Detecting Jakarta Expression Language injections with CodeQL

How to use CodeQL to find EL injections and fix them

Recently I wrote a post about detecting JEXL injections with CodeQL. JEXL is a library that provides an interpreter for a simple expression language (EL). This time, I’ll talk about injections with Jakarta Expression Language, and how they can be found with CodeQL.