Fix places which already dealt with both javax and jakarta

Author: owen-mc

java/ql/lib/semmle/code/java/frameworks/JaxWS.qll

@@ -13,7 +13,7 @@ private import semmle.code.java.security.XSS
 /**
  * Gets a name for the root package of JAX-RS.
  */
-string getAJaxRsPackage() { result in [javaxOrJakarta() + ".ws.rs", "jakarta.ws.rs"] }
+string getAJaxRsPackage() { result in [javaxOrJakarta() + ".ws.rs"] }
 
 /**
  * Gets a name for package `subpackage` within the JAX-RS hierarchy.
@@ -42,7 +42,7 @@ class JaxWsEndpoint extends Class {
     result.isPublic() and
     not result instanceof InitializerMethod and
     not exists(Annotation a | a = result.getAnAnnotation() |
-      a.getType().hasQualifiedName([javaxOrJakarta() + "", "jakarta"] + ".jws", "WebMethod") and
+      a.getType().hasQualifiedName(javaxOrJakarta() + ".jws", "WebMethod") and
       a.getValue("exclude").(BooleanLiteral).getBooleanValue() = true
     ) and
     forex(ParamOrReturn paramOrRet | paramOrRet = result.getAParameter() or paramOrRet = result |
@@ -62,8 +62,7 @@ class JaxWsEndpoint extends Class {
 /** The annotation type `@XmlJavaTypeAdapter`. */
 class XmlJavaTypeAdapter extends AnnotationType {
   XmlJavaTypeAdapter() {
-    this.hasQualifiedName([javaxOrJakarta() + "", "jakarta"] + ".xml.bind.annotation.adapters",
-      "XmlJavaTypeAdapter")
+    this.hasQualifiedName(javaxOrJakarta() + ".xml.bind.annotation.adapters", "XmlJavaTypeAdapter")
   }
 }
 
@@ -292,9 +291,7 @@ class JaxRSAnnotation extends Annotation {
   JaxRSAnnotation() {
     exists(AnnotationType a |
       a = this.getType() and
-      a.getPackage()
-          .getName()
-          .regexpMatch([javaxOrJakarta() + "\\.ws\\.rs(\\..*)?", "jakarta\\.ws\\.rs(\\..*)?"])
+      a.getPackage().getName().regexpMatch(javaxOrJakarta() + "\\.ws\\.rs(\\..*)?")
     )
   }
 }

java/ql/lib/semmle/code/java/frameworks/Jms.qll

@@ -7,6 +7,6 @@ import java
 /** The method `ObjectMessage.getObject`. */
 class ObjectMessageGetObjectMethod extends Method {
   ObjectMessageGetObjectMethod() {
-    this.hasQualifiedName([javaxOrJakarta() + "", "jakarta"] + ".jms", "ObjectMessage", "getObject")
+    this.hasQualifiedName(javaxOrJakarta() + ".jms", "ObjectMessage", "getObject")
   }
 }

java/ql/lib/semmle/code/java/frameworks/Mail.qll

@@ -8,7 +8,7 @@ import java
  * The class `javax.mail.Session` or `jakarta.mail.Session`.
  */
 class MailSession extends Class {
-  MailSession() { this.hasQualifiedName([javaxOrJakarta() + ".mail", "jakarta.mail"], "Session") }
+  MailSession() { this.hasQualifiedName(javaxOrJakarta() + ".mail", "Session") }
 }
 
 /**

java/ql/lib/semmle/code/java/frameworks/Servlets.qll

@@ -377,7 +377,7 @@ predicate isRequestGetParamMethod(MethodCall ma) {
 /** The Java EE RequestDispatcher. */
 class RequestDispatcher extends RefType {
   RequestDispatcher() {
-    this.hasQualifiedName([javaxOrJakarta() + ".servlet", "jakarta.servlet"], "RequestDispatcher") or
+    this.hasQualifiedName(javaxOrJakarta() + ".servlet", "RequestDispatcher") or
     this.hasQualifiedName(javaxOrJakarta() + ".portlet", "PortletRequestDispatcher")
   }
 }

java/ql/lib/semmle/code/java/frameworks/javaee/Persistence.qll

@@ -9,9 +9,7 @@ import java
 /**
  * Gets a JavaEE Persistence API package name.
  */
-string getAPersistencePackageName() {
-  result = [javaxOrJakarta() + ".persistence", "jakarta.persistence"]
-}
+string getAPersistencePackageName() { result = javaxOrJakarta() + ".persistence" }
 
 /**
  * A `RefType` with the `@Entity` annotation that indicates that it can be persisted using a JPA

java/ql/lib/semmle/code/java/frameworks/javaee/jsf/JSFRenderer.qll

@@ -8,10 +8,7 @@ import java
  * The JSF class `FacesContext` for processing HTTP requests.
  */
 class FacesContext extends RefType {
-  FacesContext() {
-    this.hasQualifiedName([javaxOrJakarta() + ".faces.context", "jakarta.faces.context"],
-      "FacesContext")
-  }
+  FacesContext() { this.hasQualifiedName(javaxOrJakarta() + ".faces.context", "FacesContext") }
 }
 
 /**

java/ql/src/Security/CWE/CWE-1004/SensitiveCookieNotHttpOnly.ql

@@ -145,8 +145,7 @@ class CookieResponseWithoutHttpOnlySink extends DataFlow::ExprNode {
 
 /** Holds if `cie` is an invocation of a JAX-RS `NewCookie` constructor that sets `HttpOnly` to true. */
 predicate setsHttpOnlyInNewCookie(ClassInstanceExpr cie) {
-  cie.getConstructedType()
-      .hasQualifiedName([javaxOrJakarta() + ".ws.rs.core", "jakarta.ws.rs.core"], "NewCookie") and
+  cie.getConstructedType().hasQualifiedName(javaxOrJakarta() + ".ws.rs.core", "NewCookie") and
   (
     cie.getNumArgument() = 6 and
     mayBeBooleanTrue(cie.getArgument(5)) // NewCookie(Cookie cookie, String comment, int maxAge, Date expiry, boolean secure, boolean httpOnly)

java/ql/src/experimental/Security/CWE/CWE-094/JakartaExpressionInjectionLib.qll

@@ -89,7 +89,7 @@ private class TaintPropagatingCall extends Call {
 }
 
 private class JakartaType extends RefType {
-  JakartaType() { this.getPackage().hasName([javaxOrJakarta() + ".el", "jakarta.el"]) }
+  JakartaType() { this.getPackage().hasName(javaxOrJakarta() + ".el") }
 }
 
 private class ELProcessor extends JakartaType {

java/ql/src/experimental/Security/CWE/CWE-400/LocalThreadResourceAbuse.ql

@@ -21,12 +21,11 @@ class GetInitParameter extends Method {
     (
       this.getDeclaringType()
           .getAnAncestor()
-          .hasQualifiedName([javaxOrJakarta() + ".servlet", "jakarta.servlet"],
+          .hasQualifiedName(javaxOrJakarta() + ".servlet",
             ["FilterConfig", "Registration", "ServletConfig", "ServletContext"]) or
       this.getDeclaringType()
           .getAnAncestor()
-          .hasQualifiedName([javaxOrJakarta() + ".faces.context", "jakarta.faces.context"],
-            "ExternalContext")
+          .hasQualifiedName(javaxOrJakarta() + ".faces.context", "ExternalContext")
     ) and
     this.getName() = "getInitParameter"
   }

java/ql/src/experimental/semmle/code/java/frameworks/Jsf.qll

@@ -10,8 +10,7 @@ import java
  */
 class ExternalContext extends RefType {
   ExternalContext() {
-    this.hasQualifiedName([javaxOrJakarta() + ".faces.context", "jakarta.faces.context"],
-      "ExternalContext")
+    this.hasQualifiedName(javaxOrJakarta() + ".faces.context", "ExternalContext")
   }
 }