github
diff --git a/‎java/ql/lib/ext/org.hibernate.query.model.yml‎
Lines changed: 3 additions & 0 deletions b/‎java/ql/lib/ext/org.hibernate.query.model.yml‎
Lines changed: 3 additions & 0 deletions
diff --git a/‎java/ql/test/query-tests/security/CWE-089/semmle/examples/Hibernate.java‎
Lines changed: 4 additions & 0 deletions b/‎java/ql/test/query-tests/security/CWE-089/semmle/examples/Hibernate.java‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎java/ql/test/stubs/hibernate-5.x/org/hibernate/query/MutationQuery.java‎
Lines changed: 4 additions & 0 deletions b/‎java/ql/test/stubs/hibernate-5.x/org/hibernate/query/MutationQuery.java‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎java/ql/test/stubs/hibernate-5.x/org/hibernate/query/QueryProducer.java‎
Lines changed: 8 additions & 0 deletions b/‎java/ql/test/stubs/hibernate-5.x/org/hibernate/query/QueryProducer.java‎
Lines changed: 8 additions & 0 deletions
diff --git a/‎java/ql/test/stubs/hibernate-5.x/org/hibernate/query/SelectionQuery.java‎
Lines changed: 4 additions & 0 deletions b/‎java/ql/test/stubs/hibernate-5.x/org/hibernate/query/SelectionQuery.java‎
Lines changed: 4 additions & 0 deletions
@@ -4,5 +4,8 @@ extensions:
       extensible: sinkModel
     data:
       - ["org.hibernate.query", "QueryProducer", True, "createNativeQuery", "", "", "Argument[0]", "sql-injection", "manual"]
+      - ["org.hibernate.query", "QueryProducer", True, "createNativeMutationQuery", "", "", "Argument[0]", "sql-injection", "manual"]
       - ["org.hibernate.query", "QueryProducer", True, "createQuery", "", "", "Argument[0]", "sql-injection", "manual"]
+      - ["org.hibernate.query", "QueryProducer", True, "createMutationQuery", "", "", "Argument[0]", "sql-injection", "manual"]
+      - ["org.hibernate.query", "QueryProducer", True, "createSelectionQuery", "", "", "Argument[0]", "sql-injection", "manual"]
       - ["org.hibernate.query", "QueryProducer", True, "createSQLQuery", "", "", "Argument[0]", "sql-injection", "manual"]
@@ -15,7 +15,11 @@ public static void test(
     sharedSessionContract.createSQLQuery(source()); // $ sqlInjection
 
     queryProducer.createNativeQuery(source()); // $ sqlInjection
+    queryProducer.createNativeMutationQuery(source()); // $ sqlInjection
     queryProducer.createQuery(source()); // $ sqlInjection
+    queryProducer.createMutationQuery(source()); // $ sqlInjection
+    queryProducer.createSelectionQuery(source()); // $ sqlInjection
+    queryProducer.createSelectionQuery(source(), Object.class); // $ sqlInjection
     queryProducer.createSQLQuery(source()); // $ sqlInjection
   }
 }
Original file line number	Diff line number	Diff line change
`@@ -15,7 +15,11 @@ public static void test(`
`15`	`15`	`sharedSessionContract.createSQLQuery(source()); // $ sqlInjection`
`16`	`16`
`17`	`17`	`queryProducer.createNativeQuery(source()); // $ sqlInjection`
	`18`	`+ queryProducer.createNativeMutationQuery(source()); // $ sqlInjection`
`18`	`19`	`queryProducer.createQuery(source()); // $ sqlInjection`
	`20`	`+ queryProducer.createMutationQuery(source()); // $ sqlInjection`
	`21`	`+ queryProducer.createSelectionQuery(source()); // $ sqlInjection`
	`22`	`+ queryProducer.createSelectionQuery(source(), Object.class); // $ sqlInjection`
`19`	`23`	`queryProducer.createSQLQuery(source()); // $ sqlInjection`
`20`	`24`	`}`
`21`	`25`	`}`