Add Hibernate SQL injection sink tests

Agent-Logs-Url: https://github.com/github/codeql/sessions/2e7aecca-63ea-489f-8b87-4cc557655919 Co-authored-by: owen-mc <62447351+owen-mc@users.noreply.github.com>
2026-05-14 11:19:27 +02:00 · 2026-04-23 10:04:52 +00:00
parent 7b897add22
commit 081ad03b4b
6 changed files with 57 additions and 1 deletions
--- a/java/ql/test/query-tests/security/CWE-089/semmle/examples/Hibernate.java
+++ b/java/ql/test/query-tests/security/CWE-089/semmle/examples/Hibernate.java
@@ -0,0 +1,21 @@
+import org.hibernate.Session;
+import org.hibernate.SharedSessionContract;
+import org.hibernate.query.QueryProducer;
+
+public class Hibernate {
+
+  public static String source() { return null; }
+
+  public static void test(
+      Session session, SharedSessionContract sharedSessionContract, QueryProducer queryProducer) {
+    session.createQuery(source()); // $ sqlInjection
+    session.createSQLQuery(source()); // $ sqlInjection
+
+    sharedSessionContract.createQuery(source()); // $ sqlInjection
+    sharedSessionContract.createSQLQuery(source()); // $ sqlInjection
+
+    queryProducer.createNativeQuery(source()); // $ sqlInjection
+    queryProducer.createQuery(source()); // $ sqlInjection
+    queryProducer.createSQLQuery(source()); // $ sqlInjection
+  }
+}
--- a/java/ql/test/query-tests/security/CWE-089/semmle/examples/options
+++ b/java/ql/test/query-tests/security/CWE-089/semmle/examples/options
@@ -1 +1 @@
-//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../../stubs/mongodbClient:${testdir}/../../../../../stubs/couchbaseClient:${testdir}/../../../../../stubs/springframework-5.8.x:${testdir}/../../../../../stubs/apache-hive:${testdir}/../../../../../stubs/jakarta-persistence-api-3.2.0 --release 21
+//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../../stubs/mongodbClient:${testdir}/../../../../../stubs/couchbaseClient:${testdir}/../../../../../stubs/springframework-5.8.x:${testdir}/../../../../../stubs/apache-hive:${testdir}/../../../../../stubs/jakarta-persistence-api-3.2.0:${testdir}/../../../../../stubs/hibernate-5.x --release 21
--- a/java/ql/test/stubs/hibernate-5.x/org/hibernate/Session.java
+++ b/java/ql/test/stubs/hibernate-5.x/org/hibernate/Session.java
@@ -0,0 +1,10 @@
+package org.hibernate;
+
+import org.hibernate.query.Query;
+
+public interface Session extends SharedSessionContract {
+
+  Query createQuery(String queryString);
+
+  Query createSQLQuery(String queryString);
+}
--- a/java/ql/test/stubs/hibernate-5.x/org/hibernate/SharedSessionContract.java
+++ b/java/ql/test/stubs/hibernate-5.x/org/hibernate/SharedSessionContract.java
@@ -0,0 +1,11 @@
+package org.hibernate;
+
+import org.hibernate.query.Query;
+import org.hibernate.query.QueryProducer;
+
+public interface SharedSessionContract extends QueryProducer {
+
+  Query createQuery(String queryString);
+
+  Query createSQLQuery(String queryString);
+}
--- a/java/ql/test/stubs/hibernate-5.x/org/hibernate/query/Query.java
+++ b/java/ql/test/stubs/hibernate-5.x/org/hibernate/query/Query.java
@@ -0,0 +1,4 @@
+package org.hibernate.query;
+
+public interface Query {
+}
--- a/java/ql/test/stubs/hibernate-5.x/org/hibernate/query/QueryProducer.java
+++ b/java/ql/test/stubs/hibernate-5.x/org/hibernate/query/QueryProducer.java
@@ -0,0 +1,10 @@
+package org.hibernate.query;
+
+public interface QueryProducer {
+
+  Query createNativeQuery(String sqlString);
+
+  Query createQuery(String queryString);
+
+  Query createSQLQuery(String queryString);
+}