jorgectf
diff --git a/‎java/ql/src/experimental/Security/CWE/CWE-094/JexlInjection.qhelp renamed to ‎java/ql/src/Security/CWE/CWE-094/JexlInjection.qhelp b/‎java/ql/src/experimental/Security/CWE/CWE-094/JexlInjection.qhelp renamed to ‎java/ql/src/Security/CWE/CWE-094/JexlInjection.qhelp
diff --git a/‎java/ql/src/experimental/Security/CWE/CWE-094/JexlInjection.ql renamed to ‎java/ql/src/Security/CWE/CWE-094/JexlInjection.ql
Lines changed: 4 additions & 3 deletions b/‎java/ql/src/experimental/Security/CWE/CWE-094/JexlInjection.ql renamed to ‎java/ql/src/Security/CWE/CWE-094/JexlInjection.ql
Lines changed: 4 additions & 3 deletions
diff --git a/‎java/ql/src/experimental/Security/CWE/CWE-094/JexlInjectionLib.qll renamed to ‎java/ql/src/Security/CWE/CWE-094/JexlInjectionLib.qll b/‎java/ql/src/experimental/Security/CWE/CWE-094/JexlInjectionLib.qll renamed to ‎java/ql/src/Security/CWE/CWE-094/JexlInjectionLib.qll
diff --git a/‎java/ql/test/experimental/query-tests/security/CWE-094/JexlInjection.qlref
Lines changed: 0 additions & 1 deletion b/‎java/ql/test/experimental/query-tests/security/CWE-094/JexlInjection.qlref
Lines changed: 0 additions & 1 deletion
diff --git a/‎java/ql/test/experimental/query-tests/security/CWE-094/options
Lines changed: 1 addition & 1 deletion b/‎java/ql/test/experimental/query-tests/security/CWE-094/options
Lines changed: 1 addition & 1 deletion
diff --git a/‎java/ql/test/experimental/query-tests/security/CWE-094/Jexl2Injection.java renamed to ‎java/ql/test/query-tests/security/CWE-094/Jexl2Injection.java b/‎java/ql/test/experimental/query-tests/security/CWE-094/Jexl2Injection.java renamed to ‎java/ql/test/query-tests/security/CWE-094/Jexl2Injection.java
diff --git a/‎java/ql/test/experimental/query-tests/security/CWE-094/Jexl3Injection.java renamed to ‎java/ql/test/query-tests/security/CWE-094/Jexl3Injection.java b/‎java/ql/test/experimental/query-tests/security/CWE-094/Jexl3Injection.java renamed to ‎java/ql/test/query-tests/security/CWE-094/Jexl3Injection.java
diff --git a/‎java/ql/test/experimental/query-tests/security/CWE-094/JexlInjection.expected renamed to ‎java/ql/test/query-tests/security/CWE-094/JexlInjection.expected b/‎java/ql/test/experimental/query-tests/security/CWE-094/JexlInjection.expected renamed to ‎java/ql/test/query-tests/security/CWE-094/JexlInjection.expected
diff --git a/‎java/ql/test/query-tests/security/CWE-094/JexlInjection.qlref
Lines changed: 1 addition & 0 deletions b/‎java/ql/test/query-tests/security/CWE-094/JexlInjection.qlref
Lines changed: 1 addition & 0 deletions
diff --git a/‎java/ql/test/experimental/query-tests/security/CWE-094/SandboxedJexl2.java renamed to ‎java/ql/test/query-tests/security/CWE-094/SandboxedJexl2.java b/‎java/ql/test/experimental/query-tests/security/CWE-094/SandboxedJexl2.java renamed to ‎java/ql/test/query-tests/security/CWE-094/SandboxedJexl2.java
@@ -13,7 +13,8 @@
 import java
 import JexlInjectionLib
 import DataFlow::PathGraph
-import FlowUtils
+import semmle.code.java.dataflow.FlowSources
+//import FlowUtils
 
 /**
  * A taint-tracking configuration for unsafe user input
@@ -28,8 +29,8 @@ class JexlInjectionConfig extends TaintTracking::Configuration {
   override predicate isSink(DataFlow::Node sink) { sink instanceof JexlEvaluationSink }
 
   override predicate isAdditionalTaintStep(DataFlow::Node node1, DataFlow::Node node2) {
-    any(JexlInjectionAdditionalTaintStep c).step(node1, node2) or
-    hasGetterFlow(node1, node2)
+    any(JexlInjectionAdditionalTaintStep c).step(node1, node2) /*or
+    hasGetterFlow(node1, node2)*/
   }
 }
 
 
@@ -1,2 +1,2 @@
-//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../stubs/springframework-5.2.3:${testdir}/../../../../stubs/mvel2-2.4.7:${testdir}/../../../../stubs/jsr223-api:${testdir}/../../../../stubs/apache-commons-jexl-2.1.1:${testdir}/../../../../stubs/apache-commons-jexl-3.1:${testdir}/../../../../stubs/scriptengine:${testdir}/../../../../stubs/java-ee-el:${testdir}/../../../../stubs/juel-2.2:${testdir}/../../../stubs/groovy-all-3.0.7:${testdir}/../../../../stubs/servlet-api-2.4:${testdir}/../../../../stubs/apache-commons-logging-1.2
+//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../stubs/springframework-5.2.3:${testdir}/../../../../stubs/mvel2-2.4.7:${testdir}/../../../../stubs/jsr223-api:${testdir}/../../../../stubs/scriptengine:${testdir}/../../../../stubs/java-ee-el:${testdir}/../../../../stubs/juel-2.2:${testdir}/../../../stubs/groovy-all-3.0.7:${testdir}/../../../../stubs/servlet-api-2.4
 
@@ -0,0 +1 @@
+Security/CWE/CWE-094/JexlInjection.ql
Original file line number	Diff line number	Diff line change
`@@ -1,2 +1,2 @@`
`1`		-//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../stubs/springframework-5.2.3:${testdir}/../../../../stubs/mvel2-2.4.7:${testdir}/../../../../stubs/jsr223-api:${testdir}/../../../../stubs/apache-commons-jexl-2.1.1:${testdir}/../../../../stubs/apache-commons-jexl-3.1:${testdir}/../../../../stubs/scriptengine:${testdir}/../../../../stubs/java-ee-el:${testdir}/../../../../stubs/juel-2.2:${testdir}/../../../stubs/groovy-all-3.0.7:${testdir}/../../../../stubs/servlet-api-2.4:${testdir}/../../../../stubs/apache-commons-logging-1.2
	`1`	`+//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../stubs/springframework-5.2.3:${testdir}/../../../../stubs/mvel2-2.4.7:${testdir}/../../../../stubs/jsr223-api:${testdir}/../../../../stubs/scriptengine:${testdir}/../../../../stubs/java-ee-el:${testdir}/../../../../stubs/juel-2.2:${testdir}/../../../stubs/groovy-all-3.0.7:${testdir}/../../../../stubs/servlet-api-2.4`
`2`	`2`