github
diff --git a/‎java/ql/src/experimental/Security/CWE/CWE-020/Log4jJndiInjection.ql
Lines changed: 6 additions & 1 deletion b/‎java/ql/src/experimental/Security/CWE/CWE-020/Log4jJndiInjection.ql
Lines changed: 6 additions & 1 deletion
@@ -136,10 +136,15 @@ private class Log4jLoggingSinkModels extends SinkModelCsv {
         "org.apache.logging.log4j;LogBuilder;true;log;(String,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object);;Argument[0..10];log4j",
         "org.apache.logging.log4j;LogBuilder;true;log;(String,Supplier[]);;Argument[0..1];log4j",
         "org.apache.logging.log4j;LogBuilder;true;log;(Supplier);;Argument[0];log4j",
-        // org.apache.logging.log4j.ThreadContet
+        // org.apache.logging.log4j.ThreadContext
         "org.apache.logging.log4j;ThreadContext;false;put;;;Argument[1];log4j",
         "org.apache.logging.log4j;ThreadContext;false;putIfNull;;;Argument[1];log4j",
         "org.apache.logging.log4j;ThreadContext;false;putAll;;;Argument[0];log4j",
+        // org.apache.logging.log4j.CloseableThreadContext
+        "org.apache.logging.log4j;CloseableThreadContext;false;put;;;Argument[1];log4j",
+        "org.apache.logging.log4j;CloseableThreadContext;false;putAll;;;Argument[0];log4j",
+        "org.apache.logging.log4j;CloseableThreadContext$Instance;false;put;;;Argument[1];log4j",
+        "org.apache.logging.log4j;CloseableThreadContext$Instance;false;putAll;;;Argument[0];log4j",
       ]
   }
 }
Original file line number	Diff line number	Diff line change
`@@ -136,10 +136,15 @@ private class Log4jLoggingSinkModels extends SinkModelCsv {`
`136`	`136`	`"org.apache.logging.log4j;LogBuilder;true;log;(String,Object,Object,Object,Object,Object,Object,Object,Object,Object,Object);;Argument[0..10];log4j",`
`137`	`137`	`"org.apache.logging.log4j;LogBuilder;true;log;(String,Supplier[]);;Argument[0..1];log4j",`
`138`	`138`	`"org.apache.logging.log4j;LogBuilder;true;log;(Supplier);;Argument[0];log4j",`
`139`		`- // org.apache.logging.log4j.ThreadContet`
	`139`	`+ // org.apache.logging.log4j.ThreadContext`
`140`	`140`	`"org.apache.logging.log4j;ThreadContext;false;put;;;Argument[1];log4j",`
`141`	`141`	`"org.apache.logging.log4j;ThreadContext;false;putIfNull;;;Argument[1];log4j",`
`142`	`142`	`"org.apache.logging.log4j;ThreadContext;false;putAll;;;Argument[0];log4j",`
	`143`	`+ // org.apache.logging.log4j.CloseableThreadContext`
	`144`	`+ "org.apache.logging.log4j;CloseableThreadContext;false;put;;;Argument[1];log4j",`
	`145`	`+ "org.apache.logging.log4j;CloseableThreadContext;false;putAll;;;Argument[0];log4j",`
	`146`	`+ "org.apache.logging.log4j;CloseableThreadContext$Instance;false;put;;;Argument[1];log4j",`
	`147`	`+ "org.apache.logging.log4j;CloseableThreadContext$Instance;false;putAll;;;Argument[0];log4j",`
`143`	`148`	`]`
`144`	`149`	`}`
`145`	`150`	`}`