Skip to content

Commit 3c555fc

Browse files
smowtonsmowton
committed
Add basic test for SQL injection vs Jakarta Persistence
1 parent 5d37ccf commit 3c555fc

File tree

4 files changed

+28
-1
lines changed

4 files changed

+28
-1
lines changed

java/ql/test/query-tests/security/CWE-089/semmle/examples/JakartaPersistence.java

Lines changed: 13 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,13 @@
1+
import jakarta.persistence.EntityManager;
2+
3+
public class JakartaPersistence {
4+
5+
public static String source() { return null; }
6+
7+
public static void test(EntityManager entityManager) {
8+
9+
entityManager.createNativeQuery(source()); // $ sqlInjection
10+
11+
}
12+
13+
}

java/ql/test/query-tests/security/CWE-089/semmle/examples/options

Lines changed: 1 addition & 1 deletion
Original file line numberDiff line numberDiff line change
@@ -1 +1 @@
1-
//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../../stubs/mongodbClient:${testdir}/../../../../../stubs/springframework-5.8.x:${testdir}/../../../../../stubs/apache-hive --release 21
1+
//semmle-extractor-options: --javac-args -cp ${testdir}/../../../../../stubs/mongodbClient:${testdir}/../../../../../stubs/springframework-5.8.x:${testdir}/../../../../../stubs/apache-hive:${testdir}/../../../../../stubs/jakarta-persistence-api-3.2.0 --release 21

java/ql/test/stubs/jakarta-persistence-api-3.2.0/jakarta/persistence/EntityManager.java

Lines changed: 7 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

java/ql/test/stubs/jakarta-persistence-api-3.2.0/jakarta/persistence/Query.java

Lines changed: 7 additions & 0 deletions
Some generated files are not rendered by default. Learn more about customizing how changed files appear on GitHub.

0 commit comments

Comments
 (0)