Merge pull request #4031 from aibaars/hibernate

Add additional Hibernate SQL sinks

java/ql/src/semmle/code/java/frameworks/Hibernate.qll

@@ -4,20 +4,36 @@
 
 import java
 
+/** The interface `org.hibernate.query.QueryProducer`. */
+class HibernateQueryProducer extends RefType {
+  HibernateQueryProducer() { this.hasQualifiedName("org.hibernate.query", "QueryProducer") }
+}
+
+/** The interface `org.hibernate.SharedSessionContract`. */
+class HibernateSharedSessionContract extends RefType {
+  HibernateSharedSessionContract() {
+    this.hasQualifiedName("org.hibernate", "SharedSessionContract")
+  }
+}
+
 /** The interface `org.hibernate.Session`. */
 class HibernateSession extends RefType {
   HibernateSession() { this.hasQualifiedName("org.hibernate", "Session") }
 }
 
 /**
- * Holds if `m` is a method on `HibernateSession` taking an SQL string as its
- * first argument.
+ * Holds if `m` is a method on `HibernateQueryProducer`, or `HibernateSharedSessionContract`
+ * or `HibernateSession`, or a subclass, taking an SQL string as its first argument.
  */
 predicate hibernateSqlMethod(Method m) {
-  m.getDeclaringType() instanceof HibernateSession and
+  exists(RefType t |
+    t = m.getDeclaringType().getASourceSupertype*() and
+    (
+      t instanceof HibernateQueryProducer or
+      t instanceof HibernateSharedSessionContract or
+      t instanceof HibernateSession
+    )
+  ) and
   m.getParameterType(0) instanceof TypeString and
-  (
-    m.hasName("createQuery") or
-    m.hasName("createSQLQuery")
-  )
+  m.hasName(["createQuery", "createNativeQuery", "createSQLQuery"])
 }