Fix JAX-RS models

owen-mc · owen-mc · commit 2b8bb5c23134 · 2021-06-10T10:43:35.000+01:00
diff --git a/java/ql/src/semmle/code/java/frameworks/JaxWS.qll b/java/ql/src/semmle/code/java/frameworks/JaxWS.qll
@@ -178,12 +178,14 @@ class JaxRsResourceClass extends Class {
   }
 }
 
-/** An annotation from the `javax.ws.rs` package hierarchy. */
+/**
+ * An annotation from the `javax.ws.rs` or `jakarta.ws.rs` package hierarchy.
+ */
 class JaxRSAnnotation extends Annotation {
   JaxRSAnnotation() {
     exists(AnnotationType a |
       a = this.getType() and
-      a.getPackage().getName().regexpMatch("javax\\.ws\\.rs(\\..*)?")
+      a.getPackage().getName().regexpMatch(["javax\\.ws\\.rs(\\..*)?", "jakarta\\.ws\\.rs(\\..*)?"])
     )
   }
 }
@@ -264,7 +266,7 @@ class MessageBodyReader extends GenericInterface {
  */
 class MessageBodyReaderReadFrom extends Method {
   MessageBodyReaderReadFrom() {
-    this.getDeclaringType() instanceof MessageBodyReader and
+    this.getDeclaringType().(RefType).getSourceDeclaration() instanceof MessageBodyReader and
     this.hasName("readFrom")
   }
 }
@@ -504,9 +506,11 @@ private class FormModel extends SummaryModelCsv {
   override predicate row(string row) {
     row =
       [
+        "javax.ws.rs.core;Form;false;Form;;;Argument;Argument[-1];taint",
         "javax.ws.rs.core;Form;true;asMap;;;Argument[-1];ReturnValue;taint",
         "javax.ws.rs.core;Form;true;param;;;Argument;Argument[-1];taint",
         "javax.ws.rs.core;Form;true;param;;;Argument[-1];ReturnValue;value",
+        "jakarta.ws.rs.core;Form;false;Form;;;Argument;Argument[-1];taint",
         "jakarta.ws.rs.core;Form;true;asMap;;;Argument[-1];ReturnValue;taint",
         "jakarta.ws.rs.core;Form;true;param;;;Argument;Argument[-1];taint",
         "jakarta.ws.rs.core;Form;true;param;;;Argument[-1];ReturnValue;value"

Original file line number	Diff line number	Diff line change
`@@ -178,12 +178,14 @@ class JaxRsResourceClass extends Class {`
`178`	`178`	`}`
`179`	`179`	`}`
`180`	`180`
`181`		-/** An annotation from the `javax.ws.rs` package hierarchy. */
	`181`	`+/**`
	`182`	+ * An annotation from the `javax.ws.rs` or `jakarta.ws.rs` package hierarchy.
	`183`	`+ */`
`182`	`184`	`class JaxRSAnnotation extends Annotation {`
`183`	`185`	`JaxRSAnnotation() {`
`184`	`186`	`exists(AnnotationType a \|`
`185`	`187`	`a = this.getType() and`
`186`		`- a.getPackage().getName().regexpMatch("javax\\.ws\\.rs(\\..*)?")`
	`188`	`+ a.getPackage().getName().regexpMatch(["javax\\.ws\\.rs(\\..)?", "jakarta\\.ws\\.rs(\\..)?"])`
`187`	`189`	`)`
`188`	`190`	`}`
`189`	`191`	`}`
`@@ -264,7 +266,7 @@ class MessageBodyReader extends GenericInterface {`
`264`	`266`	`*/`
`265`	`267`	`class MessageBodyReaderReadFrom extends Method {`
`266`	`268`	`MessageBodyReaderReadFrom() {`
`267`		`- this.getDeclaringType() instanceof MessageBodyReader and`
	`269`	`+ this.getDeclaringType().(RefType).getSourceDeclaration() instanceof MessageBodyReader and`
`268`	`270`	`this.hasName("readFrom")`
`269`	`271`	`}`
`270`	`272`	`}`
`@@ -504,9 +506,11 @@ private class FormModel extends SummaryModelCsv {`
`504`	`506`	`override predicate row(string row) {`
`505`	`507`	`row =`
`506`	`508`	`[`
	`509`	`+ "javax.ws.rs.core;Form;false;Form;;;Argument;Argument[-1];taint",`
`507`	`510`	`"javax.ws.rs.core;Form;true;asMap;;;Argument[-1];ReturnValue;taint",`
`508`	`511`	`"javax.ws.rs.core;Form;true;param;;;Argument;Argument[-1];taint",`
`509`	`512`	`"javax.ws.rs.core;Form;true;param;;;Argument[-1];ReturnValue;value",`
	`513`	`+ "jakarta.ws.rs.core;Form;false;Form;;;Argument;Argument[-1];taint",`
`510`	`514`	`"jakarta.ws.rs.core;Form;true;asMap;;;Argument[-1];ReturnValue;taint",`
`511`	`515`	`"jakarta.ws.rs.core;Form;true;param;;;Argument;Argument[-1];taint",`
`512`	`516`	`"jakarta.ws.rs.core;Form;true;param;;;Argument[-1];ReturnValue;value"`