cklin
diff --git a/‎java/ql/lib/semmle/code/java/security/JndiInjection.qll
Lines changed: 6 additions & 1 deletion b/‎java/ql/lib/semmle/code/java/security/JndiInjection.qll
Lines changed: 6 additions & 1 deletion
diff --git a/‎java/ql/test/query-tests/security/CWE-074/JndiInjectionTest.java
Lines changed: 10 additions & 0 deletions b/‎java/ql/test/query-tests/security/CWE-074/JndiInjectionTest.java
Lines changed: 10 additions & 0 deletions
diff --git a/‎java/ql/test/query-tests/security/CWE-074/options
Lines changed: 1 addition & 1 deletion b/‎java/ql/test/query-tests/security/CWE-074/options
Lines changed: 1 addition & 1 deletion
diff --git a/‎java/ql/test/stubs/shiro-core-1.5.2/org/apache/shiro/jndi/JndiCallback.java
Lines changed: 10 additions & 0 deletions b/‎java/ql/test/stubs/shiro-core-1.5.2/org/apache/shiro/jndi/JndiCallback.java
Lines changed: 10 additions & 0 deletions
diff --git a/‎java/ql/test/stubs/shiro-core-1.5.2/org/apache/shiro/jndi/JndiTemplate.java
Lines changed: 19 additions & 10 deletions b/‎java/ql/test/stubs/shiro-core-1.5.2/org/apache/shiro/jndi/JndiTemplate.java
Lines changed: 19 additions & 10 deletions
diff --git a/‎java/ql/test/stubs/spring-ldap-2.3.2/org/springframework/LdapDataEntry.java
Lines changed: 25 additions & 0 deletions b/‎java/ql/test/stubs/spring-ldap-2.3.2/org/springframework/LdapDataEntry.java
Lines changed: 25 additions & 0 deletions
diff --git a/‎java/ql/test/stubs/spring-ldap-2.3.2/org/springframework/ldap/core/AttributeModificationsAware.java
Lines changed: 10 additions & 0 deletions b/‎java/ql/test/stubs/spring-ldap-2.3.2/org/springframework/ldap/core/AttributeModificationsAware.java
Lines changed: 10 additions & 0 deletions
diff --git a/‎java/ql/test/stubs/spring-ldap-2.3.2/org/springframework/ldap/core/AttributesMapper.java
Lines changed: 8 additions & 1 deletion b/‎java/ql/test/stubs/spring-ldap-2.3.2/org/springframework/ldap/core/AttributesMapper.java
Lines changed: 8 additions & 1 deletion
diff --git a/‎java/ql/test/stubs/spring-ldap-2.3.2/org/springframework/ldap/core/AuthenticatedLdapEntryContextCallback.java
Lines changed: 11 additions & 0 deletions b/‎java/ql/test/stubs/spring-ldap-2.3.2/org/springframework/ldap/core/AuthenticatedLdapEntryContextCallback.java
Lines changed: 11 additions & 0 deletions
diff --git a/‎java/ql/test/stubs/spring-ldap-2.3.2/org/springframework/ldap/core/AuthenticatedLdapEntryContextMapper.java
Lines changed: 11 additions & 0 deletions b/‎java/ql/test/stubs/spring-ldap-2.3.2/org/springframework/ldap/core/AuthenticatedLdapEntryContextMapper.java
Lines changed: 11 additions & 0 deletions
@@ -88,7 +88,12 @@ private class DefaultJndiInjectionSinkModel extends SinkModelCsv {
         // Spring
         "org.springframework.jndi;JndiTemplate;false;lookup;;;Argument[0];jndi-injection",
         // spring-ldap 1.2.x and newer
-        "org.springframework.ldap.core;LdapOperations;true;lookup;;;Argument[0];jndi-injection",
+        "org.springframework.ldap.core;LdapOperations;true;lookup;(Name);;Argument[0];jndi-injection",
+        "org.springframework.ldap.core;LdapOperations;true;lookup;(Name,ContextMapper);;Argument[0];jndi-injection",
+        "org.springframework.ldap.core;LdapOperations;true;lookup;(Name,String[],ContextMapper);;Argument[0];jndi-injection",
+        "org.springframework.ldap.core;LdapOperations;true;lookup;(String);;Argument[0];jndi-injection",
+        "org.springframework.ldap.core;LdapOperations;true;lookup;(String,ContextMapper);;Argument[0];jndi-injection",
+        "org.springframework.ldap.core;LdapOperations;true;lookup;(String,String[],ContextMapper);;Argument[0];jndi-injection",
         "org.springframework.ldap.core;LdapOperations;true;lookupContext;;;Argument[0];jndi-injection",
         "org.springframework.ldap.core;LdapOperations;true;findByDn;;;Argument[0];jndi-injection",
         "org.springframework.ldap.core;LdapOperations;true;rename;;;Argument[0];jndi-injection",
 
@@ -110,7 +110,17 @@ public void testSpringLdapTemplateBad1(@RequestParam String nameStr) throws Nami
     LdapTemplate ctx = new LdapTemplate();
     Name name = new CompositeName().add(nameStr);
 
+    ctx.lookup(name); // $hasJndiInjection
+    ctx.lookup(name, (AttributesMapper) null); // Safe
+    ctx.lookup(name, (ContextMapper) null); // $hasJndiInjection
+    ctx.lookup(name, new String[] {}, (AttributesMapper) null); // Safe
+    ctx.lookup(name, new String[] {}, (ContextMapper) null); // $hasJndiInjection
     ctx.lookup(nameStr); // $hasJndiInjection
+    ctx.lookup(nameStr, (AttributesMapper) null); // Safe
+    ctx.lookup(nameStr, (ContextMapper) null); // $hasJndiInjection
+    ctx.lookup(nameStr, new String[] {}, (AttributesMapper) null); // Safe
+    ctx.lookup(nameStr, new String[] {}, (ContextMapper) null); // $hasJndiInjection
+    ctx.lookupContext(name); // $hasJndiInjection
     ctx.lookupContext(nameStr); // $hasJndiInjection
     ctx.findByDn(name, null); // $hasJndiInjection
     ctx.rename(name, null); // $hasJndiInjection
 
@@ -1 +1 @@
-//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/springframework-5.3.8:${testdir}/../../../stubs/shiro-core-1.5.2:${testdir}/../../../stubs/spring-ldap-2.3.2:${testdir}/../../../stubs/Saxon-HE-9.9.1-7
+//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/springframework-5.3.8:${testdir}/../../../stubs/shiro-core-1.5.2:${testdir}/../../../stubs/spring-ldap-2.3.2:${testdir}/../../../stubs/Saxon-HE-9.9.1-7:${testdir}/../../../stubs/apache-commons-logging-1.2
Original file line number	Diff line number	Diff line change
`@@ -1 +1 @@`
`1`		`-//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/springframework-5.3.8:${testdir}/../../../stubs/shiro-core-1.5.2:${testdir}/../../../stubs/spring-ldap-2.3.2:${testdir}/../../../stubs/Saxon-HE-9.9.1-7`
	`1`	`+//semmle-extractor-options: --javac-args -cp ${testdir}/../../../stubs/springframework-5.3.8:${testdir}/../../../stubs/shiro-core-1.5.2:${testdir}/../../../stubs/spring-ldap-2.3.2:${testdir}/../../../stubs/Saxon-HE-9.9.1-7:${testdir}/../../../stubs/apache-commons-logging-1.2`