generateSecret", "doPhase"])
+          .hasQualifiedName(javaxOrJakarta() + ".crypto", "KeyAgreement",
+            ["generateSecret", "doPhase"])
    }

    predicate isIntermediate() { this.getCallee().getName() = "doPhase" }
@@ -1647,7 +1663,9 @@ module JCAModel {
  }

  class MacGetInstanceCall extends MethodCall {
-    MacGetInstanceCall() { this.getCallee().hasQualifiedName("javax.crypto", "Mac", "getInstance") }
+    MacGetInstanceCall() {
+      this.getCallee().hasQualifiedName(javaxOrJakarta() + ".crypto", "Mac", "getInstance")
+    }

    Expr getAlgorithmArg() { result = this.getArgument(0) }

@@ -1663,7 +1681,7 @@ module JCAModel {
  }

  class MacInitCall extends MethodCall {
-    MacInitCall() { this.getCallee().hasQualifiedName("javax.crypto", "Mac", "init") }
+    MacInitCall() { this.getCallee().hasQualifiedName(javaxOrJakarta() + ".crypto", "Mac", "init") }

    Expr getKeyArg() {
      result = this.getArgument(0) and this.getMethod().getParameterType(0).hasName("Key")
@@ -1691,7 +1709,7 @@ module JCAModel {
    Expr output;

    MacOperationCall() {
-      super.getMethod().getDeclaringType().hasQualifiedName("javax.crypto", "Mac") and
+      super.getMethod().getDeclaringType().hasQualifiedName(javaxOrJakarta() + ".crypto", "Mac") and
      (
        super.getMethod().hasStringSignature(["doFinal()", "doFinal(byte[])"]) and this = output
        or
--- a/java/ql/lib/semmle/code/java/J2EE.qll
+++ b/java/ql/lib/semmle/code/java/J2EE.qll
@@ -9,49 +9,61 @@ import Type
 /** An entity bean. */
 class EntityBean extends Class {
  EntityBean() {
-    exists(Interface i | i.hasQualifiedName("javax.ejb", "EntityBean") | this.hasSupertype+(i))
+    exists(Interface i | i.hasQualifiedName(javaxOrJakarta() + ".ejb", "EntityBean") |
+      this.hasSupertype+(i)
+    )
  }
 }

 /** An enterprise bean. */
 class EnterpriseBean extends RefType {
  EnterpriseBean() {
-    exists(Interface i | i.hasQualifiedName("javax.ejb", "EnterpriseBean") | this.hasSupertype+(i))
+    exists(Interface i | i.hasQualifiedName(javaxOrJakarta() + ".ejb", "EnterpriseBean") |
+      this.hasSupertype+(i)
+    )
  }
 }

 /** A local EJB home interface. */
 class LocalEjbHomeInterface extends Interface {
  LocalEjbHomeInterface() {
-    exists(Interface i | i.hasQualifiedName("javax.ejb", "EJBLocalHome") | this.hasSupertype+(i))
+    exists(Interface i | i.hasQualifiedName(javaxOrJakarta() + ".ejb", "EJBLocalHome") |
+      this.hasSupertype+(i)
+    )
  }
 }

 /** A remote EJB home interface. */
 class RemoteEjbHomeInterface extends Interface {
  RemoteEjbHomeInterface() {
-    exists(Interface i | i.hasQualifiedName("javax.ejb", "EJBHome") | this.hasSupertype+(i))
+    exists(Interface i | i.hasQualifiedName(javaxOrJakarta() + ".ejb", "EJBHome") |
+      this.hasSupertype+(i)
+    )
  }
 }

 /** A local EJB interface. */
 class LocalEjbInterface extends Interface {
  LocalEjbInterface() {
-    exists(Interface i | i.hasQualifiedName("javax.ejb", "EJBLocalObject") | this.hasSupertype+(i))
+    exists(Interface i | i.hasQualifiedName(javaxOrJakarta() + ".ejb", "EJBLocalObject") |
+      this.hasSupertype+(i)
+    )
  }
 }

 /** A remote EJB interface. */
 class RemoteEjbInterface extends Interface {
  RemoteEjbInterface() {
-    exists(Interface i | i.hasQualifiedName("javax.ejb", "EJBObject") | this.hasSupertype+(i))
+    exists(Interface i | i.hasQualifiedName(javaxOrJakarta() + ".ejb", "EJBObject") |
+      this.hasSupertype+(i)
+    )
  }
 }

 /** A message bean. */
 class MessageBean extends Class {
  MessageBean() {
-    exists(Interface i | i.hasQualifiedName("javax.ejb", "MessageDrivenBean") |
+    exists(Interface i | i.hasQualifiedName(javaxOrJakarta() + ".ejb", "MessageDrivenBean") |
      this.hasSupertype+(i)
    )
  }
@@ -60,6 +72,8 @@ class MessageBean extends Class {
 /** A session bean. */
 class SessionBean extends Class {
  SessionBean() {
-    exists(Interface i | i.hasQualifiedName("javax.ejb", "SessionBean") | this.hasSupertype+(i))
+    exists(Interface i | i.hasQualifiedName(javaxOrJakarta() + ".ejb", "SessionBean") |
+      this.hasSupertype+(i)
+    )
  }
 }
--- a/java/ql/lib/semmle/code/java/JMX.qll
+++ b/java/ql/lib/semmle/code/java/JMX.qll
@@ -18,7 +18,7 @@ class MBean extends ManagedBean {
 class MXBean extends ManagedBean {
  MXBean() {
    this.getQualifiedName().matches("%MXBean%") or
-    this.getAnAnnotation().getType().hasQualifiedName("javax.management", "MXBean")
+    this.getAnAnnotation().getType().hasQualifiedName(javaxOrJakarta() + ".management", "MXBean")
  }
 }

@@ -61,7 +61,7 @@ class JmxRegistrationCall extends MethodCall {
 class JmxRegistrationMethod extends Method {
  JmxRegistrationMethod() {
    // A direct registration with the `MBeanServer`.
-    this.getDeclaringType().hasQualifiedName("javax.management", "MBeanServer") and
+    this.getDeclaringType().hasQualifiedName(javaxOrJakarta() + ".management", "MBeanServer") and
    this.getName() = "registerMBean"
    or
    // The `MBeanServer` is often wrapped by an application specific management class, so identify
@@ -78,7 +78,7 @@ class JmxRegistrationMethod extends Method {
   */
  int getObjectPosition() {
    // Passed as the first argument to `registerMBean`.
-    this.getDeclaringType().hasQualifiedName("javax.management", "MBeanServer") and
+    this.getDeclaringType().hasQualifiedName(javaxOrJakarta() + ".management", "MBeanServer") and
    this.getName() = "registerMBean" and
    result = 0
    or
@@ -92,16 +92,20 @@ class JmxRegistrationMethod extends Method {
 /** The class `javax.management.remote.JMXConnectorFactory`. */
 class TypeJmxConnectorFactory extends Class {
  TypeJmxConnectorFactory() {
-    this.hasQualifiedName("javax.management.remote", "JMXConnectorFactory")
+    this.hasQualifiedName(javaxOrJakarta() + ".management.remote", "JMXConnectorFactory")
  }
 }

 /** The class `javax.management.remote.JMXServiceURL`. */
 class TypeJmxServiceUrl extends Class {
-  TypeJmxServiceUrl() { this.hasQualifiedName("javax.management.remote", "JMXServiceURL") }
+  TypeJmxServiceUrl() {
+    this.hasQualifiedName(javaxOrJakarta() + ".management.remote", "JMXServiceURL")
+  }
 }

 /** The class `javax.management.remote.rmi.RMIConnector`. */
 class TypeRmiConnector extends Class {
-  TypeRmiConnector() { this.hasQualifiedName("javax.management.remote.rmi", "RMIConnector") }
+  TypeRmiConnector() {
+    this.hasQualifiedName(javaxOrJakarta() + ".management.remote.rmi", "RMIConnector")
+  }
 }
--- a/java/ql/lib/semmle/code/java/deadcode/EntryPoints.qll
+++ b/java/ql/lib/semmle/code/java/deadcode/EntryPoints.qll
@@ -316,7 +316,7 @@ class FacesComponentReflectivelyConstructedClass extends ReflectivelyConstructed
 * Entry point for EJB home interfaces.
 */
 class EjbHome extends Interface, EntryPoint {
-  EjbHome() { this.getAnAncestor().hasQualifiedName("javax.ejb", "EJBHome") }
+  EjbHome() { this.getAnAncestor().hasQualifiedName(javaxOrJakarta() + ".ejb", "EJBHome") }

  override Callable getALiveCallable() { result = this.getACallable() }
 }
@@ -325,7 +325,7 @@ class EjbHome extends Interface, EntryPoint {
 * Entry point for EJB object interfaces.
 */
 class EjbObject extends Interface, EntryPoint {
-  EjbObject() { this.getAnAncestor().hasQualifiedName("javax.ejb", "EJBObject") }
+  EjbObject() { this.getAnAncestor().hasQualifiedName(javaxOrJakarta() + ".ejb", "EJBObject") }

  override Callable getALiveCallable() { result = this.getACallable() }
 }
@@ -341,7 +341,9 @@ class GsonDeserializationEntryPoint extends ReflectivelyConstructedClass {
 class JaxbDeserializationEntryPoint extends ReflectivelyConstructedClass {
  JaxbDeserializationEntryPoint() {
    // A class can be deserialized by JAXB if it's an `XmlRootElement`...
-    this.getAnAnnotation().getType().hasQualifiedName("javax.xml.bind.annotation", "XmlRootElement")
+    this.getAnAnnotation()
+        .getType()
+        .hasQualifiedName(javaxOrJakarta() + ".xml.bind.annotation", "XmlRootElement")
    or
    // ... or the type of an `XmlElement` field.
    exists(Field elementField |
--- a/java/ql/lib/semmle/code/java/deadcode/WebEntryPoints.qll
+++ b/java/ql/lib/semmle/code/java/deadcode/WebEntryPoints.qll
@@ -45,7 +45,7 @@ class ServletListenerClass extends ReflectivelyConstructedClass {
 */
 class ServletFilterClass extends ReflectivelyConstructedClass {
  ServletFilterClass() {
-    this.getAnAncestor().hasQualifiedName("javax.servlet", "Filter") and
+    this.getAnAncestor().hasQualifiedName(javaxOrJakarta() + ".servlet", "Filter") and
    // If we have seen any `web.xml` files, this filter will be considered to be live only if it is
    // referred to as a filter-class in at least one. If no `web.xml` files are found, we assume
    // that XML extraction was not enabled, and therefore consider all filter classes as live.
--- a/java/ql/lib/semmle/code/java/frameworks/JAXB.qll
+++ b/java/ql/lib/semmle/code/java/frameworks/JAXB.qll
@@ -6,20 +6,20 @@ import semmle.code.java.Type

 class JaxbElement extends Class {
  JaxbElement() {
-    this.getAnAncestor().hasQualifiedName("javax.xml.bind", "JAXBElement") or
+    this.getAnAncestor().hasQualifiedName(javaxOrJakarta() + ".xml.bind", "JAXBElement") or
    this.getAnAnnotation().getType().getName() = "XmlRootElement"
  }
 }

 class JaxbMarshalMethod extends Method {
  JaxbMarshalMethod() {
-    this.getDeclaringType().hasQualifiedName("javax.xml.bind", "Marshaller") and
+    this.getDeclaringType().hasQualifiedName(javaxOrJakarta() + ".xml.bind", "Marshaller") and
    this.getName() = "marshal"
  }
 }

 class JaxbAnnotationType extends AnnotationType {
-  JaxbAnnotationType() { this.getPackage().getName() = "javax.xml.bind.annotation" }
+  JaxbAnnotationType() { this.getPackage().getName() = javaxOrJakarta() + ".xml.bind.annotation" }
 }

 class JaxbAnnotated extends Annotatable {
--- a/java/ql/lib/semmle/code/java/frameworks/JavaxAnnotations.qll
+++ b/java/ql/lib/semmle/code/java/frameworks/JavaxAnnotations.qll
@@ -14,35 +14,45 @@ import java
 * A `@javax.annotation.Generated` annotation.
 */
 class GeneratedAnnotation extends Annotation {
-  GeneratedAnnotation() { this.getType().hasQualifiedName("javax.annotation", "Generated") }
+  GeneratedAnnotation() {
+    this.getType().hasQualifiedName(javaxOrJakarta() + ".annotation", "Generated")
+  }
 }

 /**
 * A `@javax.annotation.PostConstruct` annotation.
 */
 class PostConstructAnnotation extends Annotation {
-  PostConstructAnnotation() { this.getType().hasQualifiedName("javax.annotation", "PostConstruct") }
+  PostConstructAnnotation() {
+    this.getType().hasQualifiedName(javaxOrJakarta() + ".annotation", "PostConstruct")
+  }
 }

 /**
 * A `@javax.annotation.PreDestroy` annotation.
 */
 class PreDestroyAnnotation extends Annotation {
-  PreDestroyAnnotation() { this.getType().hasQualifiedName("javax.annotation", "PreDestroy") }
+  PreDestroyAnnotation() {
+    this.getType().hasQualifiedName(javaxOrJakarta() + ".annotation", "PreDestroy")
+  }
 }

 /**
 * A `@javax.annotation.Resource` annotation.
 */
 class ResourceAnnotation extends Annotation {
-  ResourceAnnotation() { this.getType().hasQualifiedName("javax.annotation", "Resource") }
+  ResourceAnnotation() {
+    this.getType().hasQualifiedName(javaxOrJakarta() + ".annotation", "Resource")
+  }
 }

 /**
 * A `@javax.annotation.Resources` annotation.
 */
 class ResourcesAnnotation extends Annotation {
-  ResourcesAnnotation() { this.getType().hasQualifiedName("javax.annotation", "Resources") }
+  ResourcesAnnotation() {
+    this.getType().hasQualifiedName(javaxOrJakarta() + ".annotation", "Resources")
+  }
 }

 /**
@@ -50,7 +60,7 @@ class ResourcesAnnotation extends Annotation {
 */
 class JavaxManagedBeanAnnotation extends Annotation {
  JavaxManagedBeanAnnotation() {
-    this.getType().hasQualifiedName("javax.annotation", "ManagedBean")
+    this.getType().hasQualifiedName(javaxOrJakarta() + ".annotation", "ManagedBean")
  }
 }

@@ -63,7 +73,7 @@ class JavaxManagedBeanAnnotation extends Annotation {
 */
 class DeclareRolesAnnotation extends Annotation {
  DeclareRolesAnnotation() {
-    this.getType().hasQualifiedName("javax.annotation.security", "DeclareRoles")
+    this.getType().hasQualifiedName(javaxOrJakarta() + ".annotation.security", "DeclareRoles")
  }
 }

@@ -71,7 +81,9 @@ class DeclareRolesAnnotation extends Annotation {
 * A `@javax.annotation.security.DenyAll` annotation.
 */
 class DenyAllAnnotation extends Annotation {
-  DenyAllAnnotation() { this.getType().hasQualifiedName("javax.annotation.security", "DenyAll") }
+  DenyAllAnnotation() {
+    this.getType().hasQualifiedName(javaxOrJakarta() + ".annotation.security", "DenyAll")
+  }
 }

 /**
@@ -79,7 +91,7 @@ class DenyAllAnnotation extends Annotation {
 */
 class PermitAllAnnotation extends Annotation {
  PermitAllAnnotation() {
-    this.getType().hasQualifiedName("javax.annotation.security", "PermitAll")
+    this.getType().hasQualifiedName(javaxOrJakarta() + ".annotation.security", "PermitAll")
  }
 }

@@ -88,7 +100,7 @@ class PermitAllAnnotation extends Annotation {
 */
 class RolesAllowedAnnotation extends Annotation {
  RolesAllowedAnnotation() {
-    this.getType().hasQualifiedName("javax.annotation.security", "RolesAllowed")
+    this.getType().hasQualifiedName(javaxOrJakarta() + ".annotation.security", "RolesAllowed")
  }
 }

@@ -96,7 +108,9 @@ class RolesAllowedAnnotation extends Annotation {
 * A `@javax.annotation.security.RunAs` annotation.
 */
 class RunAsAnnotation extends Annotation {
-  RunAsAnnotation() { this.getType().hasQualifiedName("javax.annotation.security", "RunAs") }
+  RunAsAnnotation() {
+    this.getType().hasQualifiedName(javaxOrJakarta() + ".annotation.security", "RunAs")
+  }
 }

 /*
@@ -107,7 +121,9 @@ class RunAsAnnotation extends Annotation {
 * A `@javax.interceptor.AroundInvoke` annotation.
 */
 class AroundInvokeAnnotation extends Annotation {
-  AroundInvokeAnnotation() { this.getType().hasQualifiedName("javax.interceptor", "AroundInvoke") }
+  AroundInvokeAnnotation() {
+    this.getType().hasQualifiedName(javaxOrJakarta() + ".interceptor", "AroundInvoke")
+  }
 }

 /**
@@ -115,7 +131,7 @@ class AroundInvokeAnnotation extends Annotation {
 */
 class ExcludeClassInterceptorsAnnotation extends Annotation {
  ExcludeClassInterceptorsAnnotation() {
-    this.getType().hasQualifiedName("javax.interceptor", "ExcludeClassInterceptors")
+    this.getType().hasQualifiedName(javaxOrJakarta() + ".interceptor", "ExcludeClassInterceptors")
  }
 }

@@ -124,7 +140,7 @@ class ExcludeClassInterceptorsAnnotation extends Annotation {
 */
 class ExcludeDefaultInterceptorsAnnotation extends Annotation {
  ExcludeDefaultInterceptorsAnnotation() {
-    this.getType().hasQualifiedName("javax.interceptor", "ExcludeDefaultInterceptors")
+    this.getType().hasQualifiedName(javaxOrJakarta() + ".interceptor", "ExcludeDefaultInterceptors")
  }
 }

@@ -132,7 +148,9 @@ class ExcludeDefaultInterceptorsAnnotation extends Annotation {
 * A `@javax.interceptor.Interceptors` annotation.
 */
 class InterceptorsAnnotation extends Annotation {
-  InterceptorsAnnotation() { this.getType().hasQualifiedName("javax.interceptor", "Interceptors") }
+  InterceptorsAnnotation() {
+    this.getType().hasQualifiedName(javaxOrJakarta() + ".interceptor", "Interceptors")
+  }
 }

 /*
@@ -143,14 +161,16 @@ class InterceptorsAnnotation extends Annotation {
 * A `@javax.jws.WebMethod` annotation.
 */
 class WebMethodAnnotation extends Annotation {
-  WebMethodAnnotation() { this.getType().hasQualifiedName("javax.jws", "WebMethod") }
+  WebMethodAnnotation() { this.getType().hasQualifiedName(javaxOrJakarta() + ".jws", "WebMethod") }
 }

 /**
 * A `@javax.jws.WebService` annotation.
 */
 class WebServiceAnnotation extends Annotation {
-  WebServiceAnnotation() { this.getType().hasQualifiedName("javax.jws", "WebService") }
+  WebServiceAnnotation() {
+    this.getType().hasQualifiedName(javaxOrJakarta() + ".jws", "WebService")
+  }
 }

 /*
@@ -161,7 +181,9 @@ class WebServiceAnnotation extends Annotation {
 * A `@javax.xml.ws.WebServiceRef` annotation.
 */
 class WebServiceRefAnnotation extends Annotation {
-  WebServiceRefAnnotation() { this.getType().hasQualifiedName("javax.xml.ws", "WebServiceRef") }
+  WebServiceRefAnnotation() {
+    this.getType().hasQualifiedName(javaxOrJakarta() + ".xml.ws", "WebServiceRef")
+  }
 }

 /*
--- a/java/ql/lib/semmle/code/java/frameworks/JaxWS.qll
+++ b/java/ql/lib/semmle/code/java/frameworks/JaxWS.qll
@@ -13,7 +13,7 @@ private import semmle.code.java.security.XSS
 /**
 * Gets a name for the root package of JAX-RS.
 */
-string getAJaxRsPackage() { result in ["javax.ws.rs", "jakarta.ws.rs"] }
+string getAJaxRsPackage() { result in [javaxOrJakarta() + ".ws.rs", "jakarta.ws.rs"] }

 /**
 * Gets a name for package `subpackage` within the JAX-RS hierarchy.
@@ -42,7 +42,7 @@ class JaxWsEndpoint extends Class {
    result.isPublic() and
    not result instanceof InitializerMethod and
    not exists(Annotation a | a = result.getAnAnnotation() |
-      a.getType().hasQualifiedName(["javax", "jakarta"] + ".jws", "WebMethod") and
+      a.getType().hasQualifiedName([javaxOrJakarta() + "", "jakarta"] + ".jws", "WebMethod") and
      a.getValue("exclude").(BooleanLiteral).getBooleanValue() = true
    ) and
    forex(ParamOrReturn paramOrRet | paramOrRet = result.getAParameter() or paramOrRet = result |
@@ -62,7 +62,7 @@ class JaxWsEndpoint extends Class {
 /** The annotation type `@XmlJavaTypeAdapter`. */
 class XmlJavaTypeAdapter extends AnnotationType {
  XmlJavaTypeAdapter() {
-    this.hasQualifiedName(["javax", "jakarta"] + ".xml.bind.annotation.adapters",
+    this.hasQualifiedName([javaxOrJakarta() + "", "jakarta"] + ".xml.bind.annotation.adapters",
      "XmlJavaTypeAdapter")
  }
 }
@@ -115,7 +115,7 @@ private class JaxAcceptableStandardClass extends RefType {
    this.hasQualifiedName("java.util", "Calendar") or
    this.hasQualifiedName("java.math", "BigInteger") or
    this.hasQualifiedName("java.math", "BigDecimal") or
-    this.hasQualifiedName("javax.xml.namespace", "QName") or
+    this.hasQualifiedName(javaxOrJakarta() + ".xml.namespace", "QName") or
    this instanceof TypeUri
  }
 }
@@ -292,7 +292,9 @@ class JaxRSAnnotation extends Annotation {
  JaxRSAnnotation() {
    exists(AnnotationType a |
      a = this.getType() and
-      a.getPackage().getName().regexpMatch(["javax\\.ws\\.rs(\\..*)?", "jakarta\\.ws\\.rs(\\..*)?"])
+      a.getPackage()
+          .getName()
+          .regexpMatch([javaxOrJakarta() + "\\.ws\\.rs(\\..*)?", "jakarta\\.ws\\.rs(\\..*)?"])
    )
  }
 }
--- a/java/ql/lib/semmle/code/java/frameworks/Jms.qll
+++ b/java/ql/lib/semmle/code/java/frameworks/Jms.qll
@@ -7,6 +7,6 @@ import java
 /** The method `ObjectMessage.getObject`. */
 class ObjectMessageGetObjectMethod extends Method {
  ObjectMessageGetObjectMethod() {
-    this.hasQualifiedName(["javax", "jakarta"] + ".jms", "ObjectMessage", "getObject")
+    this.hasQualifiedName([javaxOrJakarta() + "", "jakarta"] + ".jms", "ObjectMessage", "getObject")
  }
 }
--- a/java/ql/lib/semmle/code/java/frameworks/Jndi.qll
+++ b/java/ql/lib/semmle/code/java/frameworks/Jndi.qll
@@ -9,32 +9,34 @@ import java
 /*--- Types ---*/
 /** The interface `javax.naming.Context`. */
 class TypeNamingContext extends Interface {
-  TypeNamingContext() { this.hasQualifiedName("javax.naming", "Context") }
+  TypeNamingContext() { this.hasQualifiedName(javaxOrJakarta() + ".naming", "Context") }
 }

 /** The class `javax.naming.CompositeName`. */
 class TypeCompositeName extends Class {
-  TypeCompositeName() { this.hasQualifiedName("javax.naming", "CompositeName") }
+  TypeCompositeName() { this.hasQualifiedName(javaxOrJakarta() + ".naming", "CompositeName") }
 }

 /** The class `javax.naming.CompoundName`. */
 class TypeCompoundName extends Class {
-  TypeCompoundName() { this.hasQualifiedName("javax.naming", "CompoundName") }
+  TypeCompoundName() { this.hasQualifiedName(javaxOrJakarta() + ".naming", "CompoundName") }
 }

 /** The interface `javax.naming.directory.DirContext`. */
 class TypeDirContext extends Interface {
-  TypeDirContext() { this.hasQualifiedName("javax.naming.directory", "DirContext") }
+  TypeDirContext() { this.hasQualifiedName(javaxOrJakarta() + ".naming.directory", "DirContext") }
 }

 /** The class `javax.naming.directory.SearchControls` */
 class TypeSearchControls extends Class {
-  TypeSearchControls() { this.hasQualifiedName("javax.naming.directory", "SearchControls") }
+  TypeSearchControls() {
+    this.hasQualifiedName(javaxOrJakarta() + ".naming.directory", "SearchControls")
+  }
 }

 /** The class `javax.naming.ldap.LdapName`. */
 class TypeLdapName extends Class {
-  TypeLdapName() { this.hasQualifiedName("javax.naming.ldap", "LdapName") }
+  TypeLdapName() { this.hasQualifiedName(javaxOrJakarta() + ".naming.ldap", "LdapName") }
 }

 /*--- Methods ---*/
--- a/java/ql/lib/semmle/code/java/frameworks/Mail.qll
+++ b/java/ql/lib/semmle/code/java/frameworks/Mail.qll
@@ -8,7 +8,7 @@ import java
 * The class `javax.mail.Session` or `jakarta.mail.Session`.
 */
 class MailSession extends Class {
-  MailSession() { this.hasQualifiedName(["javax.mail", "jakarta.mail"], "Session") }
+  MailSession() { this.hasQualifiedName([javaxOrJakarta() + ".mail", "jakarta.mail"], "Session") }
 }

 /**
--- a/java/ql/lib/semmle/code/java/frameworks/Networking.qll
+++ b/java/ql/lib/semmle/code/java/frameworks/Networking.qll
@@ -20,7 +20,7 @@ class TypeSocket extends RefType {

 /** The type `javax.net.SocketFactory` */
 class TypeSocketFactory extends RefType {
-  TypeSocketFactory() { this.hasQualifiedName("javax.net", "SocketFactory") }
+  TypeSocketFactory() { this.hasQualifiedName(javaxOrJakarta() + ".net", "SocketFactory") }
 }

 /** The type `java.net.URL`. */
--- a/java/ql/lib/semmle/code/java/frameworks/Servlets.qll
+++ b/java/ql/lib/semmle/code/java/frameworks/Servlets.qll
@@ -12,7 +12,7 @@ import semmle.code.java.Type
 */
 class ServletRequest extends RefType {
  ServletRequest() {
-    this.hasQualifiedName("javax.servlet", "ServletRequest") or
+    this.hasQualifiedName(javaxOrJakarta() + ".servlet", "ServletRequest") or
    this instanceof HttpServletRequest
  }
 }
@@ -21,7 +21,9 @@ class ServletRequest extends RefType {
 * The interface `javax.servlet.http.HttpServletRequest`.
 */
 class HttpServletRequest extends RefType {
-  HttpServletRequest() { this.hasQualifiedName("javax.servlet.http", "HttpServletRequest") }
+  HttpServletRequest() {
+    this.hasQualifiedName(javaxOrJakarta() + ".servlet.http", "HttpServletRequest")
+  }
 }

 /**
@@ -168,7 +170,7 @@ class ServletRequestGetBodyMethod extends Method {
 */
 class ServletResponse extends RefType {
  ServletResponse() {
-    this.hasQualifiedName("javax.servlet", "ServletResponse") or
+    this.hasQualifiedName(javaxOrJakarta() + ".servlet", "ServletResponse") or
    this instanceof HttpServletResponse
  }
 }
@@ -177,7 +179,9 @@ class ServletResponse extends RefType {
 * The interface `javax.servlet.http.HttpServletResponse`.
 */
 class HttpServletResponse extends RefType {
-  HttpServletResponse() { this.hasQualifiedName("javax.servlet.http", "HttpServletResponse") }
+  HttpServletResponse() {
+    this.hasQualifiedName(javaxOrJakarta() + ".servlet.http", "HttpServletResponse")
+  }
 }

 /**
@@ -239,7 +243,7 @@ class ServletResponseGetOutputStreamMethod extends Method {

 /** The class `javax.servlet.http.Cookie`. */
 class TypeCookie extends Class {
-  TypeCookie() { this.hasQualifiedName("javax.servlet.http", "Cookie") }
+  TypeCookie() { this.hasQualifiedName(javaxOrJakarta() + ".servlet.http", "Cookie") }
 }

 /**
@@ -331,7 +335,7 @@ class ResponseSetContentTypeMethod extends Method {
 * A class that has `javax.servlet.Servlet` as an ancestor.
 */
 class ServletClass extends Class {
-  ServletClass() { this.getAnAncestor().hasQualifiedName("javax.servlet", "Servlet") }
+  ServletClass() { this.getAnAncestor().hasQualifiedName(javaxOrJakarta() + ".servlet", "Servlet") }
 }

 /**
@@ -342,13 +346,13 @@ class ServletClass extends Class {
 */
 class ServletWebXmlListenerType extends RefType {
  ServletWebXmlListenerType() {
-    this.hasQualifiedName("javax.servlet", "ServletContextAttributeListener") or
-    this.hasQualifiedName("javax.servlet", "ServletContextListener") or
-    this.hasQualifiedName("javax.servlet", "ServletRequestAttributeListener") or
-    this.hasQualifiedName("javax.servlet", "ServletRequestListener") or
-    this.hasQualifiedName("javax.servlet.http", "HttpSessionAttributeListener") or
-    this.hasQualifiedName("javax.servlet.http", "HttpSessionIdListener") or
-    this.hasQualifiedName("javax.servlet.http", "HttpSessionListener")
+    this.hasQualifiedName(javaxOrJakarta() + ".servlet", "ServletContextAttributeListener") or
+    this.hasQualifiedName(javaxOrJakarta() + ".servlet", "ServletContextListener") or
+    this.hasQualifiedName(javaxOrJakarta() + ".servlet", "ServletRequestAttributeListener") or
+    this.hasQualifiedName(javaxOrJakarta() + ".servlet", "ServletRequestListener") or
+    this.hasQualifiedName(javaxOrJakarta() + ".servlet.http", "HttpSessionAttributeListener") or
+    this.hasQualifiedName(javaxOrJakarta() + ".servlet.http", "HttpSessionIdListener") or
+    this.hasQualifiedName(javaxOrJakarta() + ".servlet.http", "HttpSessionListener")
    // Listeners that are not configured in `web.xml`:
    //  - `HttpSessionActivationListener`
    //  - `HttpSessionBindingListener`
@@ -373,8 +377,8 @@ predicate isRequestGetParamMethod(MethodCall ma) {
 /** The Java EE RequestDispatcher. */
 class RequestDispatcher extends RefType {
  RequestDispatcher() {
-    this.hasQualifiedName(["javax.servlet", "jakarta.servlet"], "RequestDispatcher") or
-    this.hasQualifiedName("javax.portlet", "PortletRequestDispatcher")
+    this.hasQualifiedName([javaxOrJakarta() + ".servlet", "jakarta.servlet"], "RequestDispatcher") or
+    this.hasQualifiedName(javaxOrJakarta() + ".portlet", "PortletRequestDispatcher")
  }
 }

@@ -398,7 +402,7 @@ class RequestDispatchMethod extends Method {
 * The interface `javax.servlet.ServletContext`.
 */
 class ServletContext extends RefType {
-  ServletContext() { this.hasQualifiedName("javax.servlet", "ServletContext") }
+  ServletContext() { this.hasQualifiedName(javaxOrJakarta() + ".servlet", "ServletContext") }
 }

 /** The `getResource` method of `ServletContext`. */
@@ -419,5 +423,5 @@ class GetServletResourceAsStreamMethod extends Method {

 /** The interface `javax.servlet.http.HttpSession` */
 class HttpServletSession extends RefType {
-  HttpServletSession() { this.hasQualifiedName("javax.servlet.http", "HttpSession") }
+  HttpServletSession() { this.hasQualifiedName(javaxOrJakarta() + ".servlet.http", "HttpSession") }
 }
--- a/java/ql/lib/semmle/code/java/frameworks/javaee/JavaServerFaces.qll
+++ b/java/ql/lib/semmle/code/java/frameworks/javaee/JavaServerFaces.qll
@@ -61,7 +61,7 @@ class FacesAccessibleType extends RefType {
 class FacesComponent extends Class {
  FacesComponent() {
    // Must extend UIComponent for it to be a valid component.
-    this.getAnAncestor().hasQualifiedName("javax.faces.component", "UIComponent") and
+    this.getAnAncestor().hasQualifiedName(javaxOrJakarta() + ".faces.component", "UIComponent") and
    (
      // Must be registered using either an annotation
      exists(FacesComponentAnnotation componentAnnotation |
--- a/java/ql/lib/semmle/code/java/frameworks/javaee/Persistence.qll
+++ b/java/ql/lib/semmle/code/java/frameworks/javaee/Persistence.qll
@@ -9,7 +9,9 @@ import java
 /**
 * Gets a JavaEE Persistence API package name.
 */
-string getAPersistencePackageName() { result = ["javax.persistence", "jakarta.persistence"] }
+string getAPersistencePackageName() {
+  result = [javaxOrJakarta() + ".persistence", "jakarta.persistence"]
+}

 /**
 * A `RefType` with the `@Entity` annotation that indicates that it can be persisted using a JPA
--- a/java/ql/lib/semmle/code/java/frameworks/javaee/Xml.qll
+++ b/java/ql/lib/semmle/code/java/frameworks/javaee/Xml.qll
@@ -33,7 +33,7 @@ private class ValidatorConfig extends TransformerConfig {

 /** The class `javax.xml.validation.Validator`. */
 private class Validator extends RefType {
-  Validator() { this.hasQualifiedName("javax.xml.validation", "Validator") }
+  Validator() { this.hasQualifiedName(javaxOrJakarta() + ".xml.validation", "Validator") }
 }

 /** A safely configured `Validator`. */
--- a/java/ql/lib/semmle/code/java/frameworks/javaee/ejb/EJB.qll
+++ b/java/ql/lib/semmle/code/java/frameworks/javaee/ejb/EJB.qll
@@ -64,7 +64,7 @@ class SessionEjb extends EJB {
    result = this.getASupertype() and
    not result.hasQualifiedName("java.io", "Serializable") and
    not result.hasQualifiedName("java.io", "Externalizable") and
-    not result.getPackage().getName() = "javax.ejb"
+    not result.getPackage().getName() = javaxOrJakarta() + ".ejb"
  }

  /** Any remote interfaces of this EJB. */
@@ -216,14 +216,14 @@ abstract class BusinessInterfaceAnnotation extends EjbInterfaceAnnotation { }
 * An instance of a `@Remote` annotation.
 */
 class RemoteAnnotation extends BusinessInterfaceAnnotation {
-  RemoteAnnotation() { this.getType().hasQualifiedName("javax.ejb", "Remote") }
+  RemoteAnnotation() { this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "Remote") }
 }

 /**
 * An instance of a `@Local` annotation.
 */
 class LocalAnnotation extends BusinessInterfaceAnnotation {
-  LocalAnnotation() { this.getType().hasQualifiedName("javax.ejb", "Local") }
+  LocalAnnotation() { this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "Local") }
 }

 /**
@@ -330,7 +330,7 @@ class LocalAnnotatedBusinessInterface extends AnnotatedBusinessInterface {
 * A `@javax.ejb.Init` annotation.
 */
 class InitAnnotation extends Annotation {
-  InitAnnotation() { this.getType().hasQualifiedName("javax.ejb", "Init") }
+  InitAnnotation() { this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "Init") }
 }

 /**
@@ -383,14 +383,16 @@ abstract class HomeAnnotation extends EjbInterfaceAnnotation { }
 * An instance of a `@RemoteHome` annotation.
 */
 class RemoteHomeAnnotation extends HomeAnnotation {
-  RemoteHomeAnnotation() { this.getType().hasQualifiedName("javax.ejb", "RemoteHome") }
+  RemoteHomeAnnotation() {
+    this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "RemoteHome")
+  }
 }

 /**
 * An instance of a `@LocalHome` annotation.
 */
 class LocalHomeAnnotation extends HomeAnnotation {
-  LocalHomeAnnotation() { this.getType().hasQualifiedName("javax.ejb", "LocalHome") }
+  LocalHomeAnnotation() { this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "LocalHome") }
 }

 /**
@@ -748,7 +750,9 @@ Type inheritsMatchingCreateMethodExceptThrows(StatefulSessionEjb ejb, EjbInterfa
 * A `@javax.ejb.AccessTimeout` annotation.
 */
 class AccessTimeoutAnnotation extends Annotation {
-  AccessTimeoutAnnotation() { this.getType().hasQualifiedName("javax.ejb", "AccessTimeout") }
+  AccessTimeoutAnnotation() {
+    this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "AccessTimeout")
+  }
 }

 /**
@@ -756,7 +760,7 @@ class AccessTimeoutAnnotation extends Annotation {
 */
 class ActivationConfigPropertyAnnotation extends Annotation {
  ActivationConfigPropertyAnnotation() {
-    this.getType().hasQualifiedName("javax.ejb", "ActivationConfigProperty")
+    this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "ActivationConfigProperty")
  }
 }

@@ -764,14 +768,18 @@ class ActivationConfigPropertyAnnotation extends Annotation {
 * A `@javax.ejb.AfterBegin` annotation.
 */
 class AfterBeginAnnotation extends Annotation {
-  AfterBeginAnnotation() { this.getType().hasQualifiedName("javax.ejb", "AfterBegin") }
+  AfterBeginAnnotation() {
+    this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "AfterBegin")
+  }
 }

 /**
 * A `@javax.ejb.AfterCompletion` annotation.
 */
 class AfterCompletionAnnotation extends Annotation {
-  AfterCompletionAnnotation() { this.getType().hasQualifiedName("javax.ejb", "AfterCompletion") }
+  AfterCompletionAnnotation() {
+    this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "AfterCompletion")
+  }
 }

 /**
@@ -779,7 +787,7 @@ class AfterCompletionAnnotation extends Annotation {
 */
 class ApplicationExceptionAnnotation extends Annotation {
  ApplicationExceptionAnnotation() {
-    this.getType().hasQualifiedName("javax.ejb", "ApplicationException")
+    this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "ApplicationException")
  }
 }

@@ -787,14 +795,18 @@ class ApplicationExceptionAnnotation extends Annotation {
 * A `@javax.ejb.Asynchronous` annotation.
 */
 class AsynchronousAnnotation extends Annotation {
-  AsynchronousAnnotation() { this.getType().hasQualifiedName("javax.ejb", "Asynchronous") }
+  AsynchronousAnnotation() {
+    this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "Asynchronous")
+  }
 }

 /**
 * A `@javax.ejb.BeforeCompletion` annotation.
 */
 class BeforeCompletionAnnotation extends Annotation {
-  BeforeCompletionAnnotation() { this.getType().hasQualifiedName("javax.ejb", "BeforeCompletion") }
+  BeforeCompletionAnnotation() {
+    this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "BeforeCompletion")
+  }
 }

 /**
@@ -802,7 +814,7 @@ class BeforeCompletionAnnotation extends Annotation {
 */
 class ConcurrencyManagementAnnotation extends Annotation {
  ConcurrencyManagementAnnotation() {
-    this.getType().hasQualifiedName("javax.ejb", "ConcurrencyManagement")
+    this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "ConcurrencyManagement")
  }
 }

@@ -810,119 +822,127 @@ class ConcurrencyManagementAnnotation extends Annotation {
 * A `@javax.ejb.DependsOn` annotation.
 */
 class DependsOnAnnotation extends Annotation {
-  DependsOnAnnotation() { this.getType().hasQualifiedName("javax.ejb", "DependsOn") }
+  DependsOnAnnotation() { this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "DependsOn") }
 }

 /**
 * A `@javax.ejb.EJB` annotation.
 */
 class EjbAnnotation extends Annotation {
-  EjbAnnotation() { this.getType().hasQualifiedName("javax.ejb", "EJB") }
+  EjbAnnotation() { this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "EJB") }
 }

 /**
 * A `@javax.ejb.EJBs` annotation.
 */
 class EJBsAnnotation extends Annotation {
-  EJBsAnnotation() { this.getType().hasQualifiedName("javax.ejb", "EJBs") }
+  EJBsAnnotation() { this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "EJBs") }
 }

 /**
 * A `@javax.ejb.LocalBean` annotation.
 */
 class LocalBeanAnnotation extends Annotation {
-  LocalBeanAnnotation() { this.getType().hasQualifiedName("javax.ejb", "LocalBean") }
+  LocalBeanAnnotation() { this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "LocalBean") }
 }

 /**
 * A `@javax.ejb.Lock` annotation.
 */
 class LockAnnotation extends Annotation {
-  LockAnnotation() { this.getType().hasQualifiedName("javax.ejb", "Lock") }
+  LockAnnotation() { this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "Lock") }
 }

 /**
 * A `@javax.ejb.MessageDriven` annotation.
 */
 class MessageDrivenAnnotation extends Annotation {
-  MessageDrivenAnnotation() { this.getType().hasQualifiedName("javax.ejb", "MessageDriven") }
+  MessageDrivenAnnotation() {
+    this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "MessageDriven")
+  }
 }

 /**
 * A `@javax.ejb.PostActivate` annotation.
 */
 class PostActivateAnnotation extends Annotation {
-  PostActivateAnnotation() { this.getType().hasQualifiedName("javax.ejb", "PostActivate") }
+  PostActivateAnnotation() {
+    this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "PostActivate")
+  }
 }

 /**
 * A `@javax.ejb.PrePassivate` annotation.
 */
 class PrePassivateAnnotation extends Annotation {
-  PrePassivateAnnotation() { this.getType().hasQualifiedName("javax.ejb", "PrePassivate") }
+  PrePassivateAnnotation() {
+    this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "PrePassivate")
+  }
 }

 /**
 * A `@javax.ejb.Remove` annotation.
 */
 class RemoveAnnotation extends Annotation {
-  RemoveAnnotation() { this.getType().hasQualifiedName("javax.ejb", "Remove") }
+  RemoveAnnotation() { this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "Remove") }
 }

 /**
 * A `@javax.ejb.Schedule` annotation.
 */
 class ScheduleAnnotation extends Annotation {
-  ScheduleAnnotation() { this.getType().hasQualifiedName("javax.ejb", "Schedule") }
+  ScheduleAnnotation() { this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "Schedule") }
 }

 /**
 * A `@javax.ejb.Schedules` annotation.
 */
 class SchedulesAnnotation extends Annotation {
-  SchedulesAnnotation() { this.getType().hasQualifiedName("javax.ejb", "Schedules") }
+  SchedulesAnnotation() { this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "Schedules") }
 }

 /**
 * A `@javax.ejb.Singleton` annotation.
 */
 class SingletonAnnotation extends Annotation {
-  SingletonAnnotation() { this.getType().hasQualifiedName("javax.ejb", "Singleton") }
+  SingletonAnnotation() { this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "Singleton") }
 }

 /**
 * A `@javax.ejb.Startup` annotation.
 */
 class StartupAnnotation extends Annotation {
-  StartupAnnotation() { this.getType().hasQualifiedName("javax.ejb", "Startup") }
+  StartupAnnotation() { this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "Startup") }
 }

 /**
 * A `@javax.ejb.Stateful` annotation.
 */
 class StatefulAnnotation extends Annotation {
-  StatefulAnnotation() { this.getType().hasQualifiedName("javax.ejb", "Stateful") }
+  StatefulAnnotation() { this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "Stateful") }
 }

 /**
 * A `@javax.ejb.StatefulTimeout` annotation.
 */
 class StatefulTimeoutAnnotation extends Annotation {
-  StatefulTimeoutAnnotation() { this.getType().hasQualifiedName("javax.ejb", "StatefulTimeout") }
+  StatefulTimeoutAnnotation() {
+    this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "StatefulTimeout")
+  }
 }

 /**
 * A `@javax.ejb.Stateless` annotation.
 */
 class StatelessAnnotation extends Annotation {
-  StatelessAnnotation() { this.getType().hasQualifiedName("javax.ejb", "Stateless") }
+  StatelessAnnotation() { this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "Stateless") }
 }

 /**
 * A `@javax.ejb.Timeout` annotation.
 */
 class TimeoutAnnotation extends Annotation {
-  TimeoutAnnotation() { this.getType().hasQualifiedName("javax.ejb", "Timeout") }
+  TimeoutAnnotation() { this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "Timeout") }
 }

 /**
@@ -930,7 +950,7 @@ class TimeoutAnnotation extends Annotation {
 */
 class TransactionAttributeAnnotation extends Annotation {
  TransactionAttributeAnnotation() {
-    this.getType().hasQualifiedName("javax.ejb", "TransactionAttribute")
+    this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "TransactionAttribute")
  }
 }

@@ -939,7 +959,7 @@ class TransactionAttributeAnnotation extends Annotation {
 */
 class TransactionManagementAnnotation extends Annotation {
  TransactionManagementAnnotation() {
-    this.getType().hasQualifiedName("javax.ejb", "TransactionManagement")
+    this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "TransactionManagement")
  }
 }

@@ -951,7 +971,10 @@ class RequiredTransactionAttributeAnnotation extends TransactionAttributeAnnotat
  RequiredTransactionAttributeAnnotation() {
    exists(FieldRead fr |
      this.getValue("value") = fr and
-      fr.getField().getType().(RefType).hasQualifiedName("javax.ejb", "TransactionAttributeType") and
+      fr.getField()
+          .getType()
+          .(RefType)
+          .hasQualifiedName(javaxOrJakarta() + ".ejb", "TransactionAttributeType") and
      fr.getField().getName() = "REQUIRED"
    )
  }
@@ -965,7 +988,10 @@ class RequiresNewTransactionAttributeAnnotation extends TransactionAttributeAnno
  RequiresNewTransactionAttributeAnnotation() {
    exists(FieldRead fr |
      this.getValue("value") = fr and
-      fr.getField().getType().(RefType).hasQualifiedName("javax.ejb", "TransactionAttributeType") and
+      fr.getField()
+          .getType()
+          .(RefType)
+          .hasQualifiedName(javaxOrJakarta() + ".ejb", "TransactionAttributeType") and
      fr.getField().getName() = "REQUIRES_NEW"
    )
  }
@@ -999,7 +1025,9 @@ TransactionAttributeAnnotation getInnermostTransactionAttributeAnnotation(Method
 */
 class SetRollbackOnlyMethod extends Method {
  SetRollbackOnlyMethod() {
-    this.getDeclaringType().getAnAncestor().hasQualifiedName("javax.ejb", "EJBContext") and
+    this.getDeclaringType()
+        .getAnAncestor()
+        .hasQualifiedName(javaxOrJakarta() + ".ejb", "EJBContext") and
    this.getName() = "setRollbackOnly" and
    this.hasNoParameters()
  }
--- a/java/ql/lib/semmle/code/java/frameworks/javaee/ejb/EJBRestrictions.qll
+++ b/java/ql/lib/semmle/code/java/frameworks/javaee/ejb/EJBRestrictions.qll
@@ -159,8 +159,8 @@ class GraphicsPackage extends Package {
  GraphicsPackage() {
    this.getName() = "java.awt" or
    this.getName().matches("java.awt.%") or
-    this.getName() = "javax.swing" or
-    this.getName().matches("javax.swing.%")
+    this.getName() = javaxOrJakarta() + ".swing" or
+    this.getName().matches(javaxOrJakarta() + ".swing.%")
  }
 }

--- a/java/ql/lib/semmle/code/java/frameworks/javaee/jsf/JSFAnnotations.qll
+++ b/java/ql/lib/semmle/code/java/frameworks/javaee/jsf/JSFAnnotations.qll
@@ -9,7 +9,7 @@ import default
 */
 class FacesManagedBeanAnnotation extends Annotation {
  FacesManagedBeanAnnotation() {
-    this.getType().hasQualifiedName("javax.faces.bean", "ManagedBean")
+    this.getType().hasQualifiedName(javaxOrJakarta() + ".faces.bean", "ManagedBean")
  }

  /**
@@ -25,7 +25,7 @@ class FacesManagedBeanAnnotation extends Annotation {
 */
 class FacesComponentAnnotation extends Annotation {
  FacesComponentAnnotation() {
-    this.getType().hasQualifiedName("javax.faces.component", "FacesComponent")
+    this.getType().hasQualifiedName(javaxOrJakarta() + ".faces.component", "FacesComponent")
  }

  /**
--- a/java/ql/lib/semmle/code/java/frameworks/javaee/jsf/JSFRenderer.qll
+++ b/java/ql/lib/semmle/code/java/frameworks/javaee/jsf/JSFRenderer.qll
@@ -9,7 +9,8 @@ import java
 */
 class FacesContext extends RefType {
  FacesContext() {
-    this.hasQualifiedName(["javax.faces.context", "jakarta.faces.context"], "FacesContext")
+    this.hasQualifiedName([javaxOrJakarta() + ".faces.context", "jakarta.faces.context"],
+      "FacesContext")
  }
 }

--- a/java/ql/lib/semmle/code/java/frameworks/spring/SpringAutowire.qll
+++ b/java/ql/lib/semmle/code/java/frameworks/spring/SpringAutowire.qll
@@ -14,7 +14,7 @@ import SpringComponentScan
 predicate hasInjectAnnotation(Annotatable a) {
  a.hasAnnotation("org.springframework.beans.factory.annotation", "Autowired") or
  a.getAnAnnotation() instanceof SpringResourceAnnotation or
-  a.hasAnnotation("javax.inject", "Inject")
+  a.hasAnnotation(javaxOrJakarta() + ".inject", "Inject")
 }

 /**
@@ -292,7 +292,7 @@ class SpringBeanAutowiredField extends Field {
 class SpringQualifierAnnotationType extends AnnotationType {
  SpringQualifierAnnotationType() {
    this.hasQualifiedName("org.springframework.beans.factory.annotation", "Qualifier") or
-    this.hasQualifiedName("javax.inject", "Qualifier") or
+    this.hasQualifiedName(javaxOrJakarta() + ".inject", "Qualifier") or
    this.getAnAnnotation().getType() instanceof SpringQualifierAnnotationType
  }
 }
@@ -340,7 +340,9 @@ class SpringQualifierAnnotation extends Annotation {
 * autowired by Spring, and can optionally specify a qualifier in the "name".
 */
 class SpringResourceAnnotation extends Annotation {
-  SpringResourceAnnotation() { this.getType().hasQualifiedName("javax.inject", "Resource") }
+  SpringResourceAnnotation() {
+    this.getType().hasQualifiedName(javaxOrJakarta() + ".inject", "Resource")
+  }

  /**
   * Gets the specified name value, if any.
--- a/java/ql/lib/semmle/code/java/frameworks/spring/SpringController.qll
+++ b/java/ql/lib/semmle/code/java/frameworks/spring/SpringController.qll
@@ -210,10 +210,22 @@ class SpringRequestMappingParameter extends Parameter {
  predicate isNotDirectlyTaintedInput() {
    this.getType().(RefType).getAnAncestor() instanceof SpringWebRequest or
    this.getType().(RefType).getAnAncestor() instanceof SpringNativeWebRequest or
-    this.getType().(RefType).getAnAncestor().hasQualifiedName("javax.servlet", "ServletRequest") or
-    this.getType().(RefType).getAnAncestor().hasQualifiedName("javax.servlet", "ServletResponse") or
-    this.getType().(RefType).getAnAncestor().hasQualifiedName("javax.servlet.http", "HttpSession") or
-    this.getType().(RefType).getAnAncestor().hasQualifiedName("javax.servlet.http", "PushBuilder") or
+    this.getType()
+        .(RefType)
+        .getAnAncestor()
+        .hasQualifiedName(javaxOrJakarta() + ".servlet", "ServletRequest") or
+    this.getType()
+        .(RefType)
+        .getAnAncestor()
+        .hasQualifiedName(javaxOrJakarta() + ".servlet", "ServletResponse") or
+    this.getType()
+        .(RefType)
+        .getAnAncestor()
+        .hasQualifiedName(javaxOrJakarta() + ".servlet.http", "HttpSession") or
+    this.getType()
+        .(RefType)
+        .getAnAncestor()
+        .hasQualifiedName(javaxOrJakarta() + ".servlet.http", "PushBuilder") or
    this.getType().(RefType).getAnAncestor().hasQualifiedName("java.security", "Principal") or
    this.getType()
        .(RefType)
--- a/java/ql/lib/semmle/code/java/security/CleartextStorageCookieQuery.qll
+++ b/java/ql/lib/semmle/code/java/security/CleartextStorageCookieQuery.qll
@@ -23,7 +23,9 @@ private class CookieCleartextStorageSink extends CleartextStorageSink {
 /** The instantiation of a cookie, which can act as storage. */
 class Cookie extends Storable, ClassInstanceExpr {
  Cookie() {
-    this.getConstructor().getDeclaringType().hasQualifiedName("javax.servlet.http", "Cookie")
+    this.getConstructor()
+        .getDeclaringType()
+        .hasQualifiedName(javaxOrJakarta() + ".servlet.http", "Cookie")
  }

  /** Gets an input, for example `input` in `new Cookie("...", input);`. */
@@ -42,7 +44,8 @@ private predicate cookieStore(DataFlow::Node cookie, Expr store) {
  exists(MethodCall m, Method def |
    m.getMethod() = def and
    def.getName() = "addCookie" and
-    def.getDeclaringType().hasQualifiedName("javax.servlet.http", "HttpServletResponse") and
+    def.getDeclaringType()
+        .hasQualifiedName(javaxOrJakarta() + ".servlet.http", "HttpServletResponse") and
    store = m and
    cookie.asExpr() = m.getAnArgument()
  )
--- a/java/ql/lib/semmle/code/java/security/Encryption.qll
+++ b/java/ql/lib/semmle/code/java/security/Encryption.qll
@@ -9,56 +9,58 @@ import java
 class SslClass extends RefType {
  SslClass() {
    exists(Class c | this.getAnAncestor() = c |
-      c.hasQualifiedName("javax.net.ssl", _) or
-      c.hasQualifiedName("javax.rmi.ssl", _)
+      c.hasQualifiedName(javaxOrJakarta() + ".net.ssl", _) or
+      c.hasQualifiedName(javaxOrJakarta() + ".rmi.ssl", _)
    )
  }
 }

 class X509TrustManager extends RefType {
-  X509TrustManager() { this.hasQualifiedName("javax.net.ssl", "X509TrustManager") }
+  X509TrustManager() { this.hasQualifiedName(javaxOrJakarta() + ".net.ssl", "X509TrustManager") }
 }

 /** The `javax.net.ssl.HttpsURLConnection` class. */
 class HttpsUrlConnection extends RefType {
-  HttpsUrlConnection() { this.hasQualifiedName("javax.net.ssl", "HttpsURLConnection") }
+  HttpsUrlConnection() {
+    this.hasQualifiedName(javaxOrJakarta() + ".net.ssl", "HttpsURLConnection")
+  }
 }

 class SslSocketFactory extends RefType {
-  SslSocketFactory() { this.hasQualifiedName("javax.net.ssl", "SSLSocketFactory") }
+  SslSocketFactory() { this.hasQualifiedName(javaxOrJakarta() + ".net.ssl", "SSLSocketFactory") }
 }

 class SslContext extends RefType {
-  SslContext() { this.hasQualifiedName("javax.net.ssl", "SSLContext") }
+  SslContext() { this.hasQualifiedName(javaxOrJakarta() + ".net.ssl", "SSLContext") }
 }

 /** The `javax.net.ssl.SslSession` class. */
 class SslSession extends RefType {
-  SslSession() { this.hasQualifiedName("javax.net.ssl", "SSLSession") }
+  SslSession() { this.hasQualifiedName(javaxOrJakarta() + ".net.ssl", "SSLSession") }
 }

 /** The `javax.net.ssl.SslEngine` class. */
 class SslEngine extends RefType {
-  SslEngine() { this.hasQualifiedName("javax.net.ssl", "SSLEngine") }
+  SslEngine() { this.hasQualifiedName(javaxOrJakarta() + ".net.ssl", "SSLEngine") }
 }

 /** The `javax.net.ssl.SslSocket` class. */
 class SslSocket extends RefType {
-  SslSocket() { this.hasQualifiedName("javax.net.ssl", "SSLSocket") }
+  SslSocket() { this.hasQualifiedName(javaxOrJakarta() + ".net.ssl", "SSLSocket") }
 }

 /** The `javax.net.ssl.SslParameters` class. */
 class SslParameters extends RefType {
-  SslParameters() { this.hasQualifiedName("javax.net.ssl", "SSLParameters") }
+  SslParameters() { this.hasQualifiedName(javaxOrJakarta() + ".net.ssl", "SSLParameters") }
 }

 class HostnameVerifier extends RefType {
-  HostnameVerifier() { this.hasQualifiedName("javax.net.ssl", "HostnameVerifier") }
+  HostnameVerifier() { this.hasQualifiedName(javaxOrJakarta() + ".net.ssl", "HostnameVerifier") }
 }

 /** The Java class `javax.crypto.KeyGenerator`. */
 class KeyGenerator extends RefType {
-  KeyGenerator() { this.hasQualifiedName("javax.crypto", "KeyGenerator") }
+  KeyGenerator() { this.hasQualifiedName(javaxOrJakarta() + ".crypto", "KeyGenerator") }
 }

 /** The Java class `java.security.KeyPairGenerator`. */
@@ -292,7 +294,7 @@ abstract class JavaxCryptoAlgoSpec extends CryptoAlgoSpec { }
 class JavaxCryptoCipher extends JavaxCryptoAlgoSpec {
  JavaxCryptoCipher() {
    exists(Method m | m.getAReference() = this |
-      m.hasQualifiedName("javax.crypto", "Cipher", "getInstance")
+      m.hasQualifiedName(javaxOrJakarta() + ".crypto", "Cipher", "getInstance")
    )
  }

@@ -302,7 +304,7 @@ class JavaxCryptoCipher extends JavaxCryptoAlgoSpec {
 class JavaxCryptoSecretKey extends JavaxCryptoAlgoSpec {
  JavaxCryptoSecretKey() {
    exists(Constructor c | c.getAReference() = this |
-      c.getDeclaringType().hasQualifiedName("javax.crypto.spec", "SecretKeySpec")
+      c.getDeclaringType().hasQualifiedName(javaxOrJakarta() + ".crypto.spec", "SecretKeySpec")
    )
  }

@@ -327,7 +329,7 @@ class JavaxCryptoKeyGenerator extends JavaxCryptoAlgoSpec {
 class JavaxCryptoKeyAgreement extends JavaxCryptoAlgoSpec {
  JavaxCryptoKeyAgreement() {
    exists(Method m | m.getAReference() = this |
-      m.hasQualifiedName("javax.crypto", "KeyAgreement", "getInstance")
+      m.hasQualifiedName(javaxOrJakarta() + ".crypto", "KeyAgreement", "getInstance")
    )
  }

@@ -337,7 +339,7 @@ class JavaxCryptoKeyAgreement extends JavaxCryptoAlgoSpec {
 class JavaxCryptoKeyFactory extends JavaxCryptoAlgoSpec {
  JavaxCryptoKeyFactory() {
    exists(Method m | m.getAReference() = this |
-      m.hasQualifiedName("javax.crypto", "SecretKeyFactory", "getInstance")
+      m.hasQualifiedName(javaxOrJakarta() + ".crypto", "SecretKeyFactory", "getInstance")
    )
  }

@@ -429,5 +431,7 @@ class DsaGenParameterSpec extends AlgorithmParameterSpec {

 /** The Java class `javax.crypto.spec.DHGenParameterSpec`. */
 class DhGenParameterSpec extends AlgorithmParameterSpec {
-  DhGenParameterSpec() { this.hasQualifiedName("javax.crypto.spec", "DHGenParameterSpec") }
+  DhGenParameterSpec() {
+    this.hasQualifiedName(javaxOrJakarta() + ".crypto.spec", "DHGenParameterSpec")
+  }
 }
--- a/java/ql/lib/semmle/code/java/security/InsecureBeanValidationQuery.qll
+++ b/java/ql/lib/semmle/code/java/security/InsecureBeanValidationQuery.qll
@@ -25,7 +25,7 @@ class SetMessageInterpolatorCall extends MethodCall {
      this.getMethod() = m and
      m.getDeclaringType().getASourceSupertype*() = t and
      (
-        t.hasQualifiedName("javax.validation", ["Configuration", "ValidatorContext"]) and
+        t.hasQualifiedName(javaxOrJakarta() + ".validation", ["Configuration", "ValidatorContext"]) and
        m.getName() = "messageInterpolator"
        or
        t.hasQualifiedName("org.springframework.validation.beanvalidation",
--- a/java/ql/lib/semmle/code/java/security/XSS.qll
+++ b/java/ql/lib/semmle/code/java/security/XSS.qll
@@ -127,7 +127,7 @@ class XssVulnerableWriterSource extends MethodCall {
    )
    or
    exists(Method m | m = this.getMethod() |
-      m.hasQualifiedName("javax.servlet.jsp", "JspContext", "getOut")
+      m.hasQualifiedName(javaxOrJakarta() + ".servlet.jsp", "JspContext", "getOut")
    )
    or
    this.getMethod() instanceof FacesGetResponseWriterMethod
--- a/java/ql/lib/semmle/code/java/security/XmlParsers.qll
+++ b/java/ql/lib/semmle/code/java/security/XmlParsers.qll
@@ -62,12 +62,14 @@ abstract class ParserConfig extends MethodCall {

 /** The class `javax.xml.parsers.DocumentBuilderFactory`. */
 class DocumentBuilderFactory extends RefType {
-  DocumentBuilderFactory() { this.hasQualifiedName("javax.xml.parsers", "DocumentBuilderFactory") }
+  DocumentBuilderFactory() {
+    this.hasQualifiedName(javaxOrJakarta() + ".xml.parsers", "DocumentBuilderFactory")
+  }
 }

 /** The class `javax.xml.parsers.DocumentBuilder`. */
 class DocumentBuilder extends RefType {
-  DocumentBuilder() { this.hasQualifiedName("javax.xml.parsers", "DocumentBuilder") }
+  DocumentBuilder() { this.hasQualifiedName(javaxOrJakarta() + ".xml.parsers", "DocumentBuilder") }
 }

 /** A call to `DocumentBuilder.parse`. */
@@ -174,7 +176,7 @@ class SafeDocumentBuilder extends DocumentBuilderConstruction {

 /** The class `javax.xml.stream.XMLInputFactory`. */
 class XmlInputFactory extends RefType {
-  XmlInputFactory() { this.hasQualifiedName("javax.xml.stream", "XMLInputFactory") }
+  XmlInputFactory() { this.hasQualifiedName(javaxOrJakarta() + ".xml.stream", "XMLInputFactory") }
 }

 /** A call to `XMLInputFactory.createXMLStreamReader`. */
@@ -243,7 +245,8 @@ class XmlInputFactoryConfig extends ParserConfig {
 * An `XmlInputFactory` specific expression that indicates whether parsing external entities is supported.
 */
 Expr configOptionIsSupportingExternalEntities() {
-  result.(ConstantStringExpr).getStringValue() = "javax.xml.stream.isSupportingExternalEntities"
+  result.(ConstantStringExpr).getStringValue() =
+    javaxOrJakarta() + ".xml.stream.isSupportingExternalEntities"
  or
  exists(Field f |
    result = f.getAnAccess() and
@@ -256,7 +259,7 @@ Expr configOptionIsSupportingExternalEntities() {
 * An `XmlInputFactory` specific expression that indicates whether DTD is supported.
 */
 Expr configOptionSupportDtd() {
-  result.(ConstantStringExpr).getStringValue() = "javax.xml.stream.supportDTD"
+  result.(ConstantStringExpr).getStringValue() = javaxOrJakarta() + ".xml.stream.supportDTD"
  or
  exists(Field f |
    result = f.getAnAccess() and
@@ -357,12 +360,14 @@ class SafeSaxBuilder extends VarAccess {
 * The class `javax.xml.parsers.SAXParser`.
 */
 class SaxParser extends RefType {
-  SaxParser() { this.hasQualifiedName("javax.xml.parsers", "SAXParser") }
+  SaxParser() { this.hasQualifiedName(javaxOrJakarta() + ".xml.parsers", "SAXParser") }
 }

 /** The class `javax.xml.parsers.SAXParserFactory`. */
 class SaxParserFactory extends RefType {
-  SaxParserFactory() { this.hasQualifiedName("javax.xml.parsers", "SAXParserFactory") }
+  SaxParserFactory() {
+    this.hasQualifiedName(javaxOrJakarta() + ".xml.parsers", "SAXParserFactory")
+  }
 }

 /** A call to `SAXParser.parse`. */
@@ -635,7 +640,7 @@ class CreatedSafeXmlReader extends Call {

 /** The class `javax.xml.transform.sax.SAXSource` */
 class SaxSource extends RefType {
-  SaxSource() { this.hasQualifiedName("javax.xml.transform.sax", "SAXSource") }
+  SaxSource() { this.hasQualifiedName(javaxOrJakarta() + ".xml.transform.sax", "SAXSource") }
 }

 /** A call to the constructor of `SAXSource` with `XmlReader` and `InputSource`. */
@@ -697,7 +702,7 @@ abstract class TransformerConfig extends MethodCall {

 /** The class `javax.xml.XMLConstants`. */
 class XmlConstants extends RefType {
-  XmlConstants() { this.hasQualifiedName("javax.xml", "XMLConstants") }
+  XmlConstants() { this.hasQualifiedName(javaxOrJakarta() + ".xml", "XMLConstants") }
 }

 /** A configuration specific for transformers and schema. */
@@ -739,14 +744,14 @@ Expr configAccessExternalSchema() {
 /** The class `javax.xml.transform.TransformerFactory` or `javax.xml.transform.sax.SAXTransformerFactory`. */
 class TransformerFactory extends RefType {
  TransformerFactory() {
-    this.hasQualifiedName("javax.xml.transform", "TransformerFactory") or
-    this.hasQualifiedName("javax.xml.transform.sax", "SAXTransformerFactory")
+    this.hasQualifiedName(javaxOrJakarta() + ".xml.transform", "TransformerFactory") or
+    this.hasQualifiedName(javaxOrJakarta() + ".xml.transform.sax", "SAXTransformerFactory")
  }
 }

 /** The class `javax.xml.transform.Transformer`. */
 class Transformer extends RefType {
-  Transformer() { this.hasQualifiedName("javax.xml.transform", "Transformer") }
+  Transformer() { this.hasQualifiedName(javaxOrJakarta() + ".xml.transform", "Transformer") }
 }

 /** A call to `Transformer.transform`. */
@@ -843,7 +848,8 @@ class SaxTransformerFactoryNewXmlFilter extends XmlParserCall {
  SaxTransformerFactoryNewXmlFilter() {
    exists(Method m |
      this.getMethod() = m and
-      m.getDeclaringType().hasQualifiedName("javax.xml.transform.sax", "SAXTransformerFactory") and
+      m.getDeclaringType()
+          .hasQualifiedName(javaxOrJakarta() + ".xml.transform.sax", "SAXTransformerFactory") and
      m.hasName("newXMLFilter")
    )
  }
@@ -858,7 +864,7 @@ class SaxTransformerFactoryNewXmlFilter extends XmlParserCall {
 /* Schema: https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html#schemafactory */
 /** The class `javax.xml.validation.SchemaFactory`. */
 class SchemaFactory extends RefType {
-  SchemaFactory() { this.hasQualifiedName("javax.xml.validation", "SchemaFactory") }
+  SchemaFactory() { this.hasQualifiedName(javaxOrJakarta() + ".xml.validation", "SchemaFactory") }
 }

 /** A `ParserConfig` specific to `SchemaFactory`. */
@@ -913,7 +919,7 @@ class SafeSchemaFactory extends VarAccess {
 /* Unmarshaller: https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html#jaxb-unmarshaller */
 /** The class `javax.xml.bind.Unmarshaller`. */
 class XmlUnmarshaller extends RefType {
-  XmlUnmarshaller() { this.hasQualifiedName("javax.xml.bind", "Unmarshaller") }
+  XmlUnmarshaller() { this.hasQualifiedName(javaxOrJakarta() + ".xml.bind", "Unmarshaller") }
 }

 /** A call to `Unmarshaller.unmarshal`. */
@@ -934,12 +940,12 @@ class XmlUnmarshal extends XmlParserCall {
 /* XPathExpression: https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html#xpathexpression */
 /** The interface `javax.xml.xpath.XPathExpression`. */
 class XPathExpression extends Interface {
-  XPathExpression() { this.hasQualifiedName("javax.xml.xpath", "XPathExpression") }
+  XPathExpression() { this.hasQualifiedName(javaxOrJakarta() + ".xml.xpath", "XPathExpression") }
 }

 /** The interface `java.xml.xpath.XPath`. */
 class XPath extends Interface {
-  XPath() { this.hasQualifiedName("javax.xml.xpath", "XPath") }
+  XPath() { this.hasQualifiedName(javaxOrJakarta() + ".xml.xpath", "XPath") }
 }

 /** A call to the method `evaluate` of the classes `XPathExpression` or `XPath`. */
--- a/java/ql/lib/semmle/code/java/security/XsltInjection.qll
+++ b/java/ql/lib/semmle/code/java/security/XsltInjection.qll
@@ -163,17 +163,17 @@ private predicate xsltPackageStep(DataFlow::Node n1, DataFlow::Node n2) {

 /** The class `javax.xml.transform.stax.StAXSource`. */
 private class TypeStAXSource extends Class {
-  TypeStAXSource() { this.hasQualifiedName("javax.xml.transform.stax", "StAXSource") }
+  TypeStAXSource() { this.hasQualifiedName(javaxOrJakarta() + ".xml.transform.stax", "StAXSource") }
 }

 /** The class `javax.xml.transform.dom.DOMSource`. */
 private class TypeDomSource extends Class {
-  TypeDomSource() { this.hasQualifiedName("javax.xml.transform.dom", "DOMSource") }
+  TypeDomSource() { this.hasQualifiedName(javaxOrJakarta() + ".xml.transform.dom", "DOMSource") }
 }

 /** The interface `javax.xml.transform.Templates`. */
 private class TypeTemplates extends Interface {
-  TypeTemplates() { this.hasQualifiedName("javax.xml.transform", "Templates") }
+  TypeTemplates() { this.hasQualifiedName(javaxOrJakarta() + ".xml.transform", "Templates") }
 }

 /** The class `net.sf.saxon.s9api.XsltCompiler`. */
@@ -205,7 +205,7 @@ private class DocumentBuilderParse extends MethodCall {

 /** The class `javax.xml.parsers.DocumentBuilder`. */
 private class DocumentBuilder extends RefType {
-  DocumentBuilder() { this.hasQualifiedName("javax.xml.parsers", "DocumentBuilder") }
+  DocumentBuilder() { this.hasQualifiedName(javaxOrJakarta() + ".xml.parsers", "DocumentBuilder") }
 }

 /** A call to `XMLInputFactory.createXMLStreamReader`. */
@@ -232,5 +232,5 @@ private class XmlInputFactoryEventReader extends MethodCall {

 /** The class `javax.xml.stream.XMLInputFactory`. */
 private class XmlInputFactory extends RefType {
-  XmlInputFactory() { this.hasQualifiedName("javax.xml.stream", "XMLInputFactory") }
+  XmlInputFactory() { this.hasQualifiedName(javaxOrJakarta() + ".xml.stream", "XMLInputFactory") }
 }
--- a/java/ql/src/Compatibility/JDK9/JdkInternalAccess.ql
+++ b/java/ql/src/Compatibility/JDK9/JdkInternalAccess.ql
@@ -115,8 +115,8 @@ predicate jdkPackage(Package p) {
  |
    pkgName =
      [
-        "com.sun", "sun", "java", "javax", "com.oracle.net", "genstubs", "jdk", "build.tools",
-        "org.omg.CORBA", "org.ietf.jgss"
+        "com.sun", "sun", "java", javaxOrJakarta() + "", "com.oracle.net", "genstubs", "jdk",
+        "build.tools", "org.omg.CORBA", "org.ietf.jgss"
      ]
  )
 }
--- a/Bugs/Frameworks/Swing/BadlyOverriddenAdapter.ql
+++ b/Bugs/Frameworks/Swing/BadlyOverriddenAdapter.ql
@@ -19,7 +19,7 @@ class Adapter extends Class {
    this.getName().matches("%Adapter") and
    (
      this.getPackage().hasName("java.awt.event") or
-      this.getPackage().hasName("javax.swing.event")
+      this.getPackage().hasName(javaxOrJakarta() + ".swing.event")
    )
  }
 }
--- a/Bugs/Frameworks/Swing/ThreadSafety.ql
+++ b/Bugs/Frameworks/Swing/ThreadSafety.ql
@@ -15,7 +15,12 @@ import java

 from MethodCall ma, Method m, MainMethod main
 where
-  ma.getQualifier().getType().getCompilationUnit().getPackage().getName().matches("javax.swing%") and
+  ma.getQualifier()
+      .getType()
+      .getCompilationUnit()
+      .getPackage()
+      .getName()
+      .matches(javaxOrJakarta() + ".swing%") and
  (
    m.hasName("show") and m.hasNoParameters()
    or
--- a/java/ql/src/Security/CWE/CWE-1004/SensitiveCookieNotHttpOnly.ql
+++ b/java/ql/src/Security/CWE/CWE-1004/SensitiveCookieNotHttpOnly.ql
@@ -77,7 +77,9 @@ module MatchesHttpOnlyToRawHeaderFlow = TaintTracking::Global<MatchesHttpOnlyToR

 /** A class descended from `javax.servlet.http.Cookie`. */
 class CookieClass extends RefType {
-  CookieClass() { this.getAnAncestor().hasQualifiedName("javax.servlet.http", "Cookie") }
+  CookieClass() {
+    this.getAnAncestor().hasQualifiedName(javaxOrJakarta() + ".servlet.http", "Cookie")
+  }
 }

 /** Holds if `expr` is any boolean-typed expression other than literal `false`. */
@@ -143,7 +145,8 @@ class CookieResponseWithoutHttpOnlySink extends DataFlow::ExprNode {

 /** Holds if `cie` is an invocation of a JAX-RS `NewCookie` constructor that sets `HttpOnly` to true. */
 predicate setsHttpOnlyInNewCookie(ClassInstanceExpr cie) {
-  cie.getConstructedType().hasQualifiedName(["javax.ws.rs.core", "jakarta.ws.rs.core"], "NewCookie") and
+  cie.getConstructedType()
+      .hasQualifiedName([javaxOrJakarta() + ".ws.rs.core", "jakarta.ws.rs.core"], "NewCookie") and
  (
    cie.getNumArgument() = 6 and
    mayBeBooleanTrue(cie.getArgument(5)) // NewCookie(Cookie cookie, String comment, int maxAge, Date expiry, boolean secure, boolean httpOnly)
--- a/java/ql/src/Security/CWE/CWE-319/UseSSLSocketFactories.ql
+++ b/java/ql/src/Security/CWE/CWE-319/UseSSLSocketFactories.ql
@@ -27,7 +27,7 @@ class SocketFactoryType extends RefType {
  SocketFactoryType() {
    this.hasQualifiedName("java.rmi.server", "RMIServerSocketFactory") or
    this.hasQualifiedName("java.rmi.server", "RMIClientSocketFactory") or
-    this.hasQualifiedName("javax.net", "SocketFactory") or
+    this.hasQualifiedName(javaxOrJakarta() + ".net", "SocketFactory") or
    this.hasQualifiedName("java.net", "SocketImplFactory")
  }
 }
--- a/java/ql/src/experimental/Security/CWE/CWE-094/JakartaExpressionInjectionLib.qll
+++ b/java/ql/src/experimental/Security/CWE/CWE-094/JakartaExpressionInjectionLib.qll
@@ -89,7 +89,7 @@ private class TaintPropagatingCall extends Call {
 }

 private class JakartaType extends RefType {
-  JakartaType() { this.getPackage().hasName(["javax.el", "jakarta.el"]) }
+  JakartaType() { this.getPackage().hasName([javaxOrJakarta() + ".el", "jakarta.el"]) }
 }

 private class ELProcessor extends JakartaType {
--- a/java/ql/src/experimental/Security/CWE/CWE-094/ScriptInjection.ql
+++ b/java/ql/src/experimental/Security/CWE/CWE-094/ScriptInjection.ql
@@ -19,13 +19,19 @@ import ScriptInjectionFlow::PathGraph
 /** A method of ScriptEngine that allows code injection. */
 class ScriptEngineMethod extends Method {
  ScriptEngineMethod() {
-    this.getDeclaringType().getAnAncestor().hasQualifiedName("javax.script", "ScriptEngine") and
+    this.getDeclaringType()
+        .getAnAncestor()
+        .hasQualifiedName(javaxOrJakarta() + ".script", "ScriptEngine") and
    this.hasName("eval")
    or
-    this.getDeclaringType().getAnAncestor().hasQualifiedName("javax.script", "Compilable") and
+    this.getDeclaringType()
+        .getAnAncestor()
+        .hasQualifiedName(javaxOrJakarta() + ".script", "Compilable") and
    this.hasName("compile")
    or
-    this.getDeclaringType().getAnAncestor().hasQualifiedName("javax.script", "ScriptEngineFactory") and
+    this.getDeclaringType()
+        .getAnAncestor()
+        .hasQualifiedName(javaxOrJakarta() + ".script", "ScriptEngineFactory") and
    this.hasName(["getProgram", "getMethodCallSyntax"])
  }
 }
@@ -78,7 +84,10 @@ class RhinoDefineClassMethod extends Method {
 predicate isScriptArgument(MethodCall ma, Expr sink) {
  exists(ScriptEngineMethod m |
    m = ma.getMethod() and
-    if m.getDeclaringType().getAnAncestor().hasQualifiedName("javax.script", "ScriptEngineFactory")
+    if
+      m.getDeclaringType()
+          .getAnAncestor()
+          .hasQualifiedName(javaxOrJakarta() + ".script", "ScriptEngineFactory")
    then sink = ma.getArgument(_) // all arguments allow script injection
    else sink = ma.getArgument(0)
  )
--- a/java/ql/src/experimental/Security/CWE/CWE-094/SpringViewManipulationLib.qll
+++ b/java/ql/src/experimental/Security/CWE/CWE-094/SpringViewManipulationLib.qll
@@ -26,7 +26,7 @@ class PortletRenderRequestMethod extends Method {
  PortletRenderRequestMethod() {
    exists(RefType c, Interface t |
      c.extendsOrImplements*(t) and
-      t.hasQualifiedName("javax.portlet", "RenderState") and
+      t.hasQualifiedName(javaxOrJakarta() + ".portlet", "RenderState") and
      this = c.getAMethod()
    |
      this.hasName([
--- a/java/ql/src/experimental/Security/CWE/CWE-208/NonConstantTimeCheckOnSignatureQuery.qll
+++ b/java/ql/src/experimental/Security/CWE/CWE-208/NonConstantTimeCheckOnSignatureQuery.qll
@@ -21,7 +21,7 @@ abstract private class ProduceCryptoCall extends MethodCall {
 /** A method call that produces a MAC. */
 private class ProduceMacCall extends ProduceCryptoCall {
  ProduceMacCall() {
-    this.getMethod().getDeclaringType().hasQualifiedName("javax.crypto", "Mac") and
+    this.getMethod().getDeclaringType().hasQualifiedName(javaxOrJakarta() + ".crypto", "Mac") and
    (
      this.getMethod().hasStringSignature(["doFinal()", "doFinal(byte[])"]) and this = output
      or
@@ -53,7 +53,7 @@ private class ProduceSignatureCall extends ProduceCryptoCall {
 private module InitializeEncryptorConfig implements DataFlow::ConfigSig {
  predicate isSource(DataFlow::Node source) {
    exists(MethodCall ma |
-      ma.getMethod().hasQualifiedName("javax.crypto", "Cipher", "init") and
+      ma.getMethod().hasQualifiedName(javaxOrJakarta() + ".crypto", "Cipher", "init") and
      ma.getArgument(0).(VarAccess).getVariable().hasName("ENCRYPT_MODE") and
      ma.getQualifier() = source.asExpr()
    )
@@ -61,7 +61,7 @@ private module InitializeEncryptorConfig implements DataFlow::ConfigSig {

  predicate isSink(DataFlow::Node sink) {
    exists(MethodCall ma |
-      ma.getMethod().hasQualifiedName("javax.crypto", "Cipher", "doFinal") and
+      ma.getMethod().hasQualifiedName(javaxOrJakarta() + ".crypto", "Cipher", "doFinal") and
      ma.getQualifier() = sink.asExpr()
    )
  }
@@ -73,7 +73,7 @@ private module InitializeEncryptorFlow = DataFlow::Global<InitializeEncryptorCon
 private class ProduceCiphertextCall extends ProduceCryptoCall {
  ProduceCiphertextCall() {
    exists(Method m | m = this.getMethod() |
-      m.getDeclaringType().hasQualifiedName("javax.crypto", "Cipher") and
+      m.getDeclaringType().hasQualifiedName(javaxOrJakarta() + ".crypto", "Cipher") and
      (
        m.hasStringSignature(["doFinal()", "doFinal(byte[])", "doFinal(byte[], int, int)"]) and
        this = output
@@ -104,9 +104,9 @@ private predicate updateCryptoOperationStep(DataFlow::Node fromNode, DataFlow::N
  |
    m.hasQualifiedName("java.security", "Signature", "update")
    or
-    m.hasQualifiedName("javax.crypto", ["Mac", "Cipher"], "update")
+    m.hasQualifiedName(javaxOrJakarta() + ".crypto", ["Mac", "Cipher"], "update")
    or
-    m.hasQualifiedName("javax.crypto", ["Mac", "Cipher"], "doFinal") and
+    m.hasQualifiedName(javaxOrJakarta() + ".crypto", ["Mac", "Cipher"], "doFinal") and
    not m.hasStringSignature("doFinal(byte[], int)")
  )
 }
--- a/java/ql/src/experimental/Security/CWE/CWE-327/SslLib.qll
+++ b/java/ql/src/experimental/Security/CWE/CWE-327/SslLib.qll
@@ -95,5 +95,5 @@ class UnsafeTlsVersion extends StringLiteral {
 }

 class SslServerSocket extends RefType {
-  SslServerSocket() { this.hasQualifiedName("javax.net.ssl", "SSLServerSocket") }
+  SslServerSocket() { this.hasQualifiedName(javaxOrJakarta() + ".net.ssl", "SSLServerSocket") }
 }
--- a/java/ql/src/experimental/Security/CWE/CWE-400/LocalThreadResourceAbuse.ql
+++ b/java/ql/src/experimental/Security/CWE/CWE-400/LocalThreadResourceAbuse.ql
@@ -21,11 +21,12 @@ class GetInitParameter extends Method {
    (
      this.getDeclaringType()
          .getAnAncestor()
-          .hasQualifiedName(["javax.servlet", "jakarta.servlet"],
+          .hasQualifiedName([javaxOrJakarta() + ".servlet", "jakarta.servlet"],
            ["FilterConfig", "Registration", "ServletConfig", "ServletContext"]) or
      this.getDeclaringType()
          .getAnAncestor()
-          .hasQualifiedName(["javax.faces.context", "jakarta.faces.context"], "ExternalContext")
+          .hasQualifiedName([javaxOrJakarta() + ".faces.context", "jakarta.faces.context"],
+            "ExternalContext")
    ) and
    this.getName() = "getInitParameter"
  }
--- a/java/ql/src/experimental/Security/CWE/CWE-489/WebComponentMain.ql
+++ b/java/ql/src/experimental/Security/CWE/CWE-489/WebComponentMain.ql
@@ -16,7 +16,9 @@ deprecated import TestLib

 /** The java type `javax.servlet.Filter`. */
 class ServletFilterClass extends Class {
-  ServletFilterClass() { this.getAnAncestor().hasQualifiedName("javax.servlet", "Filter") }
+  ServletFilterClass() {
+    this.getAnAncestor().hasQualifiedName(javaxOrJakarta() + ".servlet", "Filter")
+  }
 }

 /** Listener class in the package `javax.servlet` and `javax.servlet.http` */
@@ -26,7 +28,8 @@ class ServletListenerClass extends Class {
    this.getAnAncestor()
        .getQualifiedName()
        .regexpMatch([
-            "javax\\.servlet\\.[a-zA-Z]+Listener", "javax\\.servlet\\.http\\.[a-zA-Z]+Listener"
+            javaxOrJakarta() + "\\.servlet\\.[a-zA-Z]+Listener",
+            javaxOrJakarta() + "\\.servlet\\.http\\.[a-zA-Z]+Listener"
          ])
  }
 }
--- a/java/ql/src/experimental/Security/CWE/CWE-625/PermissiveDotRegexQuery.qll
+++ b/java/ql/src/experimental/Security/CWE/CWE-625/PermissiveDotRegexQuery.qll
@@ -38,7 +38,9 @@ private class UrlDispatchSink extends UrlRedirectSink {
 /** The `doFilter` method of `javax.servlet.FilterChain`. */
 private class ServletFilterMethod extends Method {
  ServletFilterMethod() {
-    this.getDeclaringType().getASupertype*().hasQualifiedName("javax.servlet", "FilterChain") and
+    this.getDeclaringType()
+        .getASupertype*()
+        .hasQualifiedName(javaxOrJakarta() + ".servlet", "FilterChain") and
    this.hasName("doFilter")
  }
 }
--- a/java/ql/src/experimental/Security/CWE/CWE-652/XQueryInjectionLib.qll
+++ b/java/ql/src/experimental/Security/CWE/CWE-652/XQueryInjectionLib.qll
@@ -9,7 +9,7 @@ class XQueryParserCall extends MethodCall {
      this.getMethod() = m and
      m.getDeclaringType()
          .getASourceSupertype*()
-          .hasQualifiedName("javax.xml.xquery", "XQConnection") and
+          .hasQualifiedName(javaxOrJakarta() + ".xml.xquery", "XQConnection") and
      m.hasName("prepareExpression")
    )
  }
@@ -29,7 +29,7 @@ class XQueryPreparedExecuteCall extends MethodCall {
      m.hasName("executeQuery") and
      m.getDeclaringType()
          .getASourceSupertype*()
-          .hasQualifiedName("javax.xml.xquery", "XQPreparedExpression")
+          .hasQualifiedName(javaxOrJakarta() + ".xml.xquery", "XQPreparedExpression")
    )
  }

@@ -45,7 +45,7 @@ class XQueryExecuteCall extends MethodCall {
      m.hasName("executeQuery") and
      m.getDeclaringType()
          .getASourceSupertype*()
-          .hasQualifiedName("javax.xml.xquery", "XQExpression")
+          .hasQualifiedName(javaxOrJakarta() + ".xml.xquery", "XQExpression")
    )
  }

@@ -61,7 +61,7 @@ class XQueryExecuteCommandCall extends MethodCall {
      m.hasName("executeCommand") and
      m.getDeclaringType()
          .getASourceSupertype*()
-          .hasQualifiedName("javax.xml.xquery", "XQExpression")
+          .hasQualifiedName(javaxOrJakarta() + ".xml.xquery", "XQExpression")
    )
  }

--- a/java/ql/src/experimental/Security/CWE/CWE-665/InsecureRmiJmxEnvironmentConfiguration.ql
+++ b/java/ql/src/experimental/Security/CWE/CWE-665/InsecureRmiJmxEnvironmentConfiguration.ql
@@ -18,13 +18,15 @@ import semmle.code.java.Maps
 predicate isRmiOrJmxServerCreateConstructor(Constructor constructor) {
  constructor
      .getDeclaringType()
-      .hasQualifiedName("javax.management.remote.rmi", "RMIConnectorServer")
+      .hasQualifiedName(javaxOrJakarta() + ".management.remote.rmi", "RMIConnectorServer")
 }

 /** Holds if `method` creates an RMI or JMX server. */
 predicate isRmiOrJmxServerCreateMethod(Method method) {
  method.getName() = "newJMXConnectorServer" and
-  method.getDeclaringType().hasQualifiedName("javax.management.remote", "JMXConnectorServerFactory")
+  method
+      .getDeclaringType()
+      .hasQualifiedName(javaxOrJakarta() + ".management.remote", "JMXConnectorServerFactory")
 }

 /**
@@ -59,7 +61,7 @@ module SafeFlowConfig implements DataFlow::ConfigSig {
      put.getKey()
          .(FieldAccess)
          .getField()
-          .hasQualifiedName("javax.management.remote.rmi", "RMIConnectorServer",
+          .hasQualifiedName(javaxOrJakarta() + ".management.remote.rmi", "RMIConnectorServer",
            ["CREDENTIAL_TYPES", "CREDENTIALS_FILTER_PATTERN"])
    |
      put.getQualifier() = qualifier and
--- a/java/ql/src/experimental/semmle/code/java/frameworks/Jsf.qll
+++ b/java/ql/src/experimental/semmle/code/java/frameworks/Jsf.qll
@@ -10,7 +10,8 @@ import java
 */
 class ExternalContext extends RefType {
  ExternalContext() {
-    this.hasQualifiedName(["javax.faces.context", "jakarta.faces.context"], "ExternalContext")
+    this.hasQualifiedName([javaxOrJakarta() + ".faces.context", "jakarta.faces.context"],
+      "ExternalContext")
  }
 }

--- a/java/ql/src/utils/modelgenerator/internal/CaptureModels.qll
+++ b/java/ql/src/utils/modelgenerator/internal/CaptureModels.qll
@@ -26,7 +26,7 @@ predicate isPrimitiveTypeUsedForBulkData(J::Type t) {
 }

 private predicate isInfrequentlyUsed(J::CompilationUnit cu) {
-  cu.getPackage().getName().matches("javax.swing%") or
+  cu.getPackage().getName().matches(javaxOrJakarta() + ".swing%") or
  cu.getPackage().getName().matches("java.awt%")
 }