Java: Add unit test for ldap injection.

2026-04-29 18:55:14 +02:00 · 2020-01-29 11:37:33 +01:00
parent bbcfbd7a28
commit 9391058363
46 changed files with 859 additions and 0 deletions
--- a/java/ql/test/query-tests/security/CWE-090/LdapInjection.expected
+++ b/java/ql/test/query-tests/security/CWE-090/LdapInjection.expected
@@ -0,0 +1,231 @@
+edges
+| LdapInjection.java:41:28:41:52 | jBad : String | LdapInjection.java:43:38:43:57 | ... + ... |
+| LdapInjection.java:41:55:41:81 | jBadDN : String | LdapInjection.java:43:16:43:35 | ... + ... |
+| LdapInjection.java:46:28:46:52 | jBad : String | LdapInjection.java:48:56:48:75 | ... + ... |
+| LdapInjection.java:46:55:46:85 | jBadDNName : String | LdapInjection.java:48:16:48:53 | new LdapName(...) |
+| LdapInjection.java:51:28:51:52 | jBad : String | LdapInjection.java:53:63:53:82 | ... + ... |
+| LdapInjection.java:56:28:56:59 | jBadInitial : String | LdapInjection.java:58:29:58:55 | ... + ... |
+| LdapInjection.java:61:28:61:52 | jBad : String | LdapInjection.java:63:84:63:103 | ... + ... |
+| LdapInjection.java:61:55:61:88 | jBadDNNameAdd : String | LdapInjection.java:63:16:63:81 | addAll(...) |
+| LdapInjection.java:66:28:66:52 | jBad : String | LdapInjection.java:70:47:70:66 | ... + ... |
+| LdapInjection.java:66:55:66:89 | jBadDNNameAdd2 : String | LdapInjection.java:70:16:70:44 | addAll(...) |
+| LdapInjection.java:73:28:73:52 | jBad : String | LdapInjection.java:75:75:75:94 | ... + ... |
+| LdapInjection.java:73:55:73:93 | jBadDNNameToString : String | LdapInjection.java:75:16:75:72 | toString(...) |
+| LdapInjection.java:78:28:78:52 | jBad : String | LdapInjection.java:80:76:80:95 | ... + ... |
+| LdapInjection.java:78:55:78:90 | jBadDNNameClone : String | LdapInjection.java:80:16:80:73 | (...)... |
+| LdapInjection.java:92:31:92:55 | uBad : String | LdapInjection.java:94:67:94:86 | ... + ... |
+| LdapInjection.java:92:58:92:84 | uBadDN : String | LdapInjection.java:94:20:94:39 | ... + ... |
+| LdapInjection.java:97:31:97:67 | uBadFilterCreate : String | LdapInjection.java:98:58:98:88 | create(...) |
+| LdapInjection.java:101:31:101:70 | uBadROSearchRequest : String | LdapInjection.java:105:14:105:14 | s |
+| LdapInjection.java:101:73:101:103 | uBadROSRDN : String | LdapInjection.java:105:14:105:14 | s |
+| LdapInjection.java:108:31:108:68 | uBadSearchRequest : String | LdapInjection.java:112:14:112:14 | s |
+| LdapInjection.java:108:71:108:99 | uBadSRDN : String | LdapInjection.java:112:14:112:14 | s |
+| LdapInjection.java:115:31:115:55 | uBad : String | LdapInjection.java:117:69:117:88 | ... + ... |
+| LdapInjection.java:115:58:115:87 | uBadDNSFR : String | LdapInjection.java:117:22:117:44 | ... + ... |
+| LdapInjection.java:120:31:120:75 | uBadROSearchRequestAsync : String | LdapInjection.java:124:19:124:19 | s |
+| LdapInjection.java:120:78:120:113 | uBadROSRDNAsync : String | LdapInjection.java:124:19:124:19 | s |
+| LdapInjection.java:127:31:127:73 | uBadSearchRequestAsync : String | LdapInjection.java:131:19:131:19 | s |
+| LdapInjection.java:127:76:127:109 | uBadSRDNAsync : String | LdapInjection.java:131:19:131:19 | s |
+| LdapInjection.java:134:31:134:70 | uBadFilterCreateNOT : String | LdapInjection.java:135:58:135:115 | createNOTFilter(...) |
+| LdapInjection.java:142:32:142:82 | uBadFilterCreateToStringBuffer : String | LdapInjection.java:145:58:145:69 | toString(...) |
+| LdapInjection.java:148:32:148:78 | uBadSearchRequestDuplicate : String | LdapInjection.java:152:14:152:26 | duplicate(...) |
+| LdapInjection.java:155:32:155:80 | uBadROSearchRequestDuplicate : String | LdapInjection.java:159:14:159:26 | duplicate(...) |
+| LdapInjection.java:162:32:162:74 | uBadSearchRequestSetDN : String | LdapInjection.java:166:14:166:14 | s |
+| LdapInjection.java:169:32:169:78 | uBadSearchRequestSetFilter : String | LdapInjection.java:173:14:173:14 | s |
+| LdapInjection.java:197:30:197:54 | sBad : String | LdapInjection.java:198:36:198:55 | ... + ... |
+| LdapInjection.java:197:57:197:83 | sBadDN : String | LdapInjection.java:198:14:198:33 | ... + ... |
+| LdapInjection.java:201:30:201:54 | sBad : String | LdapInjection.java:202:88:202:107 | ... + ... |
+| LdapInjection.java:201:57:201:92 | sBadDNLNBuilder : String | LdapInjection.java:202:20:202:85 | build(...) |
+| LdapInjection.java:205:30:205:54 | sBad : String | LdapInjection.java:206:100:206:119 | ... + ... |
+| LdapInjection.java:205:57:205:95 | sBadDNLNBuilderAdd : String | LdapInjection.java:206:23:206:97 | build(...) |
+| LdapInjection.java:209:30:209:63 | sBadLdapQuery : String | LdapInjection.java:210:15:210:76 | filter(...) |
+| LdapInjection.java:213:30:213:60 | sBadFilter : String | LdapInjection.java:214:66:214:112 | new HardcodedFilter(...) |
+| LdapInjection.java:213:63:213:98 | sBadDNLdapUtils : String | LdapInjection.java:214:12:214:63 | newLdapName(...) |
+| LdapInjection.java:217:30:217:63 | sBadLdapQuery : String | LdapInjection.java:218:24:218:85 | filter(...) |
+| LdapInjection.java:221:30:221:64 | sBadLdapQuery2 : String | LdapInjection.java:223:24:223:24 | q |
+| LdapInjection.java:226:30:226:73 | sBadLdapQueryWithFilter : String | LdapInjection.java:227:24:227:116 | filter(...) |
+| LdapInjection.java:230:30:230:74 | sBadLdapQueryWithFilter2 : String | LdapInjection.java:232:24:232:57 | filter(...) |
+| LdapInjection.java:235:31:235:68 | sBadLdapQueryBase : String | LdapInjection.java:236:12:236:66 | base(...) |
+| LdapInjection.java:239:31:239:71 | sBadLdapQueryComplex : String | LdapInjection.java:240:24:240:98 | is(...) |
+| LdapInjection.java:247:31:247:67 | sBadFilterEncode : String | LdapInjection.java:250:18:250:29 | toString(...) |
+| LdapInjection.java:266:30:266:54 | aBad : String | LdapInjection.java:268:36:268:55 | ... + ... |
+| LdapInjection.java:266:57:266:83 | aBadDN : String | LdapInjection.java:268:14:268:33 | ... + ... |
+| LdapInjection.java:276:30:276:67 | aBadSearchRequest : String | LdapInjection.java:280:14:280:14 | s |
+| LdapInjection.java:283:74:283:103 | aBadDNObj : String | LdapInjection.java:287:14:287:14 | s |
+| LdapInjection.java:290:30:290:72 | aBadDNSearchRequestGet : String | LdapInjection.java:294:14:294:24 | getBase(...) |
+| LdapInjection.java:312:23:312:58 | okEncodeForLDAP : String | LdapInjection.java:314:61:314:75 | okEncodeForLDAP : String |
+| LdapInjection.java:314:39:314:76 | encodeForLDAP(...) : String | LdapInjection.java:314:29:314:82 | ... + ... |
+| LdapInjection.java:314:61:314:75 | okEncodeForLDAP : String | LdapInjection.java:314:39:314:76 | encodeForLDAP(...) : String |
+| LdapInjection.java:318:23:318:57 | okFilterEncode : String | LdapInjection.java:319:64:319:77 | okFilterEncode : String |
+| LdapInjection.java:319:39:319:78 | filterEncode(...) : String | LdapInjection.java:319:29:319:84 | ... + ... |
+| LdapInjection.java:319:64:319:77 | okFilterEncode : String | LdapInjection.java:319:39:319:78 | filterEncode(...) : String |
+nodes
+| LdapInjection.java:41:28:41:52 | jBad : String | semmle.label | jBad : String |
+| LdapInjection.java:41:55:41:81 | jBadDN : String | semmle.label | jBadDN : String |
+| LdapInjection.java:43:16:43:35 | ... + ... | semmle.label | ... + ... |
+| LdapInjection.java:43:38:43:57 | ... + ... | semmle.label | ... + ... |
+| LdapInjection.java:46:28:46:52 | jBad : String | semmle.label | jBad : String |
+| LdapInjection.java:46:55:46:85 | jBadDNName : String | semmle.label | jBadDNName : String |
+| LdapInjection.java:48:16:48:53 | new LdapName(...) | semmle.label | new LdapName(...) |
+| LdapInjection.java:48:56:48:75 | ... + ... | semmle.label | ... + ... |
+| LdapInjection.java:51:28:51:52 | jBad : String | semmle.label | jBad : String |
+| LdapInjection.java:53:63:53:82 | ... + ... | semmle.label | ... + ... |
+| LdapInjection.java:56:28:56:59 | jBadInitial : String | semmle.label | jBadInitial : String |
+| LdapInjection.java:58:29:58:55 | ... + ... | semmle.label | ... + ... |
+| LdapInjection.java:61:28:61:52 | jBad : String | semmle.label | jBad : String |
+| LdapInjection.java:61:55:61:88 | jBadDNNameAdd : String | semmle.label | jBadDNNameAdd : String |
+| LdapInjection.java:63:16:63:81 | addAll(...) | semmle.label | addAll(...) |
+| LdapInjection.java:63:84:63:103 | ... + ... | semmle.label | ... + ... |
+| LdapInjection.java:66:28:66:52 | jBad : String | semmle.label | jBad : String |
+| LdapInjection.java:66:55:66:89 | jBadDNNameAdd2 : String | semmle.label | jBadDNNameAdd2 : String |
+| LdapInjection.java:70:16:70:44 | addAll(...) | semmle.label | addAll(...) |
+| LdapInjection.java:70:47:70:66 | ... + ... | semmle.label | ... + ... |
+| LdapInjection.java:73:28:73:52 | jBad : String | semmle.label | jBad : String |
+| LdapInjection.java:73:55:73:93 | jBadDNNameToString : String | semmle.label | jBadDNNameToString : String |
+| LdapInjection.java:75:16:75:72 | toString(...) | semmle.label | toString(...) |
+| LdapInjection.java:75:75:75:94 | ... + ... | semmle.label | ... + ... |
+| LdapInjection.java:78:28:78:52 | jBad : String | semmle.label | jBad : String |
+| LdapInjection.java:78:55:78:90 | jBadDNNameClone : String | semmle.label | jBadDNNameClone : String |
+| LdapInjection.java:80:16:80:73 | (...)... | semmle.label | (...)... |
+| LdapInjection.java:80:76:80:95 | ... + ... | semmle.label | ... + ... |
+| LdapInjection.java:92:31:92:55 | uBad : String | semmle.label | uBad : String |
+| LdapInjection.java:92:58:92:84 | uBadDN : String | semmle.label | uBadDN : String |
+| LdapInjection.java:94:20:94:39 | ... + ... | semmle.label | ... + ... |
+| LdapInjection.java:94:67:94:86 | ... + ... | semmle.label | ... + ... |
+| LdapInjection.java:97:31:97:67 | uBadFilterCreate : String | semmle.label | uBadFilterCreate : String |
+| LdapInjection.java:98:58:98:88 | create(...) | semmle.label | create(...) |
+| LdapInjection.java:101:31:101:70 | uBadROSearchRequest : String | semmle.label | uBadROSearchRequest : String |
+| LdapInjection.java:101:73:101:103 | uBadROSRDN : String | semmle.label | uBadROSRDN : String |
+| LdapInjection.java:105:14:105:14 | s | semmle.label | s |
+| LdapInjection.java:108:31:108:68 | uBadSearchRequest : String | semmle.label | uBadSearchRequest : String |
+| LdapInjection.java:108:71:108:99 | uBadSRDN : String | semmle.label | uBadSRDN : String |
+| LdapInjection.java:112:14:112:14 | s | semmle.label | s |
+| LdapInjection.java:115:31:115:55 | uBad : String | semmle.label | uBad : String |
+| LdapInjection.java:115:58:115:87 | uBadDNSFR : String | semmle.label | uBadDNSFR : String |
+| LdapInjection.java:117:22:117:44 | ... + ... | semmle.label | ... + ... |
+| LdapInjection.java:117:69:117:88 | ... + ... | semmle.label | ... + ... |
+| LdapInjection.java:120:31:120:75 | uBadROSearchRequestAsync : String | semmle.label | uBadROSearchRequestAsync : String |
+| LdapInjection.java:120:78:120:113 | uBadROSRDNAsync : String | semmle.label | uBadROSRDNAsync : String |
+| LdapInjection.java:124:19:124:19 | s | semmle.label | s |
+| LdapInjection.java:127:31:127:73 | uBadSearchRequestAsync : String | semmle.label | uBadSearchRequestAsync : String |
+| LdapInjection.java:127:76:127:109 | uBadSRDNAsync : String | semmle.label | uBadSRDNAsync : String |
+| LdapInjection.java:131:19:131:19 | s | semmle.label | s |
+| LdapInjection.java:134:31:134:70 | uBadFilterCreateNOT : String | semmle.label | uBadFilterCreateNOT : String |
+| LdapInjection.java:135:58:135:115 | createNOTFilter(...) | semmle.label | createNOTFilter(...) |
+| LdapInjection.java:142:32:142:82 | uBadFilterCreateToStringBuffer : String | semmle.label | uBadFilterCreateToStringBuffer : String |
+| LdapInjection.java:145:58:145:69 | toString(...) | semmle.label | toString(...) |
+| LdapInjection.java:148:32:148:78 | uBadSearchRequestDuplicate : String | semmle.label | uBadSearchRequestDuplicate : String |
+| LdapInjection.java:152:14:152:26 | duplicate(...) | semmle.label | duplicate(...) |
+| LdapInjection.java:155:32:155:80 | uBadROSearchRequestDuplicate : String | semmle.label | uBadROSearchRequestDuplicate : String |
+| LdapInjection.java:159:14:159:26 | duplicate(...) | semmle.label | duplicate(...) |
+| LdapInjection.java:162:32:162:74 | uBadSearchRequestSetDN : String | semmle.label | uBadSearchRequestSetDN : String |
+| LdapInjection.java:166:14:166:14 | s | semmle.label | s |
+| LdapInjection.java:169:32:169:78 | uBadSearchRequestSetFilter : String | semmle.label | uBadSearchRequestSetFilter : String |
+| LdapInjection.java:173:14:173:14 | s | semmle.label | s |
+| LdapInjection.java:197:30:197:54 | sBad : String | semmle.label | sBad : String |
+| LdapInjection.java:197:57:197:83 | sBadDN : String | semmle.label | sBadDN : String |
+| LdapInjection.java:198:14:198:33 | ... + ... | semmle.label | ... + ... |
+| LdapInjection.java:198:36:198:55 | ... + ... | semmle.label | ... + ... |
+| LdapInjection.java:201:30:201:54 | sBad : String | semmle.label | sBad : String |
+| LdapInjection.java:201:57:201:92 | sBadDNLNBuilder : String | semmle.label | sBadDNLNBuilder : String |
+| LdapInjection.java:202:20:202:85 | build(...) | semmle.label | build(...) |
+| LdapInjection.java:202:88:202:107 | ... + ... | semmle.label | ... + ... |
+| LdapInjection.java:205:30:205:54 | sBad : String | semmle.label | sBad : String |
+| LdapInjection.java:205:57:205:95 | sBadDNLNBuilderAdd : String | semmle.label | sBadDNLNBuilderAdd : String |
+| LdapInjection.java:206:23:206:97 | build(...) | semmle.label | build(...) |
+| LdapInjection.java:206:100:206:119 | ... + ... | semmle.label | ... + ... |
+| LdapInjection.java:209:30:209:63 | sBadLdapQuery : String | semmle.label | sBadLdapQuery : String |
+| LdapInjection.java:210:15:210:76 | filter(...) | semmle.label | filter(...) |
+| LdapInjection.java:213:30:213:60 | sBadFilter : String | semmle.label | sBadFilter : String |
+| LdapInjection.java:213:63:213:98 | sBadDNLdapUtils : String | semmle.label | sBadDNLdapUtils : String |
+| LdapInjection.java:214:12:214:63 | newLdapName(...) | semmle.label | newLdapName(...) |
+| LdapInjection.java:214:66:214:112 | new HardcodedFilter(...) | semmle.label | new HardcodedFilter(...) |
+| LdapInjection.java:217:30:217:63 | sBadLdapQuery : String | semmle.label | sBadLdapQuery : String |
+| LdapInjection.java:218:24:218:85 | filter(...) | semmle.label | filter(...) |
+| LdapInjection.java:221:30:221:64 | sBadLdapQuery2 : String | semmle.label | sBadLdapQuery2 : String |
+| LdapInjection.java:223:24:223:24 | q | semmle.label | q |
+| LdapInjection.java:226:30:226:73 | sBadLdapQueryWithFilter : String | semmle.label | sBadLdapQueryWithFilter : String |
+| LdapInjection.java:227:24:227:116 | filter(...) | semmle.label | filter(...) |
+| LdapInjection.java:230:30:230:74 | sBadLdapQueryWithFilter2 : String | semmle.label | sBadLdapQueryWithFilter2 : String |
+| LdapInjection.java:232:24:232:57 | filter(...) | semmle.label | filter(...) |
+| LdapInjection.java:235:31:235:68 | sBadLdapQueryBase : String | semmle.label | sBadLdapQueryBase : String |
+| LdapInjection.java:236:12:236:66 | base(...) | semmle.label | base(...) |
+| LdapInjection.java:239:31:239:71 | sBadLdapQueryComplex : String | semmle.label | sBadLdapQueryComplex : String |
+| LdapInjection.java:240:24:240:98 | is(...) | semmle.label | is(...) |
+| LdapInjection.java:247:31:247:67 | sBadFilterEncode : String | semmle.label | sBadFilterEncode : String |
+| LdapInjection.java:250:18:250:29 | toString(...) | semmle.label | toString(...) |
+| LdapInjection.java:266:30:266:54 | aBad : String | semmle.label | aBad : String |
+| LdapInjection.java:266:57:266:83 | aBadDN : String | semmle.label | aBadDN : String |
+| LdapInjection.java:268:14:268:33 | ... + ... | semmle.label | ... + ... |
+| LdapInjection.java:268:36:268:55 | ... + ... | semmle.label | ... + ... |
+| LdapInjection.java:276:30:276:67 | aBadSearchRequest : String | semmle.label | aBadSearchRequest : String |
+| LdapInjection.java:280:14:280:14 | s | semmle.label | s |
+| LdapInjection.java:283:74:283:103 | aBadDNObj : String | semmle.label | aBadDNObj : String |
+| LdapInjection.java:287:14:287:14 | s | semmle.label | s |
+| LdapInjection.java:290:30:290:72 | aBadDNSearchRequestGet : String | semmle.label | aBadDNSearchRequestGet : String |
+| LdapInjection.java:294:14:294:24 | getBase(...) | semmle.label | getBase(...) |
+| LdapInjection.java:312:23:312:58 | okEncodeForLDAP : String | semmle.label | okEncodeForLDAP : String |
+| LdapInjection.java:314:29:314:82 | ... + ... | semmle.label | ... + ... |
+| LdapInjection.java:314:39:314:76 | encodeForLDAP(...) : String | semmle.label | encodeForLDAP(...) : String |
+| LdapInjection.java:314:61:314:75 | okEncodeForLDAP : String | semmle.label | okEncodeForLDAP : String |
+| LdapInjection.java:318:23:318:57 | okFilterEncode : String | semmle.label | okFilterEncode : String |
+| LdapInjection.java:319:29:319:84 | ... + ... | semmle.label | ... + ... |
+| LdapInjection.java:319:39:319:78 | filterEncode(...) : String | semmle.label | filterEncode(...) : String |
+| LdapInjection.java:319:64:319:77 | okFilterEncode : String | semmle.label | okFilterEncode : String |
+#select
+| LdapInjection.java:43:16:43:35 | ... + ... | LdapInjection.java:41:55:41:81 | jBadDN : String | LdapInjection.java:43:16:43:35 | ... + ... | LDAP query might include code from $@. | LdapInjection.java:41:55:41:81 | jBadDN | this user input |
+| LdapInjection.java:43:38:43:57 | ... + ... | LdapInjection.java:41:28:41:52 | jBad : String | LdapInjection.java:43:38:43:57 | ... + ... | LDAP query might include code from $@. | LdapInjection.java:41:28:41:52 | jBad | this user input |
+| LdapInjection.java:48:16:48:53 | new LdapName(...) | LdapInjection.java:46:55:46:85 | jBadDNName : String | LdapInjection.java:48:16:48:53 | new LdapName(...) | LDAP query might include code from $@. | LdapInjection.java:46:55:46:85 | jBadDNName | this user input |
+| LdapInjection.java:48:56:48:75 | ... + ... | LdapInjection.java:46:28:46:52 | jBad : String | LdapInjection.java:48:56:48:75 | ... + ... | LDAP query might include code from $@. | LdapInjection.java:46:28:46:52 | jBad | this user input |
+| LdapInjection.java:53:63:53:82 | ... + ... | LdapInjection.java:51:28:51:52 | jBad : String | LdapInjection.java:53:63:53:82 | ... + ... | LDAP query might include code from $@. | LdapInjection.java:51:28:51:52 | jBad | this user input |
+| LdapInjection.java:58:29:58:55 | ... + ... | LdapInjection.java:56:28:56:59 | jBadInitial : String | LdapInjection.java:58:29:58:55 | ... + ... | LDAP query might include code from $@. | LdapInjection.java:56:28:56:59 | jBadInitial | this user input |
+| LdapInjection.java:63:16:63:81 | addAll(...) | LdapInjection.java:61:55:61:88 | jBadDNNameAdd : String | LdapInjection.java:63:16:63:81 | addAll(...) | LDAP query might include code from $@. | LdapInjection.java:61:55:61:88 | jBadDNNameAdd | this user input |
+| LdapInjection.java:63:84:63:103 | ... + ... | LdapInjection.java:61:28:61:52 | jBad : String | LdapInjection.java:63:84:63:103 | ... + ... | LDAP query might include code from $@. | LdapInjection.java:61:28:61:52 | jBad | this user input |
+| LdapInjection.java:70:16:70:44 | addAll(...) | LdapInjection.java:66:55:66:89 | jBadDNNameAdd2 : String | LdapInjection.java:70:16:70:44 | addAll(...) | LDAP query might include code from $@. | LdapInjection.java:66:55:66:89 | jBadDNNameAdd2 | this user input |
+| LdapInjection.java:70:47:70:66 | ... + ... | LdapInjection.java:66:28:66:52 | jBad : String | LdapInjection.java:70:47:70:66 | ... + ... | LDAP query might include code from $@. | LdapInjection.java:66:28:66:52 | jBad | this user input |
+| LdapInjection.java:75:16:75:72 | toString(...) | LdapInjection.java:73:55:73:93 | jBadDNNameToString : String | LdapInjection.java:75:16:75:72 | toString(...) | LDAP query might include code from $@. | LdapInjection.java:73:55:73:93 | jBadDNNameToString | this user input |
+| LdapInjection.java:75:75:75:94 | ... + ... | LdapInjection.java:73:28:73:52 | jBad : String | LdapInjection.java:75:75:75:94 | ... + ... | LDAP query might include code from $@. | LdapInjection.java:73:28:73:52 | jBad | this user input |
+| LdapInjection.java:80:16:80:73 | (...)... | LdapInjection.java:78:55:78:90 | jBadDNNameClone : String | LdapInjection.java:80:16:80:73 | (...)... | LDAP query might include code from $@. | LdapInjection.java:78:55:78:90 | jBadDNNameClone | this user input |
+| LdapInjection.java:80:76:80:95 | ... + ... | LdapInjection.java:78:28:78:52 | jBad : String | LdapInjection.java:80:76:80:95 | ... + ... | LDAP query might include code from $@. | LdapInjection.java:78:28:78:52 | jBad | this user input |
+| LdapInjection.java:94:20:94:39 | ... + ... | LdapInjection.java:92:58:92:84 | uBadDN : String | LdapInjection.java:94:20:94:39 | ... + ... | LDAP query might include code from $@. | LdapInjection.java:92:58:92:84 | uBadDN | this user input |
+| LdapInjection.java:94:67:94:86 | ... + ... | LdapInjection.java:92:31:92:55 | uBad : String | LdapInjection.java:94:67:94:86 | ... + ... | LDAP query might include code from $@. | LdapInjection.java:92:31:92:55 | uBad | this user input |
+| LdapInjection.java:98:58:98:88 | create(...) | LdapInjection.java:97:31:97:67 | uBadFilterCreate : String | LdapInjection.java:98:58:98:88 | create(...) | LDAP query might include code from $@. | LdapInjection.java:97:31:97:67 | uBadFilterCreate | this user input |
+| LdapInjection.java:105:14:105:14 | s | LdapInjection.java:101:31:101:70 | uBadROSearchRequest : String | LdapInjection.java:105:14:105:14 | s | LDAP query might include code from $@. | LdapInjection.java:101:31:101:70 | uBadROSearchRequest | this user input |
+| LdapInjection.java:105:14:105:14 | s | LdapInjection.java:101:73:101:103 | uBadROSRDN : String | LdapInjection.java:105:14:105:14 | s | LDAP query might include code from $@. | LdapInjection.java:101:73:101:103 | uBadROSRDN | this user input |
+| LdapInjection.java:112:14:112:14 | s | LdapInjection.java:108:31:108:68 | uBadSearchRequest : String | LdapInjection.java:112:14:112:14 | s | LDAP query might include code from $@. | LdapInjection.java:108:31:108:68 | uBadSearchRequest | this user input |
+| LdapInjection.java:112:14:112:14 | s | LdapInjection.java:108:71:108:99 | uBadSRDN : String | LdapInjection.java:112:14:112:14 | s | LDAP query might include code from $@. | LdapInjection.java:108:71:108:99 | uBadSRDN | this user input |
+| LdapInjection.java:117:22:117:44 | ... + ... | LdapInjection.java:115:58:115:87 | uBadDNSFR : String | LdapInjection.java:117:22:117:44 | ... + ... | LDAP query might include code from $@. | LdapInjection.java:115:58:115:87 | uBadDNSFR | this user input |
+| LdapInjection.java:117:69:117:88 | ... + ... | LdapInjection.java:115:31:115:55 | uBad : String | LdapInjection.java:117:69:117:88 | ... + ... | LDAP query might include code from $@. | LdapInjection.java:115:31:115:55 | uBad | this user input |
+| LdapInjection.java:124:19:124:19 | s | LdapInjection.java:120:31:120:75 | uBadROSearchRequestAsync : String | LdapInjection.java:124:19:124:19 | s | LDAP query might include code from $@. | LdapInjection.java:120:31:120:75 | uBadROSearchRequestAsync | this user input |
+| LdapInjection.java:124:19:124:19 | s | LdapInjection.java:120:78:120:113 | uBadROSRDNAsync : String | LdapInjection.java:124:19:124:19 | s | LDAP query might include code from $@. | LdapInjection.java:120:78:120:113 | uBadROSRDNAsync | this user input |
+| LdapInjection.java:131:19:131:19 | s | LdapInjection.java:127:31:127:73 | uBadSearchRequestAsync : String | LdapInjection.java:131:19:131:19 | s | LDAP query might include code from $@. | LdapInjection.java:127:31:127:73 | uBadSearchRequestAsync | this user input |
+| LdapInjection.java:131:19:131:19 | s | LdapInjection.java:127:76:127:109 | uBadSRDNAsync : String | LdapInjection.java:131:19:131:19 | s | LDAP query might include code from $@. | LdapInjection.java:127:76:127:109 | uBadSRDNAsync | this user input |
+| LdapInjection.java:135:58:135:115 | createNOTFilter(...) | LdapInjection.java:134:31:134:70 | uBadFilterCreateNOT : String | LdapInjection.java:135:58:135:115 | createNOTFilter(...) | LDAP query might include code from $@. | LdapInjection.java:134:31:134:70 | uBadFilterCreateNOT | this user input |
+| LdapInjection.java:145:58:145:69 | toString(...) | LdapInjection.java:142:32:142:82 | uBadFilterCreateToStringBuffer : String | LdapInjection.java:145:58:145:69 | toString(...) | LDAP query might include code from $@. | LdapInjection.java:142:32:142:82 | uBadFilterCreateToStringBuffer | this user input |
+| LdapInjection.java:152:14:152:26 | duplicate(...) | LdapInjection.java:148:32:148:78 | uBadSearchRequestDuplicate : String | LdapInjection.java:152:14:152:26 | duplicate(...) | LDAP query might include code from $@. | LdapInjection.java:148:32:148:78 | uBadSearchRequestDuplicate | this user input |
+| LdapInjection.java:159:14:159:26 | duplicate(...) | LdapInjection.java:155:32:155:80 | uBadROSearchRequestDuplicate : String | LdapInjection.java:159:14:159:26 | duplicate(...) | LDAP query might include code from $@. | LdapInjection.java:155:32:155:80 | uBadROSearchRequestDuplicate | this user input |
+| LdapInjection.java:166:14:166:14 | s | LdapInjection.java:162:32:162:74 | uBadSearchRequestSetDN : String | LdapInjection.java:166:14:166:14 | s | LDAP query might include code from $@. | LdapInjection.java:162:32:162:74 | uBadSearchRequestSetDN | this user input |
+| LdapInjection.java:173:14:173:14 | s | LdapInjection.java:169:32:169:78 | uBadSearchRequestSetFilter : String | LdapInjection.java:173:14:173:14 | s | LDAP query might include code from $@. | LdapInjection.java:169:32:169:78 | uBadSearchRequestSetFilter | this user input |
+| LdapInjection.java:198:14:198:33 | ... + ... | LdapInjection.java:197:57:197:83 | sBadDN : String | LdapInjection.java:198:14:198:33 | ... + ... | LDAP query might include code from $@. | LdapInjection.java:197:57:197:83 | sBadDN | this user input |
+| LdapInjection.java:198:36:198:55 | ... + ... | LdapInjection.java:197:30:197:54 | sBad : String | LdapInjection.java:198:36:198:55 | ... + ... | LDAP query might include code from $@. | LdapInjection.java:197:30:197:54 | sBad | this user input |
+| LdapInjection.java:202:20:202:85 | build(...) | LdapInjection.java:201:57:201:92 | sBadDNLNBuilder : String | LdapInjection.java:202:20:202:85 | build(...) | LDAP query might include code from $@. | LdapInjection.java:201:57:201:92 | sBadDNLNBuilder | this user input |
+| LdapInjection.java:202:88:202:107 | ... + ... | LdapInjection.java:201:30:201:54 | sBad : String | LdapInjection.java:202:88:202:107 | ... + ... | LDAP query might include code from $@. | LdapInjection.java:201:30:201:54 | sBad | this user input |
+| LdapInjection.java:206:23:206:97 | build(...) | LdapInjection.java:205:57:205:95 | sBadDNLNBuilderAdd : String | LdapInjection.java:206:23:206:97 | build(...) | LDAP query might include code from $@. | LdapInjection.java:205:57:205:95 | sBadDNLNBuilderAdd | this user input |
+| LdapInjection.java:206:100:206:119 | ... + ... | LdapInjection.java:205:30:205:54 | sBad : String | LdapInjection.java:206:100:206:119 | ... + ... | LDAP query might include code from $@. | LdapInjection.java:205:30:205:54 | sBad | this user input |
+| LdapInjection.java:210:15:210:76 | filter(...) | LdapInjection.java:209:30:209:63 | sBadLdapQuery : String | LdapInjection.java:210:15:210:76 | filter(...) | LDAP query might include code from $@. | LdapInjection.java:209:30:209:63 | sBadLdapQuery | this user input |
+| LdapInjection.java:214:12:214:63 | newLdapName(...) | LdapInjection.java:213:63:213:98 | sBadDNLdapUtils : String | LdapInjection.java:214:12:214:63 | newLdapName(...) | LDAP query might include code from $@. | LdapInjection.java:213:63:213:98 | sBadDNLdapUtils | this user input |
+| LdapInjection.java:214:66:214:112 | new HardcodedFilter(...) | LdapInjection.java:213:30:213:60 | sBadFilter : String | LdapInjection.java:214:66:214:112 | new HardcodedFilter(...) | LDAP query might include code from $@. | LdapInjection.java:213:30:213:60 | sBadFilter | this user input |
+| LdapInjection.java:218:24:218:85 | filter(...) | LdapInjection.java:217:30:217:63 | sBadLdapQuery : String | LdapInjection.java:218:24:218:85 | filter(...) | LDAP query might include code from $@. | LdapInjection.java:217:30:217:63 | sBadLdapQuery | this user input |
+| LdapInjection.java:223:24:223:24 | q | LdapInjection.java:221:30:221:64 | sBadLdapQuery2 : String | LdapInjection.java:223:24:223:24 | q | LDAP query might include code from $@. | LdapInjection.java:221:30:221:64 | sBadLdapQuery2 | this user input |
+| LdapInjection.java:227:24:227:116 | filter(...) | LdapInjection.java:226:30:226:73 | sBadLdapQueryWithFilter : String | LdapInjection.java:227:24:227:116 | filter(...) | LDAP query might include code from $@. | LdapInjection.java:226:30:226:73 | sBadLdapQueryWithFilter | this user input |
+| LdapInjection.java:232:24:232:57 | filter(...) | LdapInjection.java:230:30:230:74 | sBadLdapQueryWithFilter2 : String | LdapInjection.java:232:24:232:57 | filter(...) | LDAP query might include code from $@. | LdapInjection.java:230:30:230:74 | sBadLdapQueryWithFilter2 | this user input |
+| LdapInjection.java:236:12:236:66 | base(...) | LdapInjection.java:235:31:235:68 | sBadLdapQueryBase : String | LdapInjection.java:236:12:236:66 | base(...) | LDAP query might include code from $@. | LdapInjection.java:235:31:235:68 | sBadLdapQueryBase | this user input |
+| LdapInjection.java:240:24:240:98 | is(...) | LdapInjection.java:239:31:239:71 | sBadLdapQueryComplex : String | LdapInjection.java:240:24:240:98 | is(...) | LDAP query might include code from $@. | LdapInjection.java:239:31:239:71 | sBadLdapQueryComplex | this user input |
+| LdapInjection.java:250:18:250:29 | toString(...) | LdapInjection.java:247:31:247:67 | sBadFilterEncode : String | LdapInjection.java:250:18:250:29 | toString(...) | LDAP query might include code from $@. | LdapInjection.java:247:31:247:67 | sBadFilterEncode | this user input |
+| LdapInjection.java:268:14:268:33 | ... + ... | LdapInjection.java:266:57:266:83 | aBadDN : String | LdapInjection.java:268:14:268:33 | ... + ... | LDAP query might include code from $@. | LdapInjection.java:266:57:266:83 | aBadDN | this user input |
+| LdapInjection.java:268:36:268:55 | ... + ... | LdapInjection.java:266:30:266:54 | aBad : String | LdapInjection.java:268:36:268:55 | ... + ... | LDAP query might include code from $@. | LdapInjection.java:266:30:266:54 | aBad | this user input |
+| LdapInjection.java:280:14:280:14 | s | LdapInjection.java:276:30:276:67 | aBadSearchRequest : String | LdapInjection.java:280:14:280:14 | s | LDAP query might include code from $@. | LdapInjection.java:276:30:276:67 | aBadSearchRequest | this user input |
+| LdapInjection.java:287:14:287:14 | s | LdapInjection.java:283:74:283:103 | aBadDNObj : String | LdapInjection.java:287:14:287:14 | s | LDAP query might include code from $@. | LdapInjection.java:283:74:283:103 | aBadDNObj | this user input |
+| LdapInjection.java:294:14:294:24 | getBase(...) | LdapInjection.java:290:30:290:72 | aBadDNSearchRequestGet : String | LdapInjection.java:294:14:294:24 | getBase(...) | LDAP query might include code from $@. | LdapInjection.java:290:30:290:72 | aBadDNSearchRequestGet | this user input |
+| LdapInjection.java:314:29:314:82 | ... + ... | LdapInjection.java:312:23:312:58 | okEncodeForLDAP : String | LdapInjection.java:314:29:314:82 | ... + ... | LDAP query might include code from $@. | LdapInjection.java:312:23:312:58 | okEncodeForLDAP | this user input |
+| LdapInjection.java:319:29:319:84 | ... + ... | LdapInjection.java:318:23:318:57 | okFilterEncode : String | LdapInjection.java:319:29:319:84 | ... + ... | LDAP query might include code from $@. | LdapInjection.java:318:23:318:57 | okFilterEncode | this user input |
--- a/java/ql/test/query-tests/security/CWE-090/LdapInjection.java
+++ b/java/ql/test/query-tests/security/CWE-090/LdapInjection.java
@@ -0,0 +1,326 @@
+import java.util.List;
+
+import javax.naming.Name;
+import javax.naming.NamingException;
+import javax.naming.directory.BasicAttributes;
+import javax.naming.directory.DirContext;
+import javax.naming.directory.InitialDirContext;
+import javax.naming.directory.SearchControls;
+import javax.naming.ldap.InitialLdapContext;
+import javax.naming.ldap.LdapContext;
+import javax.naming.ldap.LdapName;
+import javax.naming.ldap.Rdn;
+
+import com.unboundid.ldap.sdk.Filter;
+import com.unboundid.ldap.sdk.LDAPConnection;
+import com.unboundid.ldap.sdk.LDAPException;
+import com.unboundid.ldap.sdk.LDAPSearchException;
+import com.unboundid.ldap.sdk.ReadOnlySearchRequest;
+import com.unboundid.ldap.sdk.SearchRequest;
+
+import org.apache.directory.api.ldap.model.exception.LdapException;
+import org.apache.directory.api.ldap.model.filter.EqualityNode;
+import org.apache.directory.api.ldap.model.message.SearchRequestImpl;
+import org.apache.directory.api.ldap.model.name.Dn;
+import org.apache.directory.ldap.client.api.LdapConnection;
+import org.apache.directory.ldap.client.api.LdapNetworkConnection;
+import org.owasp.esapi.Encoder;
+import org.owasp.esapi.reference.DefaultEncoder;
+import org.springframework.ldap.core.LdapTemplate;
+import org.springframework.ldap.filter.EqualsFilter;
+import org.springframework.ldap.filter.HardcodedFilter;
+import org.springframework.ldap.query.LdapQuery;
+import org.springframework.ldap.query.LdapQueryBuilder;
+import org.springframework.ldap.support.LdapEncoder;
+import org.springframework.ldap.support.LdapNameBuilder;
+import org.springframework.ldap.support.LdapUtils;
+import org.springframework.web.bind.annotation.RequestParam;
+
+public class LdapInjection {
+  // JNDI
+  public void testJndiBad1(@RequestParam String jBad, @RequestParam String jBadDN, DirContext ctx)
+      throws NamingException {
+    ctx.search("ou=system" + jBadDN, "(uid=" + jBad + ")", new SearchControls());
+  }
+
+  public void testJndiBad2(@RequestParam String jBad, @RequestParam String jBadDNName, InitialDirContext ctx)
+      throws NamingException {
+    ctx.search(new LdapName("ou=system" + jBadDNName), "(uid=" + jBad + ")", new SearchControls());
+  }
+
+  public void testJndiBad3(@RequestParam String jBad, @RequestParam String jOkDN, LdapContext ctx)
+      throws NamingException {
+    ctx.search(new LdapName(List.of(new Rdn("ou=" + jOkDN))), "(uid=" + jBad + ")", new SearchControls());
+  }
+
+  public void testJndiBad4(@RequestParam String jBadInitial, InitialLdapContext ctx)
+      throws NamingException {
+    ctx.search("ou=system", "(uid=" + jBadInitial + ")", new SearchControls());
+  }
+
+  public void testJndiBad5(@RequestParam String jBad, @RequestParam String jBadDNNameAdd, InitialDirContext ctx)
+      throws NamingException {
+    ctx.search(new LdapName("").addAll(new LdapName("ou=system" + jBadDNNameAdd)), "(uid=" + jBad + ")", new SearchControls());
+  }
+
+  public void testJndiBad6(@RequestParam String jBad, @RequestParam String jBadDNNameAdd2, InitialDirContext ctx)
+      throws NamingException {
+    LdapName name = new LdapName("");
+    name.addAll(new LdapName("ou=system" + jBadDNNameAdd2).getRdns());
+    ctx.search(new LdapName("").addAll(name), "(uid=" + jBad + ")", new SearchControls());
+  }
+
+  public void testJndiBad7(@RequestParam String jBad, @RequestParam String jBadDNNameToString, InitialDirContext ctx)
+      throws NamingException {
+    ctx.search(new LdapName("ou=system" + jBadDNNameToString).toString(), "(uid=" + jBad + ")", new SearchControls());
+  }
+
+  public void testJndiBad8(@RequestParam String jBad, @RequestParam String jBadDNNameClone, InitialDirContext ctx)
+      throws NamingException {
+    ctx.search((Name) new LdapName("ou=system" + jBadDNNameClone).clone(), "(uid=" + jBad + ")", new SearchControls());
+  }
+
+  public void testJndiOk1(@RequestParam String jOkFilterExpr, DirContext ctx) throws NamingException {
+    ctx.search("ou=system", "(uid={0})", new String[] { jOkFilterExpr }, new SearchControls());
+  }
+
+  public void testJndiOk2(@RequestParam String jOkAttribute, DirContext ctx) throws NamingException {
+    ctx.search("ou=system", new BasicAttributes(jOkAttribute, jOkAttribute));
+  }
+
+  // UnboundID
+  public void testUnboundBad1(@RequestParam String uBad, @RequestParam String uBadDN, LDAPConnection c)
+      throws LDAPSearchException {
+    c.search(null, "ou=system" + uBadDN, null, null, 1, 1, false, "(uid=" + uBad + ")");
+  }
+
+  public void testUnboundBad2(@RequestParam String uBadFilterCreate, LDAPConnection c) throws LDAPException {
+    c.search(null, "ou=system", null, null, 1, 1, false, Filter.create(uBadFilterCreate));
+  }
+
+  public void testUnboundBad3(@RequestParam String uBadROSearchRequest, @RequestParam String uBadROSRDN,
+      LDAPConnection c) throws LDAPException {
+    ReadOnlySearchRequest s = new SearchRequest(null, "ou=system" + uBadROSRDN, null, null, 1, 1, false,
+        "(uid=" + uBadROSearchRequest + ")");
+    c.search(s);
+  }
+
+  public void testUnboundBad4(@RequestParam String uBadSearchRequest, @RequestParam String uBadSRDN, LDAPConnection c)
+      throws LDAPException {
+    SearchRequest s = new SearchRequest(null, "ou=system" + uBadSRDN, null, null, 1, 1, false,
+        "(uid=" + uBadSearchRequest + ")");
+    c.search(s);
+  }
+
+  public void testUnboundBad5(@RequestParam String uBad, @RequestParam String uBadDNSFR, LDAPConnection c)
+      throws LDAPSearchException {
+    c.searchForEntry("ou=system" + uBadDNSFR, null, null, 1, false, "(uid=" + uBad + ")");
+  }
+
+  public void testUnboundBad6(@RequestParam String uBadROSearchRequestAsync, @RequestParam String uBadROSRDNAsync,
+      LDAPConnection c) throws LDAPException {
+    ReadOnlySearchRequest s = new SearchRequest(null, "ou=system" + uBadROSRDNAsync, null, null, 1, 1, false,
+        "(uid=" + uBadROSearchRequestAsync + ")");
+    c.asyncSearch(s);
+  }
+
+  public void testUnboundBad7(@RequestParam String uBadSearchRequestAsync, @RequestParam String uBadSRDNAsync, LDAPConnection c)
+      throws LDAPException {
+    SearchRequest s = new SearchRequest(null, "ou=system" + uBadSRDNAsync, null, null, 1, 1, false,
+        "(uid=" + uBadSearchRequestAsync + ")");
+    c.asyncSearch(s);
+  }
+
+  public void testUnboundBad8(@RequestParam String uBadFilterCreateNOT, LDAPConnection c) throws LDAPException {
+    c.search(null, "ou=system", null, null, 1, 1, false, Filter.createNOTFilter(Filter.create(uBadFilterCreateNOT)));
+  }
+
+  public void testUnboundBad9(@RequestParam String uBadFilterCreateToString, LDAPConnection c) throws LDAPException {
+    c.search(null, "ou=system", null, null, 1, 1, false, Filter.create(uBadFilterCreateToString).toString()); // False Negative
+  }
+
+  public void testUnboundBad10(@RequestParam String uBadFilterCreateToStringBuffer, LDAPConnection c) throws LDAPException {
+    StringBuilder b = new StringBuilder();
+    Filter.create(uBadFilterCreateToStringBuffer).toNormalizedString(b);
+    c.search(null, "ou=system", null, null, 1, 1, false, b.toString());
+  }
+  
+  public void testUnboundBad11(@RequestParam String uBadSearchRequestDuplicate, LDAPConnection c)
+      throws LDAPException {
+    SearchRequest s = new SearchRequest(null, "ou=system", null, null, 1, 1, false,
+        "(uid=" + uBadSearchRequestDuplicate + ")");
+    c.search(s.duplicate());
+  }
+
+  public void testUnboundBad12(@RequestParam String uBadROSearchRequestDuplicate, LDAPConnection c)
+      throws LDAPException {
+    ReadOnlySearchRequest s = new SearchRequest(null, "ou=system", null, null, 1, 1, false,
+        "(uid=" + uBadROSearchRequestDuplicate + ")");
+    c.search(s.duplicate());
+  }
+
+  public void testUnboundBad13(@RequestParam String uBadSearchRequestSetDN, LDAPConnection c)
+      throws LDAPException {
+    SearchRequest s = new SearchRequest(null, "", null, null, 1, 1, false, "");
+    s.setBaseDN(uBadSearchRequestSetDN);
+    c.search(s);
+  }
+
+  public void testUnboundBad14(@RequestParam String uBadSearchRequestSetFilter, LDAPConnection c)
+      throws LDAPException {
+    SearchRequest s = new SearchRequest(null, "ou=system", null, null, 1, 1, false, "");
+    s.setFilter(uBadSearchRequestSetFilter);
+    c.search(s);
+  }
+
+  public void testUnboundOk1(@RequestParam String uOkEqualityFilter, LDAPConnection c) throws LDAPSearchException {
+    c.search(null, "ou=system", null, null, 1, 1, false, Filter.createEqualityFilter("uid", uOkEqualityFilter));
+  }
+
+  public void testUnboundOk2(@RequestParam String uOkVaragsAttr, LDAPConnection c) throws LDAPSearchException {
+    c.search("ou=system", null, null, 1, 1, false, "(uid=fixed)", "a" + uOkVaragsAttr);
+  }
+
+  public void testUnboundOk3(@RequestParam String uOkFilterSearchRequest, LDAPConnection c) throws LDAPException {
+    SearchRequest s = new SearchRequest(null, "ou=system", null, null, 1, 1, false,
+        Filter.createEqualityFilter("uid", uOkFilterSearchRequest));
+    c.search(s);
+  }
+
+  public void testUnboundOk4(@RequestParam String uOkSearchRequestVarargs, LDAPConnection c) throws LDAPException {
+    SearchRequest s = new SearchRequest("ou=system", null, "(uid=fixed)", "va1", "va2", "va3",
+        "a" + uOkSearchRequestVarargs);
+    c.search(s);
+  }
+
+  // Spring LDAP
+  public void testSpringBad1(@RequestParam String sBad, @RequestParam String sBadDN, LdapTemplate c) {
+    c.search("ou=system" + sBadDN, "(uid=" + sBad + ")", 1, false, null);
+  }
+
+  public void testSpringBad2(@RequestParam String sBad, @RequestParam String sBadDNLNBuilder, LdapTemplate c) {
+    c.authenticate(LdapNameBuilder.newInstance("ou=system" + sBadDNLNBuilder).build(), "(uid=" + sBad + ")", "pass");
+  }
+
+  public void testSpringBad3(@RequestParam String sBad, @RequestParam String sBadDNLNBuilderAdd, LdapTemplate c) {
+    c.searchForObject(LdapNameBuilder.newInstance().add("ou=system" + sBadDNLNBuilderAdd).build(), "(uid=" + sBad + ")", null);
+  }
+
+  public void testSpringBad4(@RequestParam String sBadLdapQuery, LdapTemplate c) {
+    c.findOne(LdapQueryBuilder.query().filter("(uid=" + sBadLdapQuery + ")"), null);
+  }
+
+  public void testSpringBad5(@RequestParam String sBadFilter, @RequestParam String sBadDNLdapUtils, LdapTemplate c) {
+    c.find(LdapUtils.newLdapName("ou=system" + sBadDNLdapUtils), new HardcodedFilter("(uid=" + sBadFilter + ")"), null, null);
+  }
+
+  public void testSpringBad6(@RequestParam String sBadLdapQuery, LdapTemplate c) {
+    c.searchForContext(LdapQueryBuilder.query().filter("(uid=" + sBadLdapQuery + ")"));
+  }
+
+  public void testSpringBad7(@RequestParam String sBadLdapQuery2, LdapTemplate c) {
+    LdapQuery q = LdapQueryBuilder.query().filter("(uid=" + sBadLdapQuery2 + ")");
+    c.searchForContext(q);
+  }
+
+  public void testSpringBad8(@RequestParam String sBadLdapQueryWithFilter, LdapTemplate c) {
+    c.searchForContext(LdapQueryBuilder.query().filter(new HardcodedFilter("(uid=" + sBadLdapQueryWithFilter + ")")));
+  }
+
+  public void testSpringBad9(@RequestParam String sBadLdapQueryWithFilter2, LdapTemplate c) {
+    org.springframework.ldap.filter.Filter f = new HardcodedFilter("(uid=" + sBadLdapQueryWithFilter2 + ")");
+    c.searchForContext(LdapQueryBuilder.query().filter(f));
+  }
+
+  public void testSpringBad10(@RequestParam String sBadLdapQueryBase, LdapTemplate c) {
+    c.find(LdapQueryBuilder.query().base(sBadLdapQueryBase).base(), null, null, null);
+  }
+
+  public void testSpringBad11(@RequestParam String sBadLdapQueryComplex, LdapTemplate c) {
+    c.searchForContext(LdapQueryBuilder.query().base(sBadLdapQueryComplex).where("uid").is("test"));
+  }
+
+  public void testSpringBad12(@RequestParam String sBadFilterToString, LdapTemplate c) {
+    c.search("", new HardcodedFilter("(uid=" + sBadFilterToString + ")").toString(), 1, false, null); // False Negative
+  }
+
+  public void testSpringBad13(@RequestParam String sBadFilterEncode, LdapTemplate c) {
+    StringBuffer s = new StringBuffer();
+    new HardcodedFilter("(uid=" + sBadFilterEncode + ")").encode(s);
+    c.search("", s.toString(), 1, false, null);
+  }
+
+  public void testSpringOk1(@RequestParam String sOkLdapQuery, LdapTemplate c) {
+    c.find(LdapQueryBuilder.query().filter("(uid={0})", sOkLdapQuery), null);
+  }
+
+  public void testSpringOk2(@RequestParam String sOkFilter, @RequestParam String sOkDN, LdapTemplate c) {
+    c.find(LdapNameBuilder.newInstance().add("ou", sOkDN).build(), new EqualsFilter("uid", sOkFilter), null, null);
+  }
+
+  public void testSpringOk3(@RequestParam String sOkLdapQuery, @RequestParam String sOkPassword, LdapTemplate c) {
+    c.authenticate(LdapQueryBuilder.query().filter("(uid={0})", sOkLdapQuery), sOkPassword);
+  }
+
+  // Apache LDAP API
+  public void testApacheBad1(@RequestParam String aBad, @RequestParam String aBadDN, LdapConnection c)
+      throws LdapException {
+    c.search("ou=system" + aBadDN, "(uid=" + aBad + ")", null);
+  }
+
+  public void testApacheBad2(@RequestParam String aBad, @RequestParam String aBadDNObjToString, LdapNetworkConnection c)
+      throws LdapException {
+    c.search(new Dn("ou=system" + aBadDNObjToString).getName(), "(uid=" + aBad + ")", null); // False Negative
+  }
+
+  public void testApacheBad3(@RequestParam String aBadSearchRequest, LdapConnection c)
+      throws LdapException {
+    org.apache.directory.api.ldap.model.message.SearchRequest s = new SearchRequestImpl();
+    s.setFilter("(uid=" + aBadSearchRequest + ")");
+    c.search(s);
+  }
+
+  public void testApacheBad4(@RequestParam String aBadSearchRequestImpl, @RequestParam String aBadDNObj, LdapConnection c)
+      throws LdapException {
+    SearchRequestImpl s = new SearchRequestImpl();
+    s.setBase(new Dn("ou=system" + aBadDNObj));
+    c.search(s);
+  }
+
+  public void testApacheBad5(@RequestParam String aBadDNSearchRequestGet, LdapConnection c)
+      throws LdapException {
+    org.apache.directory.api.ldap.model.message.SearchRequest s = new SearchRequestImpl();
+    s.setBase(new Dn("ou=system" + aBadDNSearchRequestGet));
+    c.search(s.getBase(), "(uid=test", null);
+  }
+
+  public void testApacheOk1(@RequestParam String aOk, LdapConnection c)
+      throws LdapException {
+    org.apache.directory.api.ldap.model.message.SearchRequest s = new SearchRequestImpl();
+    s.setFilter(new EqualityNode<String>("uid", aOk));
+    c.search(s);
+  }
+
+  public void testApacheOk2(@RequestParam String aOk, LdapConnection c)
+      throws LdapException {
+    SearchRequestImpl s = new SearchRequestImpl();
+    s.setFilter(new EqualityNode<String>("uid", aOk));
+    c.search(s);
+  }
+
+  // ESAPI encoder sanitizer
+  public void testOk3(@RequestParam String okEncodeForLDAP, DirContext ctx) throws NamingException {
+    Encoder encoder = DefaultEncoder.getInstance();
+    ctx.search("ou=system", "(uid=" + encoder.encodeForLDAP(okEncodeForLDAP) + ")", new SearchControls()); // False Positive
+  }
+
+  // Spring LdapEncoder sanitizer
+  public void testOk4(@RequestParam String okFilterEncode, DirContext ctx) throws NamingException {
+    ctx.search("ou=system", "(uid=" + LdapEncoder.filterEncode(okFilterEncode) + ")", new SearchControls()); // False Positive
+  }
+
+  // UnboundID Filter.encodeValue sanitizer
+  public void testOk5(@RequestParam String okUnboundEncodeValue, DirContext ctx) throws NamingException {
+    ctx.search("ou=system", "(uid=" + Filter.encodeValue(okUnboundEncodeValue) + ")", new SearchControls());
+  }
+}
--- a/java/ql/test/query-tests/security/CWE-090/LdapInjection.qlref
+++ b/java/ql/test/query-tests/security/CWE-090/LdapInjection.qlref
@@ -0,0 +1 @@
+Security/CWE/CWE-90/LdapInjection.ql
--- a/java/ql/test/query-tests/security/CWE-090/options
+++ b/java/ql/test/query-tests/security/CWE-090/options
@@ -0,0 +1 @@
+//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/springframework-5.2.3:${testdir}/../../../stubs/spring-ldap-2.3.2:${testdir}/../../../stubs/unboundid-ldap-4.0.14:${testdir}/../../../stubs/esapi-2.0.1:${testdir}/../../../stubs/apache-ldap-1.0.2
--- a/java/ql/test/stubs/apache-ldap-1.0.2/org/apache/directory/api/ldap/model/cursor/EntryCursor.java
+++ b/java/ql/test/stubs/apache-ldap-1.0.2/org/apache/directory/api/ldap/model/cursor/EntryCursor.java
@@ -0,0 +1,4 @@
+package org.apache.directory.api.ldap.model.cursor;
+
+public interface EntryCursor {
+}
--- a/java/ql/test/stubs/apache-ldap-1.0.2/org/apache/directory/api/ldap/model/cursor/SearchCursor.java
+++ b/java/ql/test/stubs/apache-ldap-1.0.2/org/apache/directory/api/ldap/model/cursor/SearchCursor.java
@@ -0,0 +1,4 @@
+package org.apache.directory.api.ldap.model.cursor;
+
+public interface SearchCursor {
+}
--- a/java/ql/test/stubs/apache-ldap-1.0.2/org/apache/directory/api/ldap/model/entry/Value.java
+++ b/java/ql/test/stubs/apache-ldap-1.0.2/org/apache/directory/api/ldap/model/entry/Value.java
@@ -0,0 +1,4 @@
+package org.apache.directory.api.ldap.model.entry;
+
+public interface Value<T> {
+}
--- a/java/ql/test/stubs/apache-ldap-1.0.2/org/apache/directory/api/ldap/model/exception/LdapException.java
+++ b/java/ql/test/stubs/apache-ldap-1.0.2/org/apache/directory/api/ldap/model/exception/LdapException.java
@@ -0,0 +1,4 @@
+package org.apache.directory.api.ldap.model.exception;
+
+public class LdapException extends Exception {
+}
--- a/java/ql/test/stubs/apache-ldap-1.0.2/org/apache/directory/api/ldap/model/exception/LdapInvalidDnException.java
+++ b/java/ql/test/stubs/apache-ldap-1.0.2/org/apache/directory/api/ldap/model/exception/LdapInvalidDnException.java
@@ -0,0 +1,4 @@
+package org.apache.directory.api.ldap.model.exception;
+
+public class LdapInvalidDnException extends LdapException {
+}
--- a/java/ql/test/stubs/apache-ldap-1.0.2/org/apache/directory/api/ldap/model/filter/EqualityNode.java
+++ b/java/ql/test/stubs/apache-ldap-1.0.2/org/apache/directory/api/ldap/model/filter/EqualityNode.java
@@ -0,0 +1,8 @@
+package org.apache.directory.api.ldap.model.filter;
+
+import org.apache.directory.api.ldap.model.entry.Value;
+
+public class EqualityNode<T> implements ExprNode {
+  public EqualityNode(String attribute, Value<T> value) { }
+  public EqualityNode(String attribute, String value) { }
+}
--- a/java/ql/test/stubs/apache-ldap-1.0.2/org/apache/directory/api/ldap/model/filter/ExprNode.java
+++ b/java/ql/test/stubs/apache-ldap-1.0.2/org/apache/directory/api/ldap/model/filter/ExprNode.java
@@ -0,0 +1,4 @@
+package org.apache.directory.api.ldap.model.filter;
+
+public interface ExprNode {
+}
--- a/java/ql/test/stubs/apache-ldap-1.0.2/org/apache/directory/api/ldap/model/message/SearchRequest.java
+++ b/java/ql/test/stubs/apache-ldap-1.0.2/org/apache/directory/api/ldap/model/message/SearchRequest.java
@@ -0,0 +1,12 @@
+package org.apache.directory.api.ldap.model.message;
+
+import org.apache.directory.api.ldap.model.exception.LdapException;
+import org.apache.directory.api.ldap.model.name.Dn;
+import org.apache.directory.api.ldap.model.filter.ExprNode;
+
+public interface SearchRequest {
+  Dn getBase();
+  SearchRequest setBase(Dn baseDn);
+  SearchRequest setFilter(ExprNode filter);
+  SearchRequest setFilter(String filter) throws LdapException;
+}
--- a/java/ql/test/stubs/apache-ldap-1.0.2/org/apache/directory/api/ldap/model/message/SearchRequestImpl.java
+++ b/java/ql/test/stubs/apache-ldap-1.0.2/org/apache/directory/api/ldap/model/message/SearchRequestImpl.java
@@ -0,0 +1,12 @@
+package org.apache.directory.api.ldap.model.message;
+
+import org.apache.directory.api.ldap.model.exception.LdapException;
+import org.apache.directory.api.ldap.model.name.Dn;
+import org.apache.directory.api.ldap.model.filter.ExprNode;
+
+public class SearchRequestImpl implements SearchRequest {
+  public Dn getBase() { return null; }
+  public SearchRequest setBase(Dn baseDn) { return null; }
+  public SearchRequest setFilter(ExprNode filter) { return null; }
+  public SearchRequest setFilter(String filter) throws LdapException { return null; }
+}
--- a/java/ql/test/stubs/apache-ldap-1.0.2/org/apache/directory/api/ldap/model/message/SearchScope.java
+++ b/java/ql/test/stubs/apache-ldap-1.0.2/org/apache/directory/api/ldap/model/message/SearchScope.java
@@ -0,0 +1,4 @@
+package org.apache.directory.api.ldap.model.message;
+
+public enum SearchScope {
+}
--- a/java/ql/test/stubs/apache-ldap-1.0.2/org/apache/directory/api/ldap/model/name/Dn.java
+++ b/java/ql/test/stubs/apache-ldap-1.0.2/org/apache/directory/api/ldap/model/name/Dn.java
@@ -0,0 +1,8 @@
+package org.apache.directory.api.ldap.model.name;
+
+import org.apache.directory.api.ldap.model.exception.LdapInvalidDnException;
+
+public class Dn {
+  public Dn(String... upRdns) throws LdapInvalidDnException { }
+  public String getName() { return null; }
+}
--- a/java/ql/test/stubs/apache-ldap-1.0.2/org/apache/directory/ldap/client/api/LdapConnection.java
+++ b/java/ql/test/stubs/apache-ldap-1.0.2/org/apache/directory/ldap/client/api/LdapConnection.java
@@ -0,0 +1,17 @@
+package org.apache.directory.ldap.client.api;
+
+import org.apache.directory.api.ldap.model.exception.LdapException;
+import org.apache.directory.api.ldap.model.cursor.EntryCursor;
+import org.apache.directory.api.ldap.model.cursor.SearchCursor;
+import org.apache.directory.api.ldap.model.message.SearchRequest;
+import org.apache.directory.api.ldap.model.message.SearchScope;
+import org.apache.directory.api.ldap.model.name.Dn;
+
+public interface LdapConnection {
+  SearchCursor search(SearchRequest searchRequest) throws LdapException;
+
+  EntryCursor search(String baseDn, String filter, SearchScope scope, String... attributes) throws LdapException;
+
+  EntryCursor search(Dn baseDn, String filter, SearchScope scope, String... attributes) throws LdapException;
+
+}
--- a/java/ql/test/stubs/apache-ldap-1.0.2/org/apache/directory/ldap/client/api/LdapNetworkConnection.java
+++ b/java/ql/test/stubs/apache-ldap-1.0.2/org/apache/directory/ldap/client/api/LdapNetworkConnection.java
@@ -0,0 +1,9 @@
+package org.apache.directory.ldap.client.api;
+
+import org.apache.directory.api.ldap.model.exception.LdapException;
+import org.apache.directory.api.ldap.model.cursor.EntryCursor;
+import org.apache.directory.api.ldap.model.message.SearchScope;
+
+public class LdapNetworkConnection /*implements LdapConnection*/ {
+  public EntryCursor search(String baseDn, String filter, SearchScope scope, String... attributes) throws LdapException { return null; }
+}
--- a/java/ql/test/stubs/esapi-2.0.1/org/owasp/esapi/Encoder.java
+++ b/java/ql/test/stubs/esapi-2.0.1/org/owasp/esapi/Encoder.java
@@ -0,0 +1,5 @@
+package org.owasp.esapi;
+
+public interface Encoder {
+  String encodeForLDAP(String input);
+}
--- a/java/ql/test/stubs/esapi-2.0.1/org/owasp/esapi/reference/DefaultEncoder.java
+++ b/java/ql/test/stubs/esapi-2.0.1/org/owasp/esapi/reference/DefaultEncoder.java
@@ -0,0 +1,8 @@
+package org.owasp.esapi.reference;
+
+import org.owasp.esapi.Encoder;
+
+public class DefaultEncoder implements Encoder {
+  public static Encoder getInstance() { return null; }
+  public String encodeForLDAP(String input) { return input; }
+}
--- a/java/ql/test/stubs/spring-ldap-2.3.2/org/springframework/ldap/core/ContextMapper.java
+++ b/java/ql/test/stubs/spring-ldap-2.3.2/org/springframework/ldap/core/ContextMapper.java
@@ -0,0 +1,4 @@
+package org.springframework.ldap.core;
+
+public interface ContextMapper<T> {
+}
--- a/java/ql/test/stubs/spring-ldap-2.3.2/org/springframework/ldap/core/DirContextOperations.java
+++ b/java/ql/test/stubs/spring-ldap-2.3.2/org/springframework/ldap/core/DirContextOperations.java
@@ -0,0 +1,4 @@
+package org.springframework.ldap.core;
+
+public interface DirContextOperations {
+}
--- a/java/ql/test/stubs/spring-ldap-2.3.2/org/springframework/ldap/core/LdapTemplate.java
+++ b/java/ql/test/stubs/spring-ldap-2.3.2/org/springframework/ldap/core/LdapTemplate.java
@@ -0,0 +1,28 @@
+package org.springframework.ldap.core;
+
+import java.util.*;
+
+import javax.naming.Name;
+import javax.naming.directory.SearchControls;
+
+import org.springframework.ldap.filter.Filter;
+
+import org.springframework.ldap.query.LdapQuery;
+
+public class LdapTemplate {
+  public void authenticate(LdapQuery query, String password) { }
+
+  public boolean authenticate(Name base, String filter, String password) { return true; }
+
+  public <T> List<T> find(Name base, Filter filter, SearchControls searchControls, final Class<T> clazz) { return null; }
+
+  public <T> List<T> find(LdapQuery query, Class<T> clazz) { return null; }
+
+  public <T> T findOne(LdapQuery query, Class<T> clazz) { return null; }
+
+  public void search(String base, String filter, int searchScope, boolean returningObjFlag, NameClassPairCallbackHandler handler) { }
+
+  public DirContextOperations searchForContext(LdapQuery query) { return null; }
+
+  public <T> T searchForObject(Name base, String filter, ContextMapper<T> mapper) { return null; }
+}
--- a/java/ql/test/stubs/spring-ldap-2.3.2/org/springframework/ldap/core/NameClassPairCallbackHandler.java
+++ b/java/ql/test/stubs/spring-ldap-2.3.2/org/springframework/ldap/core/NameClassPairCallbackHandler.java
@@ -0,0 +1,3 @@
+package org.springframework.ldap.core;
+
+public interface NameClassPairCallbackHandler { }
--- a/java/ql/test/stubs/spring-ldap-2.3.2/org/springframework/ldap/filter/EqualsFilter.java
+++ b/java/ql/test/stubs/spring-ldap-2.3.2/org/springframework/ldap/filter/EqualsFilter.java
@@ -0,0 +1,5 @@
+package org.springframework.ldap.filter;
+
+public class EqualsFilter implements Filter {
+  public EqualsFilter(String attribute, String value) { }
+}
--- a/java/ql/test/stubs/spring-ldap-2.3.2/org/springframework/ldap/filter/Filter.java
+++ b/java/ql/test/stubs/spring-ldap-2.3.2/org/springframework/ldap/filter/Filter.java
@@ -0,0 +1,4 @@
+package org.springframework.ldap.filter;
+
+public interface Filter {
+}
--- a/java/ql/test/stubs/spring-ldap-2.3.2/org/springframework/ldap/filter/HardcodedFilter.java
+++ b/java/ql/test/stubs/spring-ldap-2.3.2/org/springframework/ldap/filter/HardcodedFilter.java
@@ -0,0 +1,6 @@
+package org.springframework.ldap.filter;
+
+public class HardcodedFilter implements Filter {
+  public HardcodedFilter(String filter) { }
+  public StringBuffer encode(StringBuffer buff) { return buff; }
+}
--- a/java/ql/test/stubs/spring-ldap-2.3.2/org/springframework/ldap/query/ConditionCriteria.java
+++ b/java/ql/test/stubs/spring-ldap-2.3.2/org/springframework/ldap/query/ConditionCriteria.java
@@ -0,0 +1,5 @@
+package org.springframework.ldap.query;
+
+public interface ConditionCriteria {
+  ContainerCriteria is(String value);
+}
--- a/java/ql/test/stubs/spring-ldap-2.3.2/org/springframework/ldap/query/ContainerCriteria.java
+++ b/java/ql/test/stubs/spring-ldap-2.3.2/org/springframework/ldap/query/ContainerCriteria.java
@@ -0,0 +1,4 @@
+package org.springframework.ldap.query;
+
+public interface ContainerCriteria extends LdapQuery {
+}
--- a/java/ql/test/stubs/spring-ldap-2.3.2/org/springframework/ldap/query/LdapQuery.java
+++ b/java/ql/test/stubs/spring-ldap-2.3.2/org/springframework/ldap/query/LdapQuery.java
@@ -0,0 +1,4 @@
+package org.springframework.ldap.query;
+
+public interface LdapQuery {
+}
--- a/java/ql/test/stubs/spring-ldap-2.3.2/org/springframework/ldap/query/LdapQueryBuilder.java
+++ b/java/ql/test/stubs/spring-ldap-2.3.2/org/springframework/ldap/query/LdapQueryBuilder.java
@@ -0,0 +1,14 @@
+package org.springframework.ldap.query;
+
+import javax.naming.Name;
+import org.springframework.ldap.filter.Filter;
+
+public class LdapQueryBuilder {
+  public static LdapQueryBuilder query() { return null; }
+  public LdapQuery filter(String hardcodedFilter) { return null; }
+  public LdapQuery filter(Filter filter) { return null; }
+  public LdapQuery filter(String filterFormat, Object... params) { return null; }
+  public LdapQueryBuilder base(String baseDn) { return this; }
+  public Name base() { return null; }
+  public ConditionCriteria where(String attribute) { return null; }
+}
--- a/java/ql/test/stubs/spring-ldap-2.3.2/org/springframework/ldap/support/LdapEncoder.java
+++ b/java/ql/test/stubs/spring-ldap-2.3.2/org/springframework/ldap/support/LdapEncoder.java
@@ -0,0 +1,5 @@
+package org.springframework.ldap.support;
+
+public class LdapEncoder {
+  public static String filterEncode(String value) { return value; }
+}
--- a/java/ql/test/stubs/spring-ldap-2.3.2/org/springframework/ldap/support/LdapNameBuilder.java
+++ b/java/ql/test/stubs/spring-ldap-2.3.2/org/springframework/ldap/support/LdapNameBuilder.java
@@ -0,0 +1,12 @@
+package org.springframework.ldap.support;
+
+import javax.naming.ldap.LdapName;
+
+public class LdapNameBuilder {
+  public static LdapNameBuilder newInstance() { return null; }
+  public static LdapNameBuilder newInstance(String name) { return null; }
+
+  public LdapNameBuilder add(String name) { return null; }
+  public LdapNameBuilder add(String key, Object value) { return null; }
+  public LdapName build() { return null; }
+}
--- a/java/ql/test/stubs/spring-ldap-2.3.2/org/springframework/ldap/support/LdapUtils.java
+++ b/java/ql/test/stubs/spring-ldap-2.3.2/org/springframework/ldap/support/LdapUtils.java
@@ -0,0 +1,7 @@
+package org.springframework.ldap.support;
+
+import javax.naming.ldap.LdapName;
+
+public class LdapUtils {
+  public static LdapName newLdapName(String distinguishedName) { return null; }
+}
--- a/java/ql/test/stubs/springframework-5.2.3/org/springframework/web/bind/annotation/RequestParam.java
+++ b/java/ql/test/stubs/springframework-5.2.3/org/springframework/web/bind/annotation/RequestParam.java
@@ -0,0 +1,8 @@
+package org.springframework.web.bind.annotation;
+
+import java.lang.annotation.*;
+
+@Target(value=ElementType.PARAMETER)
+@Retention(value=RetentionPolicy.RUNTIME)
+@Documented
+public @interface RequestParam { }
--- a/java/ql/test/stubs/unboundid-ldap-4.0.14/com/unboundid/ldap/sdk/AsyncRequestID.java
+++ b/java/ql/test/stubs/unboundid-ldap-4.0.14/com/unboundid/ldap/sdk/AsyncRequestID.java
@@ -0,0 +1,3 @@
+package com.unboundid.ldap.sdk;
+
+public class AsyncRequestID { }
--- a/java/ql/test/stubs/unboundid-ldap-4.0.14/com/unboundid/ldap/sdk/DereferencePolicy.java
+++ b/java/ql/test/stubs/unboundid-ldap-4.0.14/com/unboundid/ldap/sdk/DereferencePolicy.java
@@ -0,0 +1,3 @@
+package com.unboundid.ldap.sdk;
+
+public class DereferencePolicy { }
--- a/java/ql/test/stubs/unboundid-ldap-4.0.14/com/unboundid/ldap/sdk/Filter.java
+++ b/java/ql/test/stubs/unboundid-ldap-4.0.14/com/unboundid/ldap/sdk/Filter.java
@@ -0,0 +1,13 @@
+package com.unboundid.ldap.sdk;
+
+public class Filter {
+  public static Filter create(java.lang.String filterString) throws LDAPException { return null; }
+
+  public static Filter createNOTFilter(Filter notComponent) { return null; }
+
+  public static Filter createEqualityFilter(java.lang.String attributeName, java.lang.String assertionValue) { return null; }
+
+  public static java.lang.String encodeValue(java.lang.String value) { return null; }
+
+  public void toNormalizedString(java.lang.StringBuilder buffer) { }
+}
--- a/java/ql/test/stubs/unboundid-ldap-4.0.14/com/unboundid/ldap/sdk/LDAPConnection.java
+++ b/java/ql/test/stubs/unboundid-ldap-4.0.14/com/unboundid/ldap/sdk/LDAPConnection.java
@@ -0,0 +1,21 @@
+package com.unboundid.ldap.sdk;
+
+public class LDAPConnection {
+  public AsyncRequestID asyncSearch(ReadOnlySearchRequest searchRequest) throws LDAPException { return null; }
+  public AsyncRequestID asyncSearch(SearchRequest searchRequest) throws LDAPException { return null; }
+
+  public SearchResult search(ReadOnlySearchRequest searchRequest) throws LDAPSearchException { return null; }
+  public SearchResult search(SearchRequest searchRequest) throws LDAPSearchException { return null; }
+
+  public SearchResult search(SearchResultListener searchResultListener, String baseDN, SearchScope scope, DereferencePolicy derefPolicy,
+                  int sizeLimit, int timeLimit, boolean typesOnly, Filter filter, String... attributes) throws LDAPSearchException { return null; }
+
+  public SearchResult search(SearchResultListener searchResultListener, String baseDN, SearchScope scope, DereferencePolicy derefPolicy,
+                  int sizeLimit, int timeLimit, boolean typesOnly, String filter, String... attributes) throws LDAPSearchException { return null; }
+
+  public SearchResult search(String baseDN, SearchScope scope, DereferencePolicy derefPolicy, int sizeLimit, int timeLimit,
+                  boolean typesOnly, String filter, String... attributes) throws LDAPSearchException { return null; }
+
+  public SearchResultEntry searchForEntry(String baseDN, SearchScope scope, DereferencePolicy derefPolicy, int timeLimit,
+                   boolean typesOnly, String filter, String... attributes) throws LDAPSearchException { return null; }
+}
--- a/java/ql/test/stubs/unboundid-ldap-4.0.14/com/unboundid/ldap/sdk/LDAPException.java
+++ b/java/ql/test/stubs/unboundid-ldap-4.0.14/com/unboundid/ldap/sdk/LDAPException.java
@@ -0,0 +1,3 @@
+package com.unboundid.ldap.sdk;
+
+public class LDAPException extends Exception { }
--- a/java/ql/test/stubs/unboundid-ldap-4.0.14/com/unboundid/ldap/sdk/LDAPSearchException.java
+++ b/java/ql/test/stubs/unboundid-ldap-4.0.14/com/unboundid/ldap/sdk/LDAPSearchException.java
@@ -0,0 +1,3 @@
+package com.unboundid.ldap.sdk;
+
+public class LDAPSearchException extends LDAPException { }
--- a/java/ql/test/stubs/unboundid-ldap-4.0.14/com/unboundid/ldap/sdk/ReadOnlySearchRequest.java
+++ b/java/ql/test/stubs/unboundid-ldap-4.0.14/com/unboundid/ldap/sdk/ReadOnlySearchRequest.java
@@ -0,0 +1,5 @@
+package com.unboundid.ldap.sdk;
+
+public interface ReadOnlySearchRequest {
+  SearchRequest duplicate();
+}
--- a/java/ql/test/stubs/unboundid-ldap-4.0.14/com/unboundid/ldap/sdk/SearchRequest.java
+++ b/java/ql/test/stubs/unboundid-ldap-4.0.14/com/unboundid/ldap/sdk/SearchRequest.java
@@ -0,0 +1,17 @@
+package com.unboundid.ldap.sdk;
+
+public class SearchRequest implements ReadOnlySearchRequest {
+  public SearchRequest(String baseDN, SearchScope scope, String filter, String... attributes) throws LDAPException { }
+
+  public SearchRequest(SearchResultListener searchResultListener, String baseDN, SearchScope scope, DereferencePolicy derefPolicy,
+             int sizeLimit, int timeLimit, boolean typesOnly, Filter filter, String... attributes) { }
+
+  public SearchRequest(SearchResultListener searchResultListener, String baseDN, SearchScope scope, DereferencePolicy derefPolicy,
+             int sizeLimit, int timeLimit, boolean typesOnly, String filter, String... attributes) throws LDAPException { }
+
+  public SearchRequest duplicate() { return null; }
+
+  public void setBaseDN(String baseDN) { }
+
+  public void setFilter(String filter) throws LDAPException { }
+}
--- a/java/ql/test/stubs/unboundid-ldap-4.0.14/com/unboundid/ldap/sdk/SearchResult.java
+++ b/java/ql/test/stubs/unboundid-ldap-4.0.14/com/unboundid/ldap/sdk/SearchResult.java
@@ -0,0 +1,3 @@
+package com.unboundid.ldap.sdk;
+
+public class SearchResult { }
--- a/java/ql/test/stubs/unboundid-ldap-4.0.14/com/unboundid/ldap/sdk/SearchResultEntry.java
+++ b/java/ql/test/stubs/unboundid-ldap-4.0.14/com/unboundid/ldap/sdk/SearchResultEntry.java
@@ -0,0 +1,3 @@
+package com.unboundid.ldap.sdk;
+
+public class SearchResultEntry { }
--- a/java/ql/test/stubs/unboundid-ldap-4.0.14/com/unboundid/ldap/sdk/SearchResultListener.java
+++ b/java/ql/test/stubs/unboundid-ldap-4.0.14/com/unboundid/ldap/sdk/SearchResultListener.java
@@ -0,0 +1,3 @@
+package com.unboundid.ldap.sdk;
+
+public interface SearchResultListener { }
--- a/java/ql/test/stubs/unboundid-ldap-4.0.14/com/unboundid/ldap/sdk/SearchScope.java
+++ b/java/ql/test/stubs/unboundid-ldap-4.0.14/com/unboundid/ldap/sdk/SearchScope.java
@@ -0,0 +1,3 @@
+package com.unboundid.ldap.sdk;
+
+public class SearchScope { }
				`@@ -0,0 +1 @@`
				`//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/springframework-5.2.3:${testdir}/../../../stubs/spring-ldap-2.3.2:${testdir}/../../../stubs/unboundid-ldap-4.0.14:${testdir}/../../../stubs/esapi-2.0.1:${testdir}/../../../stubs/apache-ldap-1.0.2`