Removed TaintedSpringRequestBody

Author: artem-smotrakov

java/ql/src/experimental/Security/CWE/CWE-094/JexlInjectionLib.qll

@@ -10,10 +10,7 @@ import semmle.code.java.dataflow.TaintTracking
 class JexlInjectionConfig extends TaintTracking::Configuration {
   JexlInjectionConfig() { this = "JexlInjectionConfig" }
 
-  override predicate isSource(DataFlow::Node source) {
-    source instanceof TaintedSpringRequestBody or
-    source instanceof RemoteFlowSource
-  }
+  override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }
 
   override predicate isSink(DataFlow::Node sink) { sink instanceof JexlEvaluationSink }
 
@@ -23,16 +20,6 @@ class JexlInjectionConfig extends TaintTracking::Configuration {
   }
 }
 
-/**
- * A data flow source for parameters that have
- * a Spring framework annotation indicating remote user input from servlets.
- */
-private class TaintedSpringRequestBody extends DataFlow::Node {
-  TaintedSpringRequestBody() {
-    this.asParameter().getAnAnnotation() instanceof SpringServletInputAnnotation
-  }
-}
-
 /**
  * A sink for Expresssion Language injection vulnerabilities via Jexl,
  * i.e. method calls that run evaluation of a JEXL expression.

java/ql/test/experimental/query-tests/security/CWE-094/Jexl3Injection.java

@@ -6,10 +6,12 @@
 import org.apache.commons.jexl3.*;
 import org.springframework.http.HttpStatus;
 import org.springframework.http.ResponseEntity;
+import org.springframework.stereotype.Controller;
 import org.springframework.web.bind.annotation.PathVariable;
 import org.springframework.web.bind.annotation.PostMapping;
 import org.springframework.web.bind.annotation.RequestBody;
 
+@Controller
 public class Jexl3Injection {
 
     private static void runJexlExpression(String jexlExpr) {