CodeQL config for detecting Jakarta EL injections, see https://github.com/github/codeql/pull/5471 for details

JakartaExpressionInjectionConfig.ql

class JakartaExpressionInjectionConfig extends TaintTracking::Configuration {
  JakartaExpressionInjectionConfig() { this = "JakartaExpressionInjectionConfig" }

  override predicate isSource(DataFlow::Node source) { source instanceof RemoteFlowSource }

  override predicate isSink(DataFlow::Node sink) { sink instanceof ExpressionEvaluationSink }

  override predicate isAdditionalTaintStep(DataFlow::Node fromNode, DataFlow::Node toNode) {
    any(TaintPropagatingCall c).taintFlow(fromNode, toNode) or
    hasGetterFlow(fromNode, toNode)
  }
}