From f79d2e06f90cadb82da04424f9456f5e6fb20a9a Mon Sep 17 00:00:00 2001
From: Tony Torralba <atorralba@users.noreply.github.com>
Date: Tue, 4 May 2021 11:29:09 +0200
Subject: [PATCH] Fix failing checks

---
 java/change-notes/2021-05-04-jexl-injection-query.md            | 2 ++
 .../CWE/CWE-094/SaferJexlExpressionEvaluationWithSandbox.java   | 0
 .../SaferJexlExpressionEvaluationWithUberspectSandbox.java      | 0
 .../Security/CWE/CWE-094/UnsafeJexlExpressionEvaluation.java    | 0
 java/ql/src/semmle/code/java/security/JexlInjection.qll         | 2 ++
 5 files changed, 4 insertions(+)
 create mode 100644 java/change-notes/2021-05-04-jexl-injection-query.md
 rename java/ql/src/{experimental => }/Security/CWE/CWE-094/SaferJexlExpressionEvaluationWithSandbox.java (100%)
 rename java/ql/src/{experimental => }/Security/CWE/CWE-094/SaferJexlExpressionEvaluationWithUberspectSandbox.java (100%)
 rename java/ql/src/{experimental => }/Security/CWE/CWE-094/UnsafeJexlExpressionEvaluation.java (100%)

diff --git a/java/change-notes/2021-05-04-jexl-injection-query.md b/java/change-notes/2021-05-04-jexl-injection-query.md
new file mode 100644
index 00000000000..4dad3c4a8f9
--- /dev/null
+++ b/java/change-notes/2021-05-04-jexl-injection-query.md
@@ -0,0 +1,2 @@
+lgtm,codescanning
+* The query "Expression language injection (JEXL)" (`java/jexl-expression-injection`) has been promoted from experimental to the main query pack. Its results will now appear by default. This query was originally [submitted as an experimental query by @artem-smotrakov](https://github.com/github/codeql/pull/4965)
\ No newline at end of file
diff --git a/java/ql/src/experimental/Security/CWE/CWE-094/SaferJexlExpressionEvaluationWithSandbox.java b/java/ql/src/Security/CWE/CWE-094/SaferJexlExpressionEvaluationWithSandbox.java
similarity index 100%
rename from java/ql/src/experimental/Security/CWE/CWE-094/SaferJexlExpressionEvaluationWithSandbox.java
rename to java/ql/src/Security/CWE/CWE-094/SaferJexlExpressionEvaluationWithSandbox.java
diff --git a/java/ql/src/experimental/Security/CWE/CWE-094/SaferJexlExpressionEvaluationWithUberspectSandbox.java b/java/ql/src/Security/CWE/CWE-094/SaferJexlExpressionEvaluationWithUberspectSandbox.java
similarity index 100%
rename from java/ql/src/experimental/Security/CWE/CWE-094/SaferJexlExpressionEvaluationWithUberspectSandbox.java
rename to java/ql/src/Security/CWE/CWE-094/SaferJexlExpressionEvaluationWithUberspectSandbox.java
diff --git a/java/ql/src/experimental/Security/CWE/CWE-094/UnsafeJexlExpressionEvaluation.java b/java/ql/src/Security/CWE/CWE-094/UnsafeJexlExpressionEvaluation.java
similarity index 100%
rename from java/ql/src/experimental/Security/CWE/CWE-094/UnsafeJexlExpressionEvaluation.java
rename to java/ql/src/Security/CWE/CWE-094/UnsafeJexlExpressionEvaluation.java
diff --git a/java/ql/src/semmle/code/java/security/JexlInjection.qll b/java/ql/src/semmle/code/java/security/JexlInjection.qll
index 448c1f3cdb5..d36fa0aad9b 100644
--- a/java/ql/src/semmle/code/java/security/JexlInjection.qll
+++ b/java/ql/src/semmle/code/java/security/JexlInjection.qll
@@ -1,3 +1,5 @@
+/** Provides classes to reason about Expression Langauge (JEXL) injection vulnerabilities. */
+
 import java
 import semmle.code.java.dataflow.TaintTracking
 private import semmle.code.java.dataflow.ExternalFlow