github
diff --git a/‎java/ql/test/experimental/query-tests/security/CWE-089/src/main/MyBatisProvider.java‎
Lines changed: 35 additions & 0 deletions b/‎java/ql/test/experimental/query-tests/security/CWE-089/src/main/MyBatisProvider.java‎
Lines changed: 35 additions & 0 deletions
diff --git a/‎java/ql/test/experimental/query-tests/security/CWE-089/src/main/MybatisSqlInjection.java‎
Lines changed: 21 additions & 0 deletions b/‎java/ql/test/experimental/query-tests/security/CWE-089/src/main/MybatisSqlInjection.java‎
Lines changed: 21 additions & 0 deletions
diff --git a/‎java/ql/test/experimental/query-tests/security/CWE-089/src/main/MybatisSqlInjectionService.java‎
Lines changed: 17 additions & 0 deletions b/‎java/ql/test/experimental/query-tests/security/CWE-089/src/main/MybatisSqlInjectionService.java‎
Lines changed: 17 additions & 0 deletions
diff --git a/‎java/ql/test/experimental/query-tests/security/CWE-089/src/main/SqlInjectionMapper.java‎
Lines changed: 29 additions & 0 deletions b/‎java/ql/test/experimental/query-tests/security/CWE-089/src/main/SqlInjectionMapper.java‎
Lines changed: 29 additions & 0 deletions
diff --git a/‎java/ql/test/stubs/org.mybatis-3.5.4/org/apache/ibatis/annotations/DeleteProvider.java‎
Lines changed: 29 additions & 0 deletions b/‎java/ql/test/stubs/org.mybatis-3.5.4/org/apache/ibatis/annotations/DeleteProvider.java‎
Lines changed: 29 additions & 0 deletions
diff --git a/‎java/ql/test/stubs/org.mybatis-3.5.4/org/apache/ibatis/annotations/InsertProvider.java‎
Lines changed: 29 additions & 0 deletions b/‎java/ql/test/stubs/org.mybatis-3.5.4/org/apache/ibatis/annotations/InsertProvider.java‎
Lines changed: 29 additions & 0 deletions
diff --git a/‎java/ql/test/stubs/org.mybatis-3.5.4/org/apache/ibatis/annotations/SelectProvider.java‎
Lines changed: 29 additions & 0 deletions b/‎java/ql/test/stubs/org.mybatis-3.5.4/org/apache/ibatis/annotations/SelectProvider.java‎
Lines changed: 29 additions & 0 deletions
diff --git a/‎java/ql/test/stubs/org.mybatis-3.5.4/org/apache/ibatis/annotations/UpdateProvider.java‎
Lines changed: 29 additions & 0 deletions b/‎java/ql/test/stubs/org.mybatis-3.5.4/org/apache/ibatis/annotations/UpdateProvider.java‎
Lines changed: 29 additions & 0 deletions
@@ -0,0 +1,35 @@
+import org.apache.ibatis.annotations.Param;
+import org.apache.ibatis.jdbc.SQL;
+
+public class MyBatisProvider {
+    public String badSelect(@Param("input") final String input) {
+        String s = (new SQL() {
+            {
+                this.SELECT("password");
+                this.FROM("users");
+                this.WHERE("username = '" + input + "'");
+            }
+        }).toString();
+        return s;
+    }
+
+    public String badDelete(@Param("input") final String input) {
+        return "DELETE FROM users WHERE username = '" + input + "';";
+    }
+
+    public String badUpdate(@Param("input") final String input) {
+        String s = (new SQL() {
+            {
+                this.UPDATE("users");
+                this.SET("balance = 0");
+                this.WHERE("username = '" + input + "'");
+            }
+        }).toString();
+        return s;
+    }
+
+    public String badInsert(@Param("input") final String input) {
+        return "INSERT INTO users VALUES (1, '" + input + "', 'hunter2');";
+    }
+}
+
@@ -68,4 +68,25 @@ public List<Test> good1(Integer id) {
 		List<Test> result = mybatisSqlInjectionService.good1(id);
 		return result;
 	}
+
+	// using providers
+	@GetMapping(value = "badSelect")
+	public String badSelect(@RequestParam String name) {
+		return mybatisSqlInjectionService.badSelect(name);
+	}
+
+	@GetMapping(value = "badDelete")
+	public void badDelete(@RequestParam String name) {
+		mybatisSqlInjectionService.badDelete(name);
+	}
+	
+	@GetMapping(value = "badUpdate")
+	public void badUpdate(@RequestParam String name) {
+		mybatisSqlInjectionService.badUpdate(name);
+	}
+
+	@GetMapping(value = "badInsert")
+	public void badInsert(@RequestParam String name) {
+		mybatisSqlInjectionService.badInsert(name);
+	}
 }
@@ -55,4 +55,21 @@ public List<Test> good1(Integer id) {
 		List<Test> result = sqlInjectionMapper.good1(id);
 		return result;
 	}
+
+	// using providers
+	public String badSelect(String input) {
+        return sqlInjectionMapper.badSelect(input);
+    }
+
+	public void badDelete(String input) {
+        sqlInjectionMapper.badDelete(input);
+    }
+
+	public void badUpdate(String input) {
+        sqlInjectionMapper.badUpdate(input);
+    }
+
+	public void badInsert(String input) {
+        sqlInjectionMapper.badInsert(input);
+    }
 }
@@ -5,6 +5,10 @@
 import org.apache.ibatis.annotations.Param;
 import org.springframework.stereotype.Repository;
 import org.apache.ibatis.annotations.Select;
+import org.apache.ibatis.annotations.SelectProvider;
+import org.apache.ibatis.annotations.DeleteProvider;
+import org.apache.ibatis.annotations.UpdateProvider;
+import org.apache.ibatis.annotations.InsertProvider;
 
 @Mapper
 @Repository
@@ -30,4 +34,29 @@ public interface SqlInjectionMapper {
 	public Test bad9(HashMap<String, Object> map);
 
 	List<Test> good1(Integer id);
+
+	//using providers
+	@SelectProvider(
+		type = MyBatisProvider.class,
+		method = "badSelect"
+	)
+	String badSelect(String input);
+
+    @DeleteProvider(
+            type = MyBatisProvider.class,
+            method = "badDelete"
+    )
+    void badDelete(String input);
+
+    @UpdateProvider(
+            type = MyBatisProvider.class,
+            method = "badUpdate"
+    )
+    void badUpdate(String input);
+
+    @InsertProvider(
+            type = MyBatisProvider.class,
+            method = "badInsert"
+    )
+    void badInsert(String input);
 }