diff --git a/java/ql/lib/ext/org.hibernate.query.model.yml b/java/ql/lib/ext/org.hibernate.query.model.yml index bb6232c1fcd..5eccefd0dfa 100644 --- a/java/ql/lib/ext/org.hibernate.query.model.yml +++ b/java/ql/lib/ext/org.hibernate.query.model.yml @@ -4,5 +4,8 @@ extensions: extensible: sinkModel data: - ["org.hibernate.query", "QueryProducer", True, "createNativeQuery", "", "", "Argument[0]", "sql-injection", "manual"] + - ["org.hibernate.query", "QueryProducer", True, "createNativeMutationQuery", "", "", "Argument[0]", "sql-injection", "manual"] - ["org.hibernate.query", "QueryProducer", True, "createQuery", "", "", "Argument[0]", "sql-injection", "manual"] + - ["org.hibernate.query", "QueryProducer", True, "createMutationQuery", "", "", "Argument[0]", "sql-injection", "manual"] + - ["org.hibernate.query", "QueryProducer", True, "createSelectionQuery", "", "", "Argument[0]", "sql-injection", "manual"] - ["org.hibernate.query", "QueryProducer", True, "createSQLQuery", "", "", "Argument[0]", "sql-injection", "manual"] diff --git a/java/ql/test/query-tests/security/CWE-089/semmle/examples/Hibernate.java b/java/ql/test/query-tests/security/CWE-089/semmle/examples/Hibernate.java index c681b17d987..ae61f60e0d0 100644 --- a/java/ql/test/query-tests/security/CWE-089/semmle/examples/Hibernate.java +++ b/java/ql/test/query-tests/security/CWE-089/semmle/examples/Hibernate.java @@ -15,7 +15,11 @@ public class Hibernate { sharedSessionContract.createSQLQuery(source()); // $ sqlInjection queryProducer.createNativeQuery(source()); // $ sqlInjection + queryProducer.createNativeMutationQuery(source()); // $ sqlInjection queryProducer.createQuery(source()); // $ sqlInjection + queryProducer.createMutationQuery(source()); // $ sqlInjection + queryProducer.createSelectionQuery(source()); // $ sqlInjection + queryProducer.createSelectionQuery(source(), Object.class); // $ sqlInjection queryProducer.createSQLQuery(source()); // $ sqlInjection } } diff --git a/java/ql/test/stubs/hibernate-5.x/org/hibernate/query/MutationQuery.java b/java/ql/test/stubs/hibernate-5.x/org/hibernate/query/MutationQuery.java new file mode 100644 index 00000000000..cb7004932e0 --- /dev/null +++ b/java/ql/test/stubs/hibernate-5.x/org/hibernate/query/MutationQuery.java @@ -0,0 +1,4 @@ +package org.hibernate.query; + +public interface MutationQuery { +} diff --git a/java/ql/test/stubs/hibernate-5.x/org/hibernate/query/QueryProducer.java b/java/ql/test/stubs/hibernate-5.x/org/hibernate/query/QueryProducer.java index cfb3879422a..364dc30dd63 100644 --- a/java/ql/test/stubs/hibernate-5.x/org/hibernate/query/QueryProducer.java +++ b/java/ql/test/stubs/hibernate-5.x/org/hibernate/query/QueryProducer.java @@ -4,7 +4,15 @@ public interface QueryProducer { Query createNativeQuery(String sqlString); + MutationQuery createNativeMutationQuery(String sqlString); + Query createQuery(String queryString); + MutationQuery createMutationQuery(String hqlString); + + SelectionQuery createSelectionQuery(String hqlString); + + SelectionQuery createSelectionQuery(String hqlString, Class resultType); + Query createSQLQuery(String queryString); } diff --git a/java/ql/test/stubs/hibernate-5.x/org/hibernate/query/SelectionQuery.java b/java/ql/test/stubs/hibernate-5.x/org/hibernate/query/SelectionQuery.java new file mode 100644 index 00000000000..9eb9fddf596 --- /dev/null +++ b/java/ql/test/stubs/hibernate-5.x/org/hibernate/query/SelectionQuery.java @@ -0,0 +1,4 @@ +package org.hibernate.query; + +public interface SelectionQuery { +}