Skip to content

Commit 081ad03

Browse files
Copilotowen-mc
Copilot
and
owen-mc
authored
Add Hibernate SQL injection sink tests
Agent-Logs-Url: https://github.com/github/codeql/sessions/2e7aecca-63ea-489f-8b87-4cc557655919 Co-authored-by: owen-mc <62447351+owen-mc@users.noreply.github.com>
1 parent 7b897ad commit 081ad03

6 files changed

Lines changed: 57 additions & 1 deletion

File tree

java/ql/test/query-tests/security/CWE-089/semmle/examples/Hibernate.java

Lines changed: 21 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,21 @@
1+
import org.hibernate.Session;
2+
import org.hibernate.SharedSessionContract;
3+
import org.hibernate.query.QueryProducer;
4+
5+
public class Hibernate {
6+
7+
public static String source() { return null; }
8+
9+
public static void test(
10+
Session session, SharedSessionContract sharedSessionContract, QueryProducer queryProducer) {
11+
session.createQuery(source()); // $ sqlInjection
12+
session.createSQLQuery(source()); // $ sqlInjection
13+
14+
sharedSessionContract.createQuery(source()); // $ sqlInjection
15+
sharedSessionContract.createSQLQuery(source()); // $ sqlInjection
16+
17+
queryProducer.createNativeQuery(source()); // $ sqlInjection
18+
queryProducer.createQuery(source()); // $ sqlInjection
19+
queryProducer.createSQLQuery(source()); // $ sqlInjection
20+
}
21+
}

java/ql/test/query-tests/security/CWE-089/semmle/examples/options

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1 +1 @@
1-
//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../../stubs/mongodbClient:${testdir}/../../../../../stubs/couchbaseClient:${testdir}/../../../../../stubs/springframework-5.8.x:${testdir}/../../../../../stubs/apache-hive:${testdir}/../../../../../stubs/jakarta-persistence-api-3.2.0 --release 21
1+
//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../../stubs/mongodbClient:${testdir}/../../../../../stubs/couchbaseClient:${testdir}/../../../../../stubs/springframework-5.8.x:${testdir}/../../../../../stubs/apache-hive:${testdir}/../../../../../stubs/jakarta-persistence-api-3.2.0:${testdir}/../../../../../stubs/hibernate-5.x --release 21

java/ql/test/stubs/hibernate-5.x/org/hibernate/Session.java

Lines changed: 10 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

java/ql/test/stubs/hibernate-5.x/org/hibernate/SharedSessionContract.java

Lines changed: 11 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

java/ql/test/stubs/hibernate-5.x/org/hibernate/query/Query.java

Lines changed: 4 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

java/ql/test/stubs/hibernate-5.x/org/hibernate/query/QueryProducer.java

Lines changed: 10 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)