diff --git a/java/ql/lib/experimental/quantum/JCA.qll b/java/ql/lib/experimental/quantum/JCA.qll index b1b536a3ccb..feac5aaf0ea 100644 --- a/java/ql/lib/experimental/quantum/JCA.qll +++ b/java/ql/lib/experimental/quantum/JCA.qll @@ -295,7 +295,7 @@ module JCAModel { class CipherGetInstanceCall extends MethodCall { CipherGetInstanceCall() { - this.getCallee().hasQualifiedName("javax.crypto", "Cipher", "getInstance") + this.getCallee().hasQualifiedName(javaxOrJakarta() + ".crypto", "Cipher", "getInstance") } Expr getAlgorithmArg() { result = this.getArgument(0) } @@ -307,7 +307,8 @@ module JCAModel { private class CipherOperationCall extends MethodCall { CipherOperationCall() { this.getMethod() - .hasQualifiedName("javax.crypto", "Cipher", ["update", "doFinal", "wrap", "unwrap"]) + .hasQualifiedName(javaxOrJakarta() + ".crypto", "Cipher", + ["update", "doFinal", "wrap", "unwrap"]) } predicate isIntermediate() { this.getMethod().getName() = "update" } @@ -474,7 +475,9 @@ module JCAModel { * An access to the `javax.crypto.Cipher` class. */ private class CipherAccess extends TypeAccess { - CipherAccess() { this.getType().(Class).hasQualifiedName("javax.crypto", "Cipher") } + CipherAccess() { + this.getType().(Class).hasQualifiedName(javaxOrJakarta() + ".crypto", "Cipher") + } } /** @@ -708,7 +711,9 @@ module JCAModel { // and through setter methods class IvParameterSpecInstance extends NonceParameterInstantiation { IvParameterSpecInstance() { - super.getConstructedType().hasQualifiedName("javax.crypto.spec", "IvParameterSpec") + super + .getConstructedType() + .hasQualifiedName(javaxOrJakarta() + ".crypto.spec", "IvParameterSpec") } override DataFlow::Node getInputNode() { result.asExpr() = super.getArgument(0) } @@ -717,7 +722,9 @@ module JCAModel { // TODO: this also specifies the tag length for GCM class GCMParameterSpecInstance extends NonceParameterInstantiation { GCMParameterSpecInstance() { - super.getConstructedType().hasQualifiedName("javax.crypto.spec", "GCMParameterSpec") + super + .getConstructedType() + .hasQualifiedName(javaxOrJakarta() + ".crypto.spec", "GCMParameterSpec") } override DataFlow::Node getInputNode() { result.asExpr() = super.getArgument(1) } @@ -725,7 +732,8 @@ module JCAModel { class IvParameterSpecGetIvCall extends MethodCall { IvParameterSpecGetIvCall() { - this.getMethod().hasQualifiedName("javax.crypto.spec", "IvParameterSpec", "getIV") + this.getMethod() + .hasQualifiedName(javaxOrJakarta() + ".crypto.spec", "IvParameterSpec", "getIV") } } @@ -797,7 +805,9 @@ module JCAModel { } class CipherInitCall extends MethodCall { - CipherInitCall() { this.getCallee().hasQualifiedName("javax.crypto", "Cipher", "init") } + CipherInitCall() { + this.getCallee().hasQualifiedName(javaxOrJakarta() + ".crypto", "Cipher", "init") + } /** * Returns the mode argument to the `init` method @@ -966,7 +976,9 @@ module JCAModel { class DHGenParameterSpecInstance extends KeyGeneratorParameterSpecClassInstanceExpr { DHGenParameterSpecInstance() { - super.getConstructedType().hasQualifiedName("javax.crypto.spec", "DHGenParameterSpec") + super + .getConstructedType() + .hasQualifiedName(javaxOrJakarta() + ".crypto.spec", "DHGenParameterSpec") } Expr getPrimeSizeArg() { result = this.getArgument(0) } @@ -1067,7 +1079,7 @@ module JCAModel { //TODO: Link getAlgorithm from KeyPairGenerator to algorithm instances or AVCs? High priority. class KeyGeneratorGetInstanceCall extends MethodCall { KeyGeneratorGetInstanceCall() { - this.getCallee().hasQualifiedName("javax.crypto", "KeyGenerator", "getInstance") + this.getCallee().hasQualifiedName(javaxOrJakarta() + ".crypto", "KeyGenerator", "getInstance") or this.getCallee().hasQualifiedName("java.security", "KeyPairGenerator", "getInstance") } @@ -1082,7 +1094,8 @@ module JCAModel { this.getCallee().hasQualifiedName("java.security", "KeyPairGenerator", "initialize") and keyType = Crypto::TAsymmetricKeyType() or - this.getCallee().hasQualifiedName("javax.crypto", "KeyGenerator", ["init", "initialize"]) and + this.getCallee() + .hasQualifiedName(javaxOrJakarta() + ".crypto", "KeyGenerator", ["init", "initialize"]) and keyType = Crypto::TSymmetricKeyType() } @@ -1111,7 +1124,7 @@ module JCAModel { Crypto::KeyArtifactType type; KeyGeneratorGenerateCall() { - this.getCallee().hasQualifiedName("javax.crypto", "KeyGenerator", "generateKey") and + this.getCallee().hasQualifiedName(javaxOrJakarta() + ".crypto", "KeyGenerator", "generateKey") and type instanceof Crypto::TSymmetricKeyType or this.getCallee() @@ -1176,7 +1189,7 @@ module JCAModel { class KeySpecInstantiation extends ClassInstanceExpr { KeySpecInstantiation() { this.getConstructedType() - .hasQualifiedName("javax.crypto.spec", + .hasQualifiedName(javaxOrJakarta() + ".crypto.spec", ["PBEKeySpec", "SecretKeySpec", "PBEKeySpec", "DESedeKeySpec"]) } @@ -1227,7 +1240,8 @@ module JCAModel { class SecretKeyFactoryGetInstanceCall extends MethodCall { SecretKeyFactoryGetInstanceCall() { - this.getCallee().hasQualifiedName("javax.crypto", "SecretKeyFactory", "getInstance") + this.getCallee() + .hasQualifiedName(javaxOrJakarta() + ".crypto", "SecretKeyFactory", "getInstance") } Expr getAlgorithmArg() { result = this.getArgument(0) } @@ -1235,7 +1249,8 @@ module JCAModel { class SecretKeyFactoryGenerateSecretCall extends MethodCall { SecretKeyFactoryGenerateSecretCall() { - this.getCallee().hasQualifiedName("javax.crypto", "SecretKeyFactory", "generateSecret") + this.getCallee() + .hasQualifiedName(javaxOrJakarta() + ".crypto", "SecretKeyFactory", "generateSecret") } Expr getKeySpecArg() { result = this.getArgument(0) } @@ -1430,7 +1445,7 @@ module JCAModel { class KeyAgreementInitCall extends MethodCall { KeyAgreementInitCall() { - this.getCallee().hasQualifiedName("javax.crypto", "KeyAgreement", "init") + this.getCallee().hasQualifiedName(javaxOrJakarta() + ".crypto", "KeyAgreement", "init") } Expr getServerKeyArg() { result = this.getArgument(0) } @@ -1438,7 +1453,7 @@ module JCAModel { class KeyAgreementGetInstanceCall extends MethodCall { KeyAgreementGetInstanceCall() { - this.getCallee().hasQualifiedName("javax.crypto", "KeyAgreement", "getInstance") + this.getCallee().hasQualifiedName(javaxOrJakarta() + ".crypto", "KeyAgreement", "getInstance") } Expr getAlgorithmArg() { result = super.getArgument(0) } @@ -1482,7 +1497,8 @@ module JCAModel { class KeyAgreementCall extends MethodCall { KeyAgreementCall() { this.getCallee() - .hasQualifiedName("javax.crypto", "KeyAgreement", ["generateSecret", "doPhase"]) + .hasQualifiedName(javaxOrJakarta() + ".crypto", "KeyAgreement", + ["generateSecret", "doPhase"]) } predicate isIntermediate() { this.getCallee().getName() = "doPhase" } @@ -1647,7 +1663,9 @@ module JCAModel { } class MacGetInstanceCall extends MethodCall { - MacGetInstanceCall() { this.getCallee().hasQualifiedName("javax.crypto", "Mac", "getInstance") } + MacGetInstanceCall() { + this.getCallee().hasQualifiedName(javaxOrJakarta() + ".crypto", "Mac", "getInstance") + } Expr getAlgorithmArg() { result = this.getArgument(0) } @@ -1663,7 +1681,7 @@ module JCAModel { } class MacInitCall extends MethodCall { - MacInitCall() { this.getCallee().hasQualifiedName("javax.crypto", "Mac", "init") } + MacInitCall() { this.getCallee().hasQualifiedName(javaxOrJakarta() + ".crypto", "Mac", "init") } Expr getKeyArg() { result = this.getArgument(0) and this.getMethod().getParameterType(0).hasName("Key") @@ -1691,7 +1709,7 @@ module JCAModel { Expr output; MacOperationCall() { - super.getMethod().getDeclaringType().hasQualifiedName("javax.crypto", "Mac") and + super.getMethod().getDeclaringType().hasQualifiedName(javaxOrJakarta() + ".crypto", "Mac") and ( super.getMethod().hasStringSignature(["doFinal()", "doFinal(byte[])"]) and this = output or diff --git a/java/ql/lib/semmle/code/java/J2EE.qll b/java/ql/lib/semmle/code/java/J2EE.qll index 4412b3715e3..0f7473505df 100644 --- a/java/ql/lib/semmle/code/java/J2EE.qll +++ b/java/ql/lib/semmle/code/java/J2EE.qll @@ -9,49 +9,61 @@ import Type /** An entity bean. */ class EntityBean extends Class { EntityBean() { - exists(Interface i | i.hasQualifiedName("javax.ejb", "EntityBean") | this.hasSupertype+(i)) + exists(Interface i | i.hasQualifiedName(javaxOrJakarta() + ".ejb", "EntityBean") | + this.hasSupertype+(i) + ) } } /** An enterprise bean. */ class EnterpriseBean extends RefType { EnterpriseBean() { - exists(Interface i | i.hasQualifiedName("javax.ejb", "EnterpriseBean") | this.hasSupertype+(i)) + exists(Interface i | i.hasQualifiedName(javaxOrJakarta() + ".ejb", "EnterpriseBean") | + this.hasSupertype+(i) + ) } } /** A local EJB home interface. */ class LocalEjbHomeInterface extends Interface { LocalEjbHomeInterface() { - exists(Interface i | i.hasQualifiedName("javax.ejb", "EJBLocalHome") | this.hasSupertype+(i)) + exists(Interface i | i.hasQualifiedName(javaxOrJakarta() + ".ejb", "EJBLocalHome") | + this.hasSupertype+(i) + ) } } /** A remote EJB home interface. */ class RemoteEjbHomeInterface extends Interface { RemoteEjbHomeInterface() { - exists(Interface i | i.hasQualifiedName("javax.ejb", "EJBHome") | this.hasSupertype+(i)) + exists(Interface i | i.hasQualifiedName(javaxOrJakarta() + ".ejb", "EJBHome") | + this.hasSupertype+(i) + ) } } /** A local EJB interface. */ class LocalEjbInterface extends Interface { LocalEjbInterface() { - exists(Interface i | i.hasQualifiedName("javax.ejb", "EJBLocalObject") | this.hasSupertype+(i)) + exists(Interface i | i.hasQualifiedName(javaxOrJakarta() + ".ejb", "EJBLocalObject") | + this.hasSupertype+(i) + ) } } /** A remote EJB interface. */ class RemoteEjbInterface extends Interface { RemoteEjbInterface() { - exists(Interface i | i.hasQualifiedName("javax.ejb", "EJBObject") | this.hasSupertype+(i)) + exists(Interface i | i.hasQualifiedName(javaxOrJakarta() + ".ejb", "EJBObject") | + this.hasSupertype+(i) + ) } } /** A message bean. */ class MessageBean extends Class { MessageBean() { - exists(Interface i | i.hasQualifiedName("javax.ejb", "MessageDrivenBean") | + exists(Interface i | i.hasQualifiedName(javaxOrJakarta() + ".ejb", "MessageDrivenBean") | this.hasSupertype+(i) ) } @@ -60,6 +72,8 @@ class MessageBean extends Class { /** A session bean. */ class SessionBean extends Class { SessionBean() { - exists(Interface i | i.hasQualifiedName("javax.ejb", "SessionBean") | this.hasSupertype+(i)) + exists(Interface i | i.hasQualifiedName(javaxOrJakarta() + ".ejb", "SessionBean") | + this.hasSupertype+(i) + ) } } diff --git a/java/ql/lib/semmle/code/java/JMX.qll b/java/ql/lib/semmle/code/java/JMX.qll index 3f18e0ecf3d..a951b2a7d1a 100644 --- a/java/ql/lib/semmle/code/java/JMX.qll +++ b/java/ql/lib/semmle/code/java/JMX.qll @@ -18,7 +18,7 @@ class MBean extends ManagedBean { class MXBean extends ManagedBean { MXBean() { this.getQualifiedName().matches("%MXBean%") or - this.getAnAnnotation().getType().hasQualifiedName("javax.management", "MXBean") + this.getAnAnnotation().getType().hasQualifiedName(javaxOrJakarta() + ".management", "MXBean") } } @@ -61,7 +61,7 @@ class JmxRegistrationCall extends MethodCall { class JmxRegistrationMethod extends Method { JmxRegistrationMethod() { // A direct registration with the `MBeanServer`. - this.getDeclaringType().hasQualifiedName("javax.management", "MBeanServer") and + this.getDeclaringType().hasQualifiedName(javaxOrJakarta() + ".management", "MBeanServer") and this.getName() = "registerMBean" or // The `MBeanServer` is often wrapped by an application specific management class, so identify @@ -78,7 +78,7 @@ class JmxRegistrationMethod extends Method { */ int getObjectPosition() { // Passed as the first argument to `registerMBean`. - this.getDeclaringType().hasQualifiedName("javax.management", "MBeanServer") and + this.getDeclaringType().hasQualifiedName(javaxOrJakarta() + ".management", "MBeanServer") and this.getName() = "registerMBean" and result = 0 or @@ -92,16 +92,20 @@ class JmxRegistrationMethod extends Method { /** The class `javax.management.remote.JMXConnectorFactory`. */ class TypeJmxConnectorFactory extends Class { TypeJmxConnectorFactory() { - this.hasQualifiedName("javax.management.remote", "JMXConnectorFactory") + this.hasQualifiedName(javaxOrJakarta() + ".management.remote", "JMXConnectorFactory") } } /** The class `javax.management.remote.JMXServiceURL`. */ class TypeJmxServiceUrl extends Class { - TypeJmxServiceUrl() { this.hasQualifiedName("javax.management.remote", "JMXServiceURL") } + TypeJmxServiceUrl() { + this.hasQualifiedName(javaxOrJakarta() + ".management.remote", "JMXServiceURL") + } } /** The class `javax.management.remote.rmi.RMIConnector`. */ class TypeRmiConnector extends Class { - TypeRmiConnector() { this.hasQualifiedName("javax.management.remote.rmi", "RMIConnector") } + TypeRmiConnector() { + this.hasQualifiedName(javaxOrJakarta() + ".management.remote.rmi", "RMIConnector") + } } diff --git a/java/ql/lib/semmle/code/java/deadcode/EntryPoints.qll b/java/ql/lib/semmle/code/java/deadcode/EntryPoints.qll index ec8ad6e2d4f..26444920a7e 100644 --- a/java/ql/lib/semmle/code/java/deadcode/EntryPoints.qll +++ b/java/ql/lib/semmle/code/java/deadcode/EntryPoints.qll @@ -316,7 +316,7 @@ class FacesComponentReflectivelyConstructedClass extends ReflectivelyConstructed * Entry point for EJB home interfaces. */ class EjbHome extends Interface, EntryPoint { - EjbHome() { this.getAnAncestor().hasQualifiedName("javax.ejb", "EJBHome") } + EjbHome() { this.getAnAncestor().hasQualifiedName(javaxOrJakarta() + ".ejb", "EJBHome") } override Callable getALiveCallable() { result = this.getACallable() } } @@ -325,7 +325,7 @@ class EjbHome extends Interface, EntryPoint { * Entry point for EJB object interfaces. */ class EjbObject extends Interface, EntryPoint { - EjbObject() { this.getAnAncestor().hasQualifiedName("javax.ejb", "EJBObject") } + EjbObject() { this.getAnAncestor().hasQualifiedName(javaxOrJakarta() + ".ejb", "EJBObject") } override Callable getALiveCallable() { result = this.getACallable() } } @@ -341,7 +341,9 @@ class GsonDeserializationEntryPoint extends ReflectivelyConstructedClass { class JaxbDeserializationEntryPoint extends ReflectivelyConstructedClass { JaxbDeserializationEntryPoint() { // A class can be deserialized by JAXB if it's an `XmlRootElement`... - this.getAnAnnotation().getType().hasQualifiedName("javax.xml.bind.annotation", "XmlRootElement") + this.getAnAnnotation() + .getType() + .hasQualifiedName(javaxOrJakarta() + ".xml.bind.annotation", "XmlRootElement") or // ... or the type of an `XmlElement` field. exists(Field elementField | diff --git a/java/ql/lib/semmle/code/java/deadcode/WebEntryPoints.qll b/java/ql/lib/semmle/code/java/deadcode/WebEntryPoints.qll index df9ef0a7b7c..63b142ae3ad 100644 --- a/java/ql/lib/semmle/code/java/deadcode/WebEntryPoints.qll +++ b/java/ql/lib/semmle/code/java/deadcode/WebEntryPoints.qll @@ -45,7 +45,7 @@ class ServletListenerClass extends ReflectivelyConstructedClass { */ class ServletFilterClass extends ReflectivelyConstructedClass { ServletFilterClass() { - this.getAnAncestor().hasQualifiedName("javax.servlet", "Filter") and + this.getAnAncestor().hasQualifiedName(javaxOrJakarta() + ".servlet", "Filter") and // If we have seen any `web.xml` files, this filter will be considered to be live only if it is // referred to as a filter-class in at least one. If no `web.xml` files are found, we assume // that XML extraction was not enabled, and therefore consider all filter classes as live. diff --git a/java/ql/lib/semmle/code/java/frameworks/JAXB.qll b/java/ql/lib/semmle/code/java/frameworks/JAXB.qll index 1283aa3d21e..c781abdb828 100644 --- a/java/ql/lib/semmle/code/java/frameworks/JAXB.qll +++ b/java/ql/lib/semmle/code/java/frameworks/JAXB.qll @@ -6,20 +6,20 @@ import semmle.code.java.Type class JaxbElement extends Class { JaxbElement() { - this.getAnAncestor().hasQualifiedName("javax.xml.bind", "JAXBElement") or + this.getAnAncestor().hasQualifiedName(javaxOrJakarta() + ".xml.bind", "JAXBElement") or this.getAnAnnotation().getType().getName() = "XmlRootElement" } } class JaxbMarshalMethod extends Method { JaxbMarshalMethod() { - this.getDeclaringType().hasQualifiedName("javax.xml.bind", "Marshaller") and + this.getDeclaringType().hasQualifiedName(javaxOrJakarta() + ".xml.bind", "Marshaller") and this.getName() = "marshal" } } class JaxbAnnotationType extends AnnotationType { - JaxbAnnotationType() { this.getPackage().getName() = "javax.xml.bind.annotation" } + JaxbAnnotationType() { this.getPackage().getName() = javaxOrJakarta() + ".xml.bind.annotation" } } class JaxbAnnotated extends Annotatable { diff --git a/java/ql/lib/semmle/code/java/frameworks/JavaxAnnotations.qll b/java/ql/lib/semmle/code/java/frameworks/JavaxAnnotations.qll index 517f55fcc86..feb7381e496 100644 --- a/java/ql/lib/semmle/code/java/frameworks/JavaxAnnotations.qll +++ b/java/ql/lib/semmle/code/java/frameworks/JavaxAnnotations.qll @@ -14,35 +14,45 @@ import java * A `@javax.annotation.Generated` annotation. */ class GeneratedAnnotation extends Annotation { - GeneratedAnnotation() { this.getType().hasQualifiedName("javax.annotation", "Generated") } + GeneratedAnnotation() { + this.getType().hasQualifiedName(javaxOrJakarta() + ".annotation", "Generated") + } } /** * A `@javax.annotation.PostConstruct` annotation. */ class PostConstructAnnotation extends Annotation { - PostConstructAnnotation() { this.getType().hasQualifiedName("javax.annotation", "PostConstruct") } + PostConstructAnnotation() { + this.getType().hasQualifiedName(javaxOrJakarta() + ".annotation", "PostConstruct") + } } /** * A `@javax.annotation.PreDestroy` annotation. */ class PreDestroyAnnotation extends Annotation { - PreDestroyAnnotation() { this.getType().hasQualifiedName("javax.annotation", "PreDestroy") } + PreDestroyAnnotation() { + this.getType().hasQualifiedName(javaxOrJakarta() + ".annotation", "PreDestroy") + } } /** * A `@javax.annotation.Resource` annotation. */ class ResourceAnnotation extends Annotation { - ResourceAnnotation() { this.getType().hasQualifiedName("javax.annotation", "Resource") } + ResourceAnnotation() { + this.getType().hasQualifiedName(javaxOrJakarta() + ".annotation", "Resource") + } } /** * A `@javax.annotation.Resources` annotation. */ class ResourcesAnnotation extends Annotation { - ResourcesAnnotation() { this.getType().hasQualifiedName("javax.annotation", "Resources") } + ResourcesAnnotation() { + this.getType().hasQualifiedName(javaxOrJakarta() + ".annotation", "Resources") + } } /** @@ -50,7 +60,7 @@ class ResourcesAnnotation extends Annotation { */ class JavaxManagedBeanAnnotation extends Annotation { JavaxManagedBeanAnnotation() { - this.getType().hasQualifiedName("javax.annotation", "ManagedBean") + this.getType().hasQualifiedName(javaxOrJakarta() + ".annotation", "ManagedBean") } } @@ -63,7 +73,7 @@ class JavaxManagedBeanAnnotation extends Annotation { */ class DeclareRolesAnnotation extends Annotation { DeclareRolesAnnotation() { - this.getType().hasQualifiedName("javax.annotation.security", "DeclareRoles") + this.getType().hasQualifiedName(javaxOrJakarta() + ".annotation.security", "DeclareRoles") } } @@ -71,7 +81,9 @@ class DeclareRolesAnnotation extends Annotation { * A `@javax.annotation.security.DenyAll` annotation. */ class DenyAllAnnotation extends Annotation { - DenyAllAnnotation() { this.getType().hasQualifiedName("javax.annotation.security", "DenyAll") } + DenyAllAnnotation() { + this.getType().hasQualifiedName(javaxOrJakarta() + ".annotation.security", "DenyAll") + } } /** @@ -79,7 +91,7 @@ class DenyAllAnnotation extends Annotation { */ class PermitAllAnnotation extends Annotation { PermitAllAnnotation() { - this.getType().hasQualifiedName("javax.annotation.security", "PermitAll") + this.getType().hasQualifiedName(javaxOrJakarta() + ".annotation.security", "PermitAll") } } @@ -88,7 +100,7 @@ class PermitAllAnnotation extends Annotation { */ class RolesAllowedAnnotation extends Annotation { RolesAllowedAnnotation() { - this.getType().hasQualifiedName("javax.annotation.security", "RolesAllowed") + this.getType().hasQualifiedName(javaxOrJakarta() + ".annotation.security", "RolesAllowed") } } @@ -96,7 +108,9 @@ class RolesAllowedAnnotation extends Annotation { * A `@javax.annotation.security.RunAs` annotation. */ class RunAsAnnotation extends Annotation { - RunAsAnnotation() { this.getType().hasQualifiedName("javax.annotation.security", "RunAs") } + RunAsAnnotation() { + this.getType().hasQualifiedName(javaxOrJakarta() + ".annotation.security", "RunAs") + } } /* @@ -107,7 +121,9 @@ class RunAsAnnotation extends Annotation { * A `@javax.interceptor.AroundInvoke` annotation. */ class AroundInvokeAnnotation extends Annotation { - AroundInvokeAnnotation() { this.getType().hasQualifiedName("javax.interceptor", "AroundInvoke") } + AroundInvokeAnnotation() { + this.getType().hasQualifiedName(javaxOrJakarta() + ".interceptor", "AroundInvoke") + } } /** @@ -115,7 +131,7 @@ class AroundInvokeAnnotation extends Annotation { */ class ExcludeClassInterceptorsAnnotation extends Annotation { ExcludeClassInterceptorsAnnotation() { - this.getType().hasQualifiedName("javax.interceptor", "ExcludeClassInterceptors") + this.getType().hasQualifiedName(javaxOrJakarta() + ".interceptor", "ExcludeClassInterceptors") } } @@ -124,7 +140,7 @@ class ExcludeClassInterceptorsAnnotation extends Annotation { */ class ExcludeDefaultInterceptorsAnnotation extends Annotation { ExcludeDefaultInterceptorsAnnotation() { - this.getType().hasQualifiedName("javax.interceptor", "ExcludeDefaultInterceptors") + this.getType().hasQualifiedName(javaxOrJakarta() + ".interceptor", "ExcludeDefaultInterceptors") } } @@ -132,7 +148,9 @@ class ExcludeDefaultInterceptorsAnnotation extends Annotation { * A `@javax.interceptor.Interceptors` annotation. */ class InterceptorsAnnotation extends Annotation { - InterceptorsAnnotation() { this.getType().hasQualifiedName("javax.interceptor", "Interceptors") } + InterceptorsAnnotation() { + this.getType().hasQualifiedName(javaxOrJakarta() + ".interceptor", "Interceptors") + } } /* @@ -143,14 +161,16 @@ class InterceptorsAnnotation extends Annotation { * A `@javax.jws.WebMethod` annotation. */ class WebMethodAnnotation extends Annotation { - WebMethodAnnotation() { this.getType().hasQualifiedName("javax.jws", "WebMethod") } + WebMethodAnnotation() { this.getType().hasQualifiedName(javaxOrJakarta() + ".jws", "WebMethod") } } /** * A `@javax.jws.WebService` annotation. */ class WebServiceAnnotation extends Annotation { - WebServiceAnnotation() { this.getType().hasQualifiedName("javax.jws", "WebService") } + WebServiceAnnotation() { + this.getType().hasQualifiedName(javaxOrJakarta() + ".jws", "WebService") + } } /* @@ -161,7 +181,9 @@ class WebServiceAnnotation extends Annotation { * A `@javax.xml.ws.WebServiceRef` annotation. */ class WebServiceRefAnnotation extends Annotation { - WebServiceRefAnnotation() { this.getType().hasQualifiedName("javax.xml.ws", "WebServiceRef") } + WebServiceRefAnnotation() { + this.getType().hasQualifiedName(javaxOrJakarta() + ".xml.ws", "WebServiceRef") + } } /* diff --git a/java/ql/lib/semmle/code/java/frameworks/JaxWS.qll b/java/ql/lib/semmle/code/java/frameworks/JaxWS.qll index 8b3ab081ee0..37494136565 100644 --- a/java/ql/lib/semmle/code/java/frameworks/JaxWS.qll +++ b/java/ql/lib/semmle/code/java/frameworks/JaxWS.qll @@ -13,7 +13,7 @@ private import semmle.code.java.security.XSS /** * Gets a name for the root package of JAX-RS. */ -string getAJaxRsPackage() { result in ["javax.ws.rs", "jakarta.ws.rs"] } +string getAJaxRsPackage() { result in [javaxOrJakarta() + ".ws.rs", "jakarta.ws.rs"] } /** * Gets a name for package `subpackage` within the JAX-RS hierarchy. @@ -42,7 +42,7 @@ class JaxWsEndpoint extends Class { result.isPublic() and not result instanceof InitializerMethod and not exists(Annotation a | a = result.getAnAnnotation() | - a.getType().hasQualifiedName(["javax", "jakarta"] + ".jws", "WebMethod") and + a.getType().hasQualifiedName([javaxOrJakarta() + "", "jakarta"] + ".jws", "WebMethod") and a.getValue("exclude").(BooleanLiteral).getBooleanValue() = true ) and forex(ParamOrReturn paramOrRet | paramOrRet = result.getAParameter() or paramOrRet = result | @@ -62,7 +62,7 @@ class JaxWsEndpoint extends Class { /** The annotation type `@XmlJavaTypeAdapter`. */ class XmlJavaTypeAdapter extends AnnotationType { XmlJavaTypeAdapter() { - this.hasQualifiedName(["javax", "jakarta"] + ".xml.bind.annotation.adapters", + this.hasQualifiedName([javaxOrJakarta() + "", "jakarta"] + ".xml.bind.annotation.adapters", "XmlJavaTypeAdapter") } } @@ -115,7 +115,7 @@ private class JaxAcceptableStandardClass extends RefType { this.hasQualifiedName("java.util", "Calendar") or this.hasQualifiedName("java.math", "BigInteger") or this.hasQualifiedName("java.math", "BigDecimal") or - this.hasQualifiedName("javax.xml.namespace", "QName") or + this.hasQualifiedName(javaxOrJakarta() + ".xml.namespace", "QName") or this instanceof TypeUri } } @@ -292,7 +292,9 @@ class JaxRSAnnotation extends Annotation { JaxRSAnnotation() { exists(AnnotationType a | a = this.getType() and - a.getPackage().getName().regexpMatch(["javax\\.ws\\.rs(\\..*)?", "jakarta\\.ws\\.rs(\\..*)?"]) + a.getPackage() + .getName() + .regexpMatch([javaxOrJakarta() + "\\.ws\\.rs(\\..*)?", "jakarta\\.ws\\.rs(\\..*)?"]) ) } } diff --git a/java/ql/lib/semmle/code/java/frameworks/Jms.qll b/java/ql/lib/semmle/code/java/frameworks/Jms.qll index 3cc76771a77..8c86481b4ca 100644 --- a/java/ql/lib/semmle/code/java/frameworks/Jms.qll +++ b/java/ql/lib/semmle/code/java/frameworks/Jms.qll @@ -7,6 +7,6 @@ import java /** The method `ObjectMessage.getObject`. */ class ObjectMessageGetObjectMethod extends Method { ObjectMessageGetObjectMethod() { - this.hasQualifiedName(["javax", "jakarta"] + ".jms", "ObjectMessage", "getObject") + this.hasQualifiedName([javaxOrJakarta() + "", "jakarta"] + ".jms", "ObjectMessage", "getObject") } } diff --git a/java/ql/lib/semmle/code/java/frameworks/Jndi.qll b/java/ql/lib/semmle/code/java/frameworks/Jndi.qll index 0d7d481dc1d..d2b14d5f58e 100644 --- a/java/ql/lib/semmle/code/java/frameworks/Jndi.qll +++ b/java/ql/lib/semmle/code/java/frameworks/Jndi.qll @@ -9,32 +9,34 @@ import java /*--- Types ---*/ /** The interface `javax.naming.Context`. */ class TypeNamingContext extends Interface { - TypeNamingContext() { this.hasQualifiedName("javax.naming", "Context") } + TypeNamingContext() { this.hasQualifiedName(javaxOrJakarta() + ".naming", "Context") } } /** The class `javax.naming.CompositeName`. */ class TypeCompositeName extends Class { - TypeCompositeName() { this.hasQualifiedName("javax.naming", "CompositeName") } + TypeCompositeName() { this.hasQualifiedName(javaxOrJakarta() + ".naming", "CompositeName") } } /** The class `javax.naming.CompoundName`. */ class TypeCompoundName extends Class { - TypeCompoundName() { this.hasQualifiedName("javax.naming", "CompoundName") } + TypeCompoundName() { this.hasQualifiedName(javaxOrJakarta() + ".naming", "CompoundName") } } /** The interface `javax.naming.directory.DirContext`. */ class TypeDirContext extends Interface { - TypeDirContext() { this.hasQualifiedName("javax.naming.directory", "DirContext") } + TypeDirContext() { this.hasQualifiedName(javaxOrJakarta() + ".naming.directory", "DirContext") } } /** The class `javax.naming.directory.SearchControls` */ class TypeSearchControls extends Class { - TypeSearchControls() { this.hasQualifiedName("javax.naming.directory", "SearchControls") } + TypeSearchControls() { + this.hasQualifiedName(javaxOrJakarta() + ".naming.directory", "SearchControls") + } } /** The class `javax.naming.ldap.LdapName`. */ class TypeLdapName extends Class { - TypeLdapName() { this.hasQualifiedName("javax.naming.ldap", "LdapName") } + TypeLdapName() { this.hasQualifiedName(javaxOrJakarta() + ".naming.ldap", "LdapName") } } /*--- Methods ---*/ diff --git a/java/ql/lib/semmle/code/java/frameworks/Mail.qll b/java/ql/lib/semmle/code/java/frameworks/Mail.qll index c61e5ae34f9..5793da4cceb 100644 --- a/java/ql/lib/semmle/code/java/frameworks/Mail.qll +++ b/java/ql/lib/semmle/code/java/frameworks/Mail.qll @@ -8,7 +8,7 @@ import java * The class `javax.mail.Session` or `jakarta.mail.Session`. */ class MailSession extends Class { - MailSession() { this.hasQualifiedName(["javax.mail", "jakarta.mail"], "Session") } + MailSession() { this.hasQualifiedName([javaxOrJakarta() + ".mail", "jakarta.mail"], "Session") } } /** diff --git a/java/ql/lib/semmle/code/java/frameworks/Networking.qll b/java/ql/lib/semmle/code/java/frameworks/Networking.qll index 6eeb5aa9024..21df7ae7f8d 100644 --- a/java/ql/lib/semmle/code/java/frameworks/Networking.qll +++ b/java/ql/lib/semmle/code/java/frameworks/Networking.qll @@ -20,7 +20,7 @@ class TypeSocket extends RefType { /** The type `javax.net.SocketFactory` */ class TypeSocketFactory extends RefType { - TypeSocketFactory() { this.hasQualifiedName("javax.net", "SocketFactory") } + TypeSocketFactory() { this.hasQualifiedName(javaxOrJakarta() + ".net", "SocketFactory") } } /** The type `java.net.URL`. */ diff --git a/java/ql/lib/semmle/code/java/frameworks/Servlets.qll b/java/ql/lib/semmle/code/java/frameworks/Servlets.qll index 7d7beb74fc3..30cd248d4d1 100644 --- a/java/ql/lib/semmle/code/java/frameworks/Servlets.qll +++ b/java/ql/lib/semmle/code/java/frameworks/Servlets.qll @@ -12,7 +12,7 @@ import semmle.code.java.Type */ class ServletRequest extends RefType { ServletRequest() { - this.hasQualifiedName("javax.servlet", "ServletRequest") or + this.hasQualifiedName(javaxOrJakarta() + ".servlet", "ServletRequest") or this instanceof HttpServletRequest } } @@ -21,7 +21,9 @@ class ServletRequest extends RefType { * The interface `javax.servlet.http.HttpServletRequest`. */ class HttpServletRequest extends RefType { - HttpServletRequest() { this.hasQualifiedName("javax.servlet.http", "HttpServletRequest") } + HttpServletRequest() { + this.hasQualifiedName(javaxOrJakarta() + ".servlet.http", "HttpServletRequest") + } } /** @@ -168,7 +170,7 @@ class ServletRequestGetBodyMethod extends Method { */ class ServletResponse extends RefType { ServletResponse() { - this.hasQualifiedName("javax.servlet", "ServletResponse") or + this.hasQualifiedName(javaxOrJakarta() + ".servlet", "ServletResponse") or this instanceof HttpServletResponse } } @@ -177,7 +179,9 @@ class ServletResponse extends RefType { * The interface `javax.servlet.http.HttpServletResponse`. */ class HttpServletResponse extends RefType { - HttpServletResponse() { this.hasQualifiedName("javax.servlet.http", "HttpServletResponse") } + HttpServletResponse() { + this.hasQualifiedName(javaxOrJakarta() + ".servlet.http", "HttpServletResponse") + } } /** @@ -239,7 +243,7 @@ class ServletResponseGetOutputStreamMethod extends Method { /** The class `javax.servlet.http.Cookie`. */ class TypeCookie extends Class { - TypeCookie() { this.hasQualifiedName("javax.servlet.http", "Cookie") } + TypeCookie() { this.hasQualifiedName(javaxOrJakarta() + ".servlet.http", "Cookie") } } /** @@ -331,7 +335,7 @@ class ResponseSetContentTypeMethod extends Method { * A class that has `javax.servlet.Servlet` as an ancestor. */ class ServletClass extends Class { - ServletClass() { this.getAnAncestor().hasQualifiedName("javax.servlet", "Servlet") } + ServletClass() { this.getAnAncestor().hasQualifiedName(javaxOrJakarta() + ".servlet", "Servlet") } } /** @@ -342,13 +346,13 @@ class ServletClass extends Class { */ class ServletWebXmlListenerType extends RefType { ServletWebXmlListenerType() { - this.hasQualifiedName("javax.servlet", "ServletContextAttributeListener") or - this.hasQualifiedName("javax.servlet", "ServletContextListener") or - this.hasQualifiedName("javax.servlet", "ServletRequestAttributeListener") or - this.hasQualifiedName("javax.servlet", "ServletRequestListener") or - this.hasQualifiedName("javax.servlet.http", "HttpSessionAttributeListener") or - this.hasQualifiedName("javax.servlet.http", "HttpSessionIdListener") or - this.hasQualifiedName("javax.servlet.http", "HttpSessionListener") + this.hasQualifiedName(javaxOrJakarta() + ".servlet", "ServletContextAttributeListener") or + this.hasQualifiedName(javaxOrJakarta() + ".servlet", "ServletContextListener") or + this.hasQualifiedName(javaxOrJakarta() + ".servlet", "ServletRequestAttributeListener") or + this.hasQualifiedName(javaxOrJakarta() + ".servlet", "ServletRequestListener") or + this.hasQualifiedName(javaxOrJakarta() + ".servlet.http", "HttpSessionAttributeListener") or + this.hasQualifiedName(javaxOrJakarta() + ".servlet.http", "HttpSessionIdListener") or + this.hasQualifiedName(javaxOrJakarta() + ".servlet.http", "HttpSessionListener") // Listeners that are not configured in `web.xml`: // - `HttpSessionActivationListener` // - `HttpSessionBindingListener` @@ -373,8 +377,8 @@ predicate isRequestGetParamMethod(MethodCall ma) { /** The Java EE RequestDispatcher. */ class RequestDispatcher extends RefType { RequestDispatcher() { - this.hasQualifiedName(["javax.servlet", "jakarta.servlet"], "RequestDispatcher") or - this.hasQualifiedName("javax.portlet", "PortletRequestDispatcher") + this.hasQualifiedName([javaxOrJakarta() + ".servlet", "jakarta.servlet"], "RequestDispatcher") or + this.hasQualifiedName(javaxOrJakarta() + ".portlet", "PortletRequestDispatcher") } } @@ -398,7 +402,7 @@ class RequestDispatchMethod extends Method { * The interface `javax.servlet.ServletContext`. */ class ServletContext extends RefType { - ServletContext() { this.hasQualifiedName("javax.servlet", "ServletContext") } + ServletContext() { this.hasQualifiedName(javaxOrJakarta() + ".servlet", "ServletContext") } } /** The `getResource` method of `ServletContext`. */ @@ -419,5 +423,5 @@ class GetServletResourceAsStreamMethod extends Method { /** The interface `javax.servlet.http.HttpSession` */ class HttpServletSession extends RefType { - HttpServletSession() { this.hasQualifiedName("javax.servlet.http", "HttpSession") } + HttpServletSession() { this.hasQualifiedName(javaxOrJakarta() + ".servlet.http", "HttpSession") } } diff --git a/java/ql/lib/semmle/code/java/frameworks/javaee/JavaServerFaces.qll b/java/ql/lib/semmle/code/java/frameworks/javaee/JavaServerFaces.qll index 2f749962e94..285bd7fd670 100644 --- a/java/ql/lib/semmle/code/java/frameworks/javaee/JavaServerFaces.qll +++ b/java/ql/lib/semmle/code/java/frameworks/javaee/JavaServerFaces.qll @@ -61,7 +61,7 @@ class FacesAccessibleType extends RefType { class FacesComponent extends Class { FacesComponent() { // Must extend UIComponent for it to be a valid component. - this.getAnAncestor().hasQualifiedName("javax.faces.component", "UIComponent") and + this.getAnAncestor().hasQualifiedName(javaxOrJakarta() + ".faces.component", "UIComponent") and ( // Must be registered using either an annotation exists(FacesComponentAnnotation componentAnnotation | diff --git a/java/ql/lib/semmle/code/java/frameworks/javaee/Persistence.qll b/java/ql/lib/semmle/code/java/frameworks/javaee/Persistence.qll index b5031d7dff0..05a7e615552 100644 --- a/java/ql/lib/semmle/code/java/frameworks/javaee/Persistence.qll +++ b/java/ql/lib/semmle/code/java/frameworks/javaee/Persistence.qll @@ -9,7 +9,9 @@ import java /** * Gets a JavaEE Persistence API package name. */ -string getAPersistencePackageName() { result = ["javax.persistence", "jakarta.persistence"] } +string getAPersistencePackageName() { + result = [javaxOrJakarta() + ".persistence", "jakarta.persistence"] +} /** * A `RefType` with the `@Entity` annotation that indicates that it can be persisted using a JPA diff --git a/java/ql/lib/semmle/code/java/frameworks/javaee/Xml.qll b/java/ql/lib/semmle/code/java/frameworks/javaee/Xml.qll index 222b778ba58..6943c8023d4 100644 --- a/java/ql/lib/semmle/code/java/frameworks/javaee/Xml.qll +++ b/java/ql/lib/semmle/code/java/frameworks/javaee/Xml.qll @@ -33,7 +33,7 @@ private class ValidatorConfig extends TransformerConfig { /** The class `javax.xml.validation.Validator`. */ private class Validator extends RefType { - Validator() { this.hasQualifiedName("javax.xml.validation", "Validator") } + Validator() { this.hasQualifiedName(javaxOrJakarta() + ".xml.validation", "Validator") } } /** A safely configured `Validator`. */ diff --git a/java/ql/lib/semmle/code/java/frameworks/javaee/ejb/EJB.qll b/java/ql/lib/semmle/code/java/frameworks/javaee/ejb/EJB.qll index a866d84df21..efbd0c0b1eb 100644 --- a/java/ql/lib/semmle/code/java/frameworks/javaee/ejb/EJB.qll +++ b/java/ql/lib/semmle/code/java/frameworks/javaee/ejb/EJB.qll @@ -64,7 +64,7 @@ class SessionEjb extends EJB { result = this.getASupertype() and not result.hasQualifiedName("java.io", "Serializable") and not result.hasQualifiedName("java.io", "Externalizable") and - not result.getPackage().getName() = "javax.ejb" + not result.getPackage().getName() = javaxOrJakarta() + ".ejb" } /** Any remote interfaces of this EJB. */ @@ -216,14 +216,14 @@ abstract class BusinessInterfaceAnnotation extends EjbInterfaceAnnotation { } * An instance of a `@Remote` annotation. */ class RemoteAnnotation extends BusinessInterfaceAnnotation { - RemoteAnnotation() { this.getType().hasQualifiedName("javax.ejb", "Remote") } + RemoteAnnotation() { this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "Remote") } } /** * An instance of a `@Local` annotation. */ class LocalAnnotation extends BusinessInterfaceAnnotation { - LocalAnnotation() { this.getType().hasQualifiedName("javax.ejb", "Local") } + LocalAnnotation() { this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "Local") } } /** @@ -330,7 +330,7 @@ class LocalAnnotatedBusinessInterface extends AnnotatedBusinessInterface { * A `@javax.ejb.Init` annotation. */ class InitAnnotation extends Annotation { - InitAnnotation() { this.getType().hasQualifiedName("javax.ejb", "Init") } + InitAnnotation() { this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "Init") } } /** @@ -383,14 +383,16 @@ abstract class HomeAnnotation extends EjbInterfaceAnnotation { } * An instance of a `@RemoteHome` annotation. */ class RemoteHomeAnnotation extends HomeAnnotation { - RemoteHomeAnnotation() { this.getType().hasQualifiedName("javax.ejb", "RemoteHome") } + RemoteHomeAnnotation() { + this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "RemoteHome") + } } /** * An instance of a `@LocalHome` annotation. */ class LocalHomeAnnotation extends HomeAnnotation { - LocalHomeAnnotation() { this.getType().hasQualifiedName("javax.ejb", "LocalHome") } + LocalHomeAnnotation() { this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "LocalHome") } } /** @@ -748,7 +750,9 @@ Type inheritsMatchingCreateMethodExceptThrows(StatefulSessionEjb ejb, EjbInterfa * A `@javax.ejb.AccessTimeout` annotation. */ class AccessTimeoutAnnotation extends Annotation { - AccessTimeoutAnnotation() { this.getType().hasQualifiedName("javax.ejb", "AccessTimeout") } + AccessTimeoutAnnotation() { + this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "AccessTimeout") + } } /** @@ -756,7 +760,7 @@ class AccessTimeoutAnnotation extends Annotation { */ class ActivationConfigPropertyAnnotation extends Annotation { ActivationConfigPropertyAnnotation() { - this.getType().hasQualifiedName("javax.ejb", "ActivationConfigProperty") + this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "ActivationConfigProperty") } } @@ -764,14 +768,18 @@ class ActivationConfigPropertyAnnotation extends Annotation { * A `@javax.ejb.AfterBegin` annotation. */ class AfterBeginAnnotation extends Annotation { - AfterBeginAnnotation() { this.getType().hasQualifiedName("javax.ejb", "AfterBegin") } + AfterBeginAnnotation() { + this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "AfterBegin") + } } /** * A `@javax.ejb.AfterCompletion` annotation. */ class AfterCompletionAnnotation extends Annotation { - AfterCompletionAnnotation() { this.getType().hasQualifiedName("javax.ejb", "AfterCompletion") } + AfterCompletionAnnotation() { + this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "AfterCompletion") + } } /** @@ -779,7 +787,7 @@ class AfterCompletionAnnotation extends Annotation { */ class ApplicationExceptionAnnotation extends Annotation { ApplicationExceptionAnnotation() { - this.getType().hasQualifiedName("javax.ejb", "ApplicationException") + this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "ApplicationException") } } @@ -787,14 +795,18 @@ class ApplicationExceptionAnnotation extends Annotation { * A `@javax.ejb.Asynchronous` annotation. */ class AsynchronousAnnotation extends Annotation { - AsynchronousAnnotation() { this.getType().hasQualifiedName("javax.ejb", "Asynchronous") } + AsynchronousAnnotation() { + this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "Asynchronous") + } } /** * A `@javax.ejb.BeforeCompletion` annotation. */ class BeforeCompletionAnnotation extends Annotation { - BeforeCompletionAnnotation() { this.getType().hasQualifiedName("javax.ejb", "BeforeCompletion") } + BeforeCompletionAnnotation() { + this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "BeforeCompletion") + } } /** @@ -802,7 +814,7 @@ class BeforeCompletionAnnotation extends Annotation { */ class ConcurrencyManagementAnnotation extends Annotation { ConcurrencyManagementAnnotation() { - this.getType().hasQualifiedName("javax.ejb", "ConcurrencyManagement") + this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "ConcurrencyManagement") } } @@ -810,119 +822,127 @@ class ConcurrencyManagementAnnotation extends Annotation { * A `@javax.ejb.DependsOn` annotation. */ class DependsOnAnnotation extends Annotation { - DependsOnAnnotation() { this.getType().hasQualifiedName("javax.ejb", "DependsOn") } + DependsOnAnnotation() { this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "DependsOn") } } /** * A `@javax.ejb.EJB` annotation. */ class EjbAnnotation extends Annotation { - EjbAnnotation() { this.getType().hasQualifiedName("javax.ejb", "EJB") } + EjbAnnotation() { this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "EJB") } } /** * A `@javax.ejb.EJBs` annotation. */ class EJBsAnnotation extends Annotation { - EJBsAnnotation() { this.getType().hasQualifiedName("javax.ejb", "EJBs") } + EJBsAnnotation() { this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "EJBs") } } /** * A `@javax.ejb.LocalBean` annotation. */ class LocalBeanAnnotation extends Annotation { - LocalBeanAnnotation() { this.getType().hasQualifiedName("javax.ejb", "LocalBean") } + LocalBeanAnnotation() { this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "LocalBean") } } /** * A `@javax.ejb.Lock` annotation. */ class LockAnnotation extends Annotation { - LockAnnotation() { this.getType().hasQualifiedName("javax.ejb", "Lock") } + LockAnnotation() { this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "Lock") } } /** * A `@javax.ejb.MessageDriven` annotation. */ class MessageDrivenAnnotation extends Annotation { - MessageDrivenAnnotation() { this.getType().hasQualifiedName("javax.ejb", "MessageDriven") } + MessageDrivenAnnotation() { + this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "MessageDriven") + } } /** * A `@javax.ejb.PostActivate` annotation. */ class PostActivateAnnotation extends Annotation { - PostActivateAnnotation() { this.getType().hasQualifiedName("javax.ejb", "PostActivate") } + PostActivateAnnotation() { + this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "PostActivate") + } } /** * A `@javax.ejb.PrePassivate` annotation. */ class PrePassivateAnnotation extends Annotation { - PrePassivateAnnotation() { this.getType().hasQualifiedName("javax.ejb", "PrePassivate") } + PrePassivateAnnotation() { + this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "PrePassivate") + } } /** * A `@javax.ejb.Remove` annotation. */ class RemoveAnnotation extends Annotation { - RemoveAnnotation() { this.getType().hasQualifiedName("javax.ejb", "Remove") } + RemoveAnnotation() { this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "Remove") } } /** * A `@javax.ejb.Schedule` annotation. */ class ScheduleAnnotation extends Annotation { - ScheduleAnnotation() { this.getType().hasQualifiedName("javax.ejb", "Schedule") } + ScheduleAnnotation() { this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "Schedule") } } /** * A `@javax.ejb.Schedules` annotation. */ class SchedulesAnnotation extends Annotation { - SchedulesAnnotation() { this.getType().hasQualifiedName("javax.ejb", "Schedules") } + SchedulesAnnotation() { this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "Schedules") } } /** * A `@javax.ejb.Singleton` annotation. */ class SingletonAnnotation extends Annotation { - SingletonAnnotation() { this.getType().hasQualifiedName("javax.ejb", "Singleton") } + SingletonAnnotation() { this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "Singleton") } } /** * A `@javax.ejb.Startup` annotation. */ class StartupAnnotation extends Annotation { - StartupAnnotation() { this.getType().hasQualifiedName("javax.ejb", "Startup") } + StartupAnnotation() { this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "Startup") } } /** * A `@javax.ejb.Stateful` annotation. */ class StatefulAnnotation extends Annotation { - StatefulAnnotation() { this.getType().hasQualifiedName("javax.ejb", "Stateful") } + StatefulAnnotation() { this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "Stateful") } } /** * A `@javax.ejb.StatefulTimeout` annotation. */ class StatefulTimeoutAnnotation extends Annotation { - StatefulTimeoutAnnotation() { this.getType().hasQualifiedName("javax.ejb", "StatefulTimeout") } + StatefulTimeoutAnnotation() { + this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "StatefulTimeout") + } } /** * A `@javax.ejb.Stateless` annotation. */ class StatelessAnnotation extends Annotation { - StatelessAnnotation() { this.getType().hasQualifiedName("javax.ejb", "Stateless") } + StatelessAnnotation() { this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "Stateless") } } /** * A `@javax.ejb.Timeout` annotation. */ class TimeoutAnnotation extends Annotation { - TimeoutAnnotation() { this.getType().hasQualifiedName("javax.ejb", "Timeout") } + TimeoutAnnotation() { this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "Timeout") } } /** @@ -930,7 +950,7 @@ class TimeoutAnnotation extends Annotation { */ class TransactionAttributeAnnotation extends Annotation { TransactionAttributeAnnotation() { - this.getType().hasQualifiedName("javax.ejb", "TransactionAttribute") + this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "TransactionAttribute") } } @@ -939,7 +959,7 @@ class TransactionAttributeAnnotation extends Annotation { */ class TransactionManagementAnnotation extends Annotation { TransactionManagementAnnotation() { - this.getType().hasQualifiedName("javax.ejb", "TransactionManagement") + this.getType().hasQualifiedName(javaxOrJakarta() + ".ejb", "TransactionManagement") } } @@ -951,7 +971,10 @@ class RequiredTransactionAttributeAnnotation extends TransactionAttributeAnnotat RequiredTransactionAttributeAnnotation() { exists(FieldRead fr | this.getValue("value") = fr and - fr.getField().getType().(RefType).hasQualifiedName("javax.ejb", "TransactionAttributeType") and + fr.getField() + .getType() + .(RefType) + .hasQualifiedName(javaxOrJakarta() + ".ejb", "TransactionAttributeType") and fr.getField().getName() = "REQUIRED" ) } @@ -965,7 +988,10 @@ class RequiresNewTransactionAttributeAnnotation extends TransactionAttributeAnno RequiresNewTransactionAttributeAnnotation() { exists(FieldRead fr | this.getValue("value") = fr and - fr.getField().getType().(RefType).hasQualifiedName("javax.ejb", "TransactionAttributeType") and + fr.getField() + .getType() + .(RefType) + .hasQualifiedName(javaxOrJakarta() + ".ejb", "TransactionAttributeType") and fr.getField().getName() = "REQUIRES_NEW" ) } @@ -999,7 +1025,9 @@ TransactionAttributeAnnotation getInnermostTransactionAttributeAnnotation(Method */ class SetRollbackOnlyMethod extends Method { SetRollbackOnlyMethod() { - this.getDeclaringType().getAnAncestor().hasQualifiedName("javax.ejb", "EJBContext") and + this.getDeclaringType() + .getAnAncestor() + .hasQualifiedName(javaxOrJakarta() + ".ejb", "EJBContext") and this.getName() = "setRollbackOnly" and this.hasNoParameters() } diff --git a/java/ql/lib/semmle/code/java/frameworks/javaee/ejb/EJBRestrictions.qll b/java/ql/lib/semmle/code/java/frameworks/javaee/ejb/EJBRestrictions.qll index 10b6e7f3df2..47872816825 100644 --- a/java/ql/lib/semmle/code/java/frameworks/javaee/ejb/EJBRestrictions.qll +++ b/java/ql/lib/semmle/code/java/frameworks/javaee/ejb/EJBRestrictions.qll @@ -159,8 +159,8 @@ class GraphicsPackage extends Package { GraphicsPackage() { this.getName() = "java.awt" or this.getName().matches("java.awt.%") or - this.getName() = "javax.swing" or - this.getName().matches("javax.swing.%") + this.getName() = javaxOrJakarta() + ".swing" or + this.getName().matches(javaxOrJakarta() + ".swing.%") } } diff --git a/java/ql/lib/semmle/code/java/frameworks/javaee/jsf/JSFAnnotations.qll b/java/ql/lib/semmle/code/java/frameworks/javaee/jsf/JSFAnnotations.qll index 3338fa840ab..f62d9e50b68 100644 --- a/java/ql/lib/semmle/code/java/frameworks/javaee/jsf/JSFAnnotations.qll +++ b/java/ql/lib/semmle/code/java/frameworks/javaee/jsf/JSFAnnotations.qll @@ -9,7 +9,7 @@ import default */ class FacesManagedBeanAnnotation extends Annotation { FacesManagedBeanAnnotation() { - this.getType().hasQualifiedName("javax.faces.bean", "ManagedBean") + this.getType().hasQualifiedName(javaxOrJakarta() + ".faces.bean", "ManagedBean") } /** @@ -25,7 +25,7 @@ class FacesManagedBeanAnnotation extends Annotation { */ class FacesComponentAnnotation extends Annotation { FacesComponentAnnotation() { - this.getType().hasQualifiedName("javax.faces.component", "FacesComponent") + this.getType().hasQualifiedName(javaxOrJakarta() + ".faces.component", "FacesComponent") } /** diff --git a/java/ql/lib/semmle/code/java/frameworks/javaee/jsf/JSFRenderer.qll b/java/ql/lib/semmle/code/java/frameworks/javaee/jsf/JSFRenderer.qll index df646e8a9a2..6e6bad91d47 100644 --- a/java/ql/lib/semmle/code/java/frameworks/javaee/jsf/JSFRenderer.qll +++ b/java/ql/lib/semmle/code/java/frameworks/javaee/jsf/JSFRenderer.qll @@ -9,7 +9,8 @@ import java */ class FacesContext extends RefType { FacesContext() { - this.hasQualifiedName(["javax.faces.context", "jakarta.faces.context"], "FacesContext") + this.hasQualifiedName([javaxOrJakarta() + ".faces.context", "jakarta.faces.context"], + "FacesContext") } } diff --git a/java/ql/lib/semmle/code/java/frameworks/spring/SpringAutowire.qll b/java/ql/lib/semmle/code/java/frameworks/spring/SpringAutowire.qll index e758811b368..970870f9503 100644 --- a/java/ql/lib/semmle/code/java/frameworks/spring/SpringAutowire.qll +++ b/java/ql/lib/semmle/code/java/frameworks/spring/SpringAutowire.qll @@ -14,7 +14,7 @@ import SpringComponentScan predicate hasInjectAnnotation(Annotatable a) { a.hasAnnotation("org.springframework.beans.factory.annotation", "Autowired") or a.getAnAnnotation() instanceof SpringResourceAnnotation or - a.hasAnnotation("javax.inject", "Inject") + a.hasAnnotation(javaxOrJakarta() + ".inject", "Inject") } /** @@ -292,7 +292,7 @@ class SpringBeanAutowiredField extends Field { class SpringQualifierAnnotationType extends AnnotationType { SpringQualifierAnnotationType() { this.hasQualifiedName("org.springframework.beans.factory.annotation", "Qualifier") or - this.hasQualifiedName("javax.inject", "Qualifier") or + this.hasQualifiedName(javaxOrJakarta() + ".inject", "Qualifier") or this.getAnAnnotation().getType() instanceof SpringQualifierAnnotationType } } @@ -340,7 +340,9 @@ class SpringQualifierAnnotation extends Annotation { * autowired by Spring, and can optionally specify a qualifier in the "name". */ class SpringResourceAnnotation extends Annotation { - SpringResourceAnnotation() { this.getType().hasQualifiedName("javax.inject", "Resource") } + SpringResourceAnnotation() { + this.getType().hasQualifiedName(javaxOrJakarta() + ".inject", "Resource") + } /** * Gets the specified name value, if any. diff --git a/java/ql/lib/semmle/code/java/frameworks/spring/SpringController.qll b/java/ql/lib/semmle/code/java/frameworks/spring/SpringController.qll index a444dc96d5a..a26e4edc277 100644 --- a/java/ql/lib/semmle/code/java/frameworks/spring/SpringController.qll +++ b/java/ql/lib/semmle/code/java/frameworks/spring/SpringController.qll @@ -210,10 +210,22 @@ class SpringRequestMappingParameter extends Parameter { predicate isNotDirectlyTaintedInput() { this.getType().(RefType).getAnAncestor() instanceof SpringWebRequest or this.getType().(RefType).getAnAncestor() instanceof SpringNativeWebRequest or - this.getType().(RefType).getAnAncestor().hasQualifiedName("javax.servlet", "ServletRequest") or - this.getType().(RefType).getAnAncestor().hasQualifiedName("javax.servlet", "ServletResponse") or - this.getType().(RefType).getAnAncestor().hasQualifiedName("javax.servlet.http", "HttpSession") or - this.getType().(RefType).getAnAncestor().hasQualifiedName("javax.servlet.http", "PushBuilder") or + this.getType() + .(RefType) + .getAnAncestor() + .hasQualifiedName(javaxOrJakarta() + ".servlet", "ServletRequest") or + this.getType() + .(RefType) + .getAnAncestor() + .hasQualifiedName(javaxOrJakarta() + ".servlet", "ServletResponse") or + this.getType() + .(RefType) + .getAnAncestor() + .hasQualifiedName(javaxOrJakarta() + ".servlet.http", "HttpSession") or + this.getType() + .(RefType) + .getAnAncestor() + .hasQualifiedName(javaxOrJakarta() + ".servlet.http", "PushBuilder") or this.getType().(RefType).getAnAncestor().hasQualifiedName("java.security", "Principal") or this.getType() .(RefType) diff --git a/java/ql/lib/semmle/code/java/security/CleartextStorageCookieQuery.qll b/java/ql/lib/semmle/code/java/security/CleartextStorageCookieQuery.qll index 1c99821386d..9f04aff7e40 100644 --- a/java/ql/lib/semmle/code/java/security/CleartextStorageCookieQuery.qll +++ b/java/ql/lib/semmle/code/java/security/CleartextStorageCookieQuery.qll @@ -23,7 +23,9 @@ private class CookieCleartextStorageSink extends CleartextStorageSink { /** The instantiation of a cookie, which can act as storage. */ class Cookie extends Storable, ClassInstanceExpr { Cookie() { - this.getConstructor().getDeclaringType().hasQualifiedName("javax.servlet.http", "Cookie") + this.getConstructor() + .getDeclaringType() + .hasQualifiedName(javaxOrJakarta() + ".servlet.http", "Cookie") } /** Gets an input, for example `input` in `new Cookie("...", input);`. */ @@ -42,7 +44,8 @@ private predicate cookieStore(DataFlow::Node cookie, Expr store) { exists(MethodCall m, Method def | m.getMethod() = def and def.getName() = "addCookie" and - def.getDeclaringType().hasQualifiedName("javax.servlet.http", "HttpServletResponse") and + def.getDeclaringType() + .hasQualifiedName(javaxOrJakarta() + ".servlet.http", "HttpServletResponse") and store = m and cookie.asExpr() = m.getAnArgument() ) diff --git a/java/ql/lib/semmle/code/java/security/Encryption.qll b/java/ql/lib/semmle/code/java/security/Encryption.qll index b948a94962c..73c91433bdc 100644 --- a/java/ql/lib/semmle/code/java/security/Encryption.qll +++ b/java/ql/lib/semmle/code/java/security/Encryption.qll @@ -9,56 +9,58 @@ import java class SslClass extends RefType { SslClass() { exists(Class c | this.getAnAncestor() = c | - c.hasQualifiedName("javax.net.ssl", _) or - c.hasQualifiedName("javax.rmi.ssl", _) + c.hasQualifiedName(javaxOrJakarta() + ".net.ssl", _) or + c.hasQualifiedName(javaxOrJakarta() + ".rmi.ssl", _) ) } } class X509TrustManager extends RefType { - X509TrustManager() { this.hasQualifiedName("javax.net.ssl", "X509TrustManager") } + X509TrustManager() { this.hasQualifiedName(javaxOrJakarta() + ".net.ssl", "X509TrustManager") } } /** The `javax.net.ssl.HttpsURLConnection` class. */ class HttpsUrlConnection extends RefType { - HttpsUrlConnection() { this.hasQualifiedName("javax.net.ssl", "HttpsURLConnection") } + HttpsUrlConnection() { + this.hasQualifiedName(javaxOrJakarta() + ".net.ssl", "HttpsURLConnection") + } } class SslSocketFactory extends RefType { - SslSocketFactory() { this.hasQualifiedName("javax.net.ssl", "SSLSocketFactory") } + SslSocketFactory() { this.hasQualifiedName(javaxOrJakarta() + ".net.ssl", "SSLSocketFactory") } } class SslContext extends RefType { - SslContext() { this.hasQualifiedName("javax.net.ssl", "SSLContext") } + SslContext() { this.hasQualifiedName(javaxOrJakarta() + ".net.ssl", "SSLContext") } } /** The `javax.net.ssl.SslSession` class. */ class SslSession extends RefType { - SslSession() { this.hasQualifiedName("javax.net.ssl", "SSLSession") } + SslSession() { this.hasQualifiedName(javaxOrJakarta() + ".net.ssl", "SSLSession") } } /** The `javax.net.ssl.SslEngine` class. */ class SslEngine extends RefType { - SslEngine() { this.hasQualifiedName("javax.net.ssl", "SSLEngine") } + SslEngine() { this.hasQualifiedName(javaxOrJakarta() + ".net.ssl", "SSLEngine") } } /** The `javax.net.ssl.SslSocket` class. */ class SslSocket extends RefType { - SslSocket() { this.hasQualifiedName("javax.net.ssl", "SSLSocket") } + SslSocket() { this.hasQualifiedName(javaxOrJakarta() + ".net.ssl", "SSLSocket") } } /** The `javax.net.ssl.SslParameters` class. */ class SslParameters extends RefType { - SslParameters() { this.hasQualifiedName("javax.net.ssl", "SSLParameters") } + SslParameters() { this.hasQualifiedName(javaxOrJakarta() + ".net.ssl", "SSLParameters") } } class HostnameVerifier extends RefType { - HostnameVerifier() { this.hasQualifiedName("javax.net.ssl", "HostnameVerifier") } + HostnameVerifier() { this.hasQualifiedName(javaxOrJakarta() + ".net.ssl", "HostnameVerifier") } } /** The Java class `javax.crypto.KeyGenerator`. */ class KeyGenerator extends RefType { - KeyGenerator() { this.hasQualifiedName("javax.crypto", "KeyGenerator") } + KeyGenerator() { this.hasQualifiedName(javaxOrJakarta() + ".crypto", "KeyGenerator") } } /** The Java class `java.security.KeyPairGenerator`. */ @@ -292,7 +294,7 @@ abstract class JavaxCryptoAlgoSpec extends CryptoAlgoSpec { } class JavaxCryptoCipher extends JavaxCryptoAlgoSpec { JavaxCryptoCipher() { exists(Method m | m.getAReference() = this | - m.hasQualifiedName("javax.crypto", "Cipher", "getInstance") + m.hasQualifiedName(javaxOrJakarta() + ".crypto", "Cipher", "getInstance") ) } @@ -302,7 +304,7 @@ class JavaxCryptoCipher extends JavaxCryptoAlgoSpec { class JavaxCryptoSecretKey extends JavaxCryptoAlgoSpec { JavaxCryptoSecretKey() { exists(Constructor c | c.getAReference() = this | - c.getDeclaringType().hasQualifiedName("javax.crypto.spec", "SecretKeySpec") + c.getDeclaringType().hasQualifiedName(javaxOrJakarta() + ".crypto.spec", "SecretKeySpec") ) } @@ -327,7 +329,7 @@ class JavaxCryptoKeyGenerator extends JavaxCryptoAlgoSpec { class JavaxCryptoKeyAgreement extends JavaxCryptoAlgoSpec { JavaxCryptoKeyAgreement() { exists(Method m | m.getAReference() = this | - m.hasQualifiedName("javax.crypto", "KeyAgreement", "getInstance") + m.hasQualifiedName(javaxOrJakarta() + ".crypto", "KeyAgreement", "getInstance") ) } @@ -337,7 +339,7 @@ class JavaxCryptoKeyAgreement extends JavaxCryptoAlgoSpec { class JavaxCryptoKeyFactory extends JavaxCryptoAlgoSpec { JavaxCryptoKeyFactory() { exists(Method m | m.getAReference() = this | - m.hasQualifiedName("javax.crypto", "SecretKeyFactory", "getInstance") + m.hasQualifiedName(javaxOrJakarta() + ".crypto", "SecretKeyFactory", "getInstance") ) } @@ -429,5 +431,7 @@ class DsaGenParameterSpec extends AlgorithmParameterSpec { /** The Java class `javax.crypto.spec.DHGenParameterSpec`. */ class DhGenParameterSpec extends AlgorithmParameterSpec { - DhGenParameterSpec() { this.hasQualifiedName("javax.crypto.spec", "DHGenParameterSpec") } + DhGenParameterSpec() { + this.hasQualifiedName(javaxOrJakarta() + ".crypto.spec", "DHGenParameterSpec") + } } diff --git a/java/ql/lib/semmle/code/java/security/InsecureBeanValidationQuery.qll b/java/ql/lib/semmle/code/java/security/InsecureBeanValidationQuery.qll index e1c840ce264..88fb540e83b 100644 --- a/java/ql/lib/semmle/code/java/security/InsecureBeanValidationQuery.qll +++ b/java/ql/lib/semmle/code/java/security/InsecureBeanValidationQuery.qll @@ -25,7 +25,7 @@ class SetMessageInterpolatorCall extends MethodCall { this.getMethod() = m and m.getDeclaringType().getASourceSupertype*() = t and ( - t.hasQualifiedName("javax.validation", ["Configuration", "ValidatorContext"]) and + t.hasQualifiedName(javaxOrJakarta() + ".validation", ["Configuration", "ValidatorContext"]) and m.getName() = "messageInterpolator" or t.hasQualifiedName("org.springframework.validation.beanvalidation", diff --git a/java/ql/lib/semmle/code/java/security/XSS.qll b/java/ql/lib/semmle/code/java/security/XSS.qll index 0d52d480ae7..b094346b753 100644 --- a/java/ql/lib/semmle/code/java/security/XSS.qll +++ b/java/ql/lib/semmle/code/java/security/XSS.qll @@ -127,7 +127,7 @@ class XssVulnerableWriterSource extends MethodCall { ) or exists(Method m | m = this.getMethod() | - m.hasQualifiedName("javax.servlet.jsp", "JspContext", "getOut") + m.hasQualifiedName(javaxOrJakarta() + ".servlet.jsp", "JspContext", "getOut") ) or this.getMethod() instanceof FacesGetResponseWriterMethod diff --git a/java/ql/lib/semmle/code/java/security/XmlParsers.qll b/java/ql/lib/semmle/code/java/security/XmlParsers.qll index 8bb2a015a14..bd1520034eb 100644 --- a/java/ql/lib/semmle/code/java/security/XmlParsers.qll +++ b/java/ql/lib/semmle/code/java/security/XmlParsers.qll @@ -62,12 +62,14 @@ abstract class ParserConfig extends MethodCall { /** The class `javax.xml.parsers.DocumentBuilderFactory`. */ class DocumentBuilderFactory extends RefType { - DocumentBuilderFactory() { this.hasQualifiedName("javax.xml.parsers", "DocumentBuilderFactory") } + DocumentBuilderFactory() { + this.hasQualifiedName(javaxOrJakarta() + ".xml.parsers", "DocumentBuilderFactory") + } } /** The class `javax.xml.parsers.DocumentBuilder`. */ class DocumentBuilder extends RefType { - DocumentBuilder() { this.hasQualifiedName("javax.xml.parsers", "DocumentBuilder") } + DocumentBuilder() { this.hasQualifiedName(javaxOrJakarta() + ".xml.parsers", "DocumentBuilder") } } /** A call to `DocumentBuilder.parse`. */ @@ -174,7 +176,7 @@ class SafeDocumentBuilder extends DocumentBuilderConstruction { /** The class `javax.xml.stream.XMLInputFactory`. */ class XmlInputFactory extends RefType { - XmlInputFactory() { this.hasQualifiedName("javax.xml.stream", "XMLInputFactory") } + XmlInputFactory() { this.hasQualifiedName(javaxOrJakarta() + ".xml.stream", "XMLInputFactory") } } /** A call to `XMLInputFactory.createXMLStreamReader`. */ @@ -243,7 +245,8 @@ class XmlInputFactoryConfig extends ParserConfig { * An `XmlInputFactory` specific expression that indicates whether parsing external entities is supported. */ Expr configOptionIsSupportingExternalEntities() { - result.(ConstantStringExpr).getStringValue() = "javax.xml.stream.isSupportingExternalEntities" + result.(ConstantStringExpr).getStringValue() = + javaxOrJakarta() + ".xml.stream.isSupportingExternalEntities" or exists(Field f | result = f.getAnAccess() and @@ -256,7 +259,7 @@ Expr configOptionIsSupportingExternalEntities() { * An `XmlInputFactory` specific expression that indicates whether DTD is supported. */ Expr configOptionSupportDtd() { - result.(ConstantStringExpr).getStringValue() = "javax.xml.stream.supportDTD" + result.(ConstantStringExpr).getStringValue() = javaxOrJakarta() + ".xml.stream.supportDTD" or exists(Field f | result = f.getAnAccess() and @@ -357,12 +360,14 @@ class SafeSaxBuilder extends VarAccess { * The class `javax.xml.parsers.SAXParser`. */ class SaxParser extends RefType { - SaxParser() { this.hasQualifiedName("javax.xml.parsers", "SAXParser") } + SaxParser() { this.hasQualifiedName(javaxOrJakarta() + ".xml.parsers", "SAXParser") } } /** The class `javax.xml.parsers.SAXParserFactory`. */ class SaxParserFactory extends RefType { - SaxParserFactory() { this.hasQualifiedName("javax.xml.parsers", "SAXParserFactory") } + SaxParserFactory() { + this.hasQualifiedName(javaxOrJakarta() + ".xml.parsers", "SAXParserFactory") + } } /** A call to `SAXParser.parse`. */ @@ -635,7 +640,7 @@ class CreatedSafeXmlReader extends Call { /** The class `javax.xml.transform.sax.SAXSource` */ class SaxSource extends RefType { - SaxSource() { this.hasQualifiedName("javax.xml.transform.sax", "SAXSource") } + SaxSource() { this.hasQualifiedName(javaxOrJakarta() + ".xml.transform.sax", "SAXSource") } } /** A call to the constructor of `SAXSource` with `XmlReader` and `InputSource`. */ @@ -697,7 +702,7 @@ abstract class TransformerConfig extends MethodCall { /** The class `javax.xml.XMLConstants`. */ class XmlConstants extends RefType { - XmlConstants() { this.hasQualifiedName("javax.xml", "XMLConstants") } + XmlConstants() { this.hasQualifiedName(javaxOrJakarta() + ".xml", "XMLConstants") } } /** A configuration specific for transformers and schema. */ @@ -739,14 +744,14 @@ Expr configAccessExternalSchema() { /** The class `javax.xml.transform.TransformerFactory` or `javax.xml.transform.sax.SAXTransformerFactory`. */ class TransformerFactory extends RefType { TransformerFactory() { - this.hasQualifiedName("javax.xml.transform", "TransformerFactory") or - this.hasQualifiedName("javax.xml.transform.sax", "SAXTransformerFactory") + this.hasQualifiedName(javaxOrJakarta() + ".xml.transform", "TransformerFactory") or + this.hasQualifiedName(javaxOrJakarta() + ".xml.transform.sax", "SAXTransformerFactory") } } /** The class `javax.xml.transform.Transformer`. */ class Transformer extends RefType { - Transformer() { this.hasQualifiedName("javax.xml.transform", "Transformer") } + Transformer() { this.hasQualifiedName(javaxOrJakarta() + ".xml.transform", "Transformer") } } /** A call to `Transformer.transform`. */ @@ -843,7 +848,8 @@ class SaxTransformerFactoryNewXmlFilter extends XmlParserCall { SaxTransformerFactoryNewXmlFilter() { exists(Method m | this.getMethod() = m and - m.getDeclaringType().hasQualifiedName("javax.xml.transform.sax", "SAXTransformerFactory") and + m.getDeclaringType() + .hasQualifiedName(javaxOrJakarta() + ".xml.transform.sax", "SAXTransformerFactory") and m.hasName("newXMLFilter") ) } @@ -858,7 +864,7 @@ class SaxTransformerFactoryNewXmlFilter extends XmlParserCall { /* Schema: https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html#schemafactory */ /** The class `javax.xml.validation.SchemaFactory`. */ class SchemaFactory extends RefType { - SchemaFactory() { this.hasQualifiedName("javax.xml.validation", "SchemaFactory") } + SchemaFactory() { this.hasQualifiedName(javaxOrJakarta() + ".xml.validation", "SchemaFactory") } } /** A `ParserConfig` specific to `SchemaFactory`. */ @@ -913,7 +919,7 @@ class SafeSchemaFactory extends VarAccess { /* Unmarshaller: https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html#jaxb-unmarshaller */ /** The class `javax.xml.bind.Unmarshaller`. */ class XmlUnmarshaller extends RefType { - XmlUnmarshaller() { this.hasQualifiedName("javax.xml.bind", "Unmarshaller") } + XmlUnmarshaller() { this.hasQualifiedName(javaxOrJakarta() + ".xml.bind", "Unmarshaller") } } /** A call to `Unmarshaller.unmarshal`. */ @@ -934,12 +940,12 @@ class XmlUnmarshal extends XmlParserCall { /* XPathExpression: https://cheatsheetseries.owasp.org/cheatsheets/XML_External_Entity_Prevention_Cheat_Sheet.html#xpathexpression */ /** The interface `javax.xml.xpath.XPathExpression`. */ class XPathExpression extends Interface { - XPathExpression() { this.hasQualifiedName("javax.xml.xpath", "XPathExpression") } + XPathExpression() { this.hasQualifiedName(javaxOrJakarta() + ".xml.xpath", "XPathExpression") } } /** The interface `java.xml.xpath.XPath`. */ class XPath extends Interface { - XPath() { this.hasQualifiedName("javax.xml.xpath", "XPath") } + XPath() { this.hasQualifiedName(javaxOrJakarta() + ".xml.xpath", "XPath") } } /** A call to the method `evaluate` of the classes `XPathExpression` or `XPath`. */ diff --git a/java/ql/lib/semmle/code/java/security/XsltInjection.qll b/java/ql/lib/semmle/code/java/security/XsltInjection.qll index d54e9206644..a6b18e1518f 100644 --- a/java/ql/lib/semmle/code/java/security/XsltInjection.qll +++ b/java/ql/lib/semmle/code/java/security/XsltInjection.qll @@ -163,17 +163,17 @@ private predicate xsltPackageStep(DataFlow::Node n1, DataFlow::Node n2) { /** The class `javax.xml.transform.stax.StAXSource`. */ private class TypeStAXSource extends Class { - TypeStAXSource() { this.hasQualifiedName("javax.xml.transform.stax", "StAXSource") } + TypeStAXSource() { this.hasQualifiedName(javaxOrJakarta() + ".xml.transform.stax", "StAXSource") } } /** The class `javax.xml.transform.dom.DOMSource`. */ private class TypeDomSource extends Class { - TypeDomSource() { this.hasQualifiedName("javax.xml.transform.dom", "DOMSource") } + TypeDomSource() { this.hasQualifiedName(javaxOrJakarta() + ".xml.transform.dom", "DOMSource") } } /** The interface `javax.xml.transform.Templates`. */ private class TypeTemplates extends Interface { - TypeTemplates() { this.hasQualifiedName("javax.xml.transform", "Templates") } + TypeTemplates() { this.hasQualifiedName(javaxOrJakarta() + ".xml.transform", "Templates") } } /** The class `net.sf.saxon.s9api.XsltCompiler`. */ @@ -205,7 +205,7 @@ private class DocumentBuilderParse extends MethodCall { /** The class `javax.xml.parsers.DocumentBuilder`. */ private class DocumentBuilder extends RefType { - DocumentBuilder() { this.hasQualifiedName("javax.xml.parsers", "DocumentBuilder") } + DocumentBuilder() { this.hasQualifiedName(javaxOrJakarta() + ".xml.parsers", "DocumentBuilder") } } /** A call to `XMLInputFactory.createXMLStreamReader`. */ @@ -232,5 +232,5 @@ private class XmlInputFactoryEventReader extends MethodCall { /** The class `javax.xml.stream.XMLInputFactory`. */ private class XmlInputFactory extends RefType { - XmlInputFactory() { this.hasQualifiedName("javax.xml.stream", "XMLInputFactory") } + XmlInputFactory() { this.hasQualifiedName(javaxOrJakarta() + ".xml.stream", "XMLInputFactory") } } diff --git a/java/ql/src/Compatibility/JDK9/JdkInternalAccess.ql b/java/ql/src/Compatibility/JDK9/JdkInternalAccess.ql index 9eddcb64a14..4bc0b99c3f5 100644 --- a/java/ql/src/Compatibility/JDK9/JdkInternalAccess.ql +++ b/java/ql/src/Compatibility/JDK9/JdkInternalAccess.ql @@ -115,8 +115,8 @@ predicate jdkPackage(Package p) { | pkgName = [ - "com.sun", "sun", "java", "javax", "com.oracle.net", "genstubs", "jdk", "build.tools", - "org.omg.CORBA", "org.ietf.jgss" + "com.sun", "sun", "java", javaxOrJakarta() + "", "com.oracle.net", "genstubs", "jdk", + "build.tools", "org.omg.CORBA", "org.ietf.jgss" ] ) } diff --git a/java/ql/src/Likely Bugs/Frameworks/Swing/BadlyOverriddenAdapter.ql b/java/ql/src/Likely Bugs/Frameworks/Swing/BadlyOverriddenAdapter.ql index 6a2db4b695f..34fd190ccf1 100644 --- a/java/ql/src/Likely Bugs/Frameworks/Swing/BadlyOverriddenAdapter.ql +++ b/java/ql/src/Likely Bugs/Frameworks/Swing/BadlyOverriddenAdapter.ql @@ -19,7 +19,7 @@ class Adapter extends Class { this.getName().matches("%Adapter") and ( this.getPackage().hasName("java.awt.event") or - this.getPackage().hasName("javax.swing.event") + this.getPackage().hasName(javaxOrJakarta() + ".swing.event") ) } } diff --git a/java/ql/src/Likely Bugs/Frameworks/Swing/ThreadSafety.ql b/java/ql/src/Likely Bugs/Frameworks/Swing/ThreadSafety.ql index 8d49cf1d59e..623470aefc1 100644 --- a/java/ql/src/Likely Bugs/Frameworks/Swing/ThreadSafety.ql +++ b/java/ql/src/Likely Bugs/Frameworks/Swing/ThreadSafety.ql @@ -15,7 +15,12 @@ import java from MethodCall ma, Method m, MainMethod main where - ma.getQualifier().getType().getCompilationUnit().getPackage().getName().matches("javax.swing%") and + ma.getQualifier() + .getType() + .getCompilationUnit() + .getPackage() + .getName() + .matches(javaxOrJakarta() + ".swing%") and ( m.hasName("show") and m.hasNoParameters() or diff --git a/java/ql/src/Security/CWE/CWE-1004/SensitiveCookieNotHttpOnly.ql b/java/ql/src/Security/CWE/CWE-1004/SensitiveCookieNotHttpOnly.ql index 494e851a533..08d622b576e 100644 --- a/java/ql/src/Security/CWE/CWE-1004/SensitiveCookieNotHttpOnly.ql +++ b/java/ql/src/Security/CWE/CWE-1004/SensitiveCookieNotHttpOnly.ql @@ -77,7 +77,9 @@ module MatchesHttpOnlyToRawHeaderFlow = TaintTracking::Global