github
diff --git a/‎java/ql/lib/ext/com.couchbase.client.java.model.yml‎
Lines changed: 39 additions & 4 deletions b/‎java/ql/lib/ext/com.couchbase.client.java.model.yml‎
Lines changed: 39 additions & 4 deletions
diff --git a/‎java/ql/src/change-notes/2025-23-23-couchbase-sinks.md‎
Lines changed: 4 additions & 0 deletions b/‎java/ql/src/change-notes/2025-23-23-couchbase-sinks.md‎
Lines changed: 4 additions & 0 deletions
diff --git a/‎java/ql/test/query-tests/security/CWE-089/semmle/examples/CouchBase.java‎
Lines changed: 18 additions & 0 deletions b/‎java/ql/test/query-tests/security/CWE-089/semmle/examples/CouchBase.java‎
Lines changed: 18 additions & 0 deletions
@@ -3,7 +3,42 @@ extensions:
       pack: codeql/java-all
       extensible: sinkModel
     data:
-      - ["com.couchbase.client.java","ClusterOptions",true,"clusterOptions","(String,String)","","Argument[0]","credentials-username","manual"]
-      - ["com.couchbase.client.java","ClusterOptions",true,"clusterOptions","(String,String)","","Argument[1]","credentials-password","manual"]
-      - ["com.couchbase.client.java","Cluster",true,"connect","(String,String,String)","","Argument[1]","credentials-username","manual"]
-      - ["com.couchbase.client.java","Cluster",true,"connect","(String,String,String)","","Argument[2]","credentials-password","manual"]
+      - ["com.couchbase.client.java", "ClusterOptions", true, "clusterOptions", "(String,String)", "", "Argument[0]", "credentials-username", "manual"]
+      - ["com.couchbase.client.java", "ClusterOptions", true, "clusterOptions", "(String,String)", "", "Argument[1]", "credentials-password", "manual"]
+      - ["com.couchbase.client.java", "Cluster", true, "connect", "(String,String,String)", "", "Argument[1]", "credentials-username", "manual"]
+      - ["com.couchbase.client.java", "Cluster", true, "connect", "(String,String,String)", "", "Argument[2]", "credentials-password", "manual"]
+      - ["com.couchbase.client.java", "Cluster", true, "query", "(String)", "", "Argument[0]", "sql-injection", "manual"]
+      - ["com.couchbase.client.java", "Cluster", true, "query", "(String,QueryOptions)", "", "Argument[0]", "sql-injection", "manual"]
+      - ["com.couchbase.client.java", "Cluster", true, "analysticsQuery", "(String)", "", "Argument[0]", "sql-injection", "manual"]
+      - ["com.couchbase.client.java", "Cluster", true, "analysticsQuery", "(String,AnalyticsOptions)", "", "Argument[0]", "sql-injection", "manual"]
+      - ["com.couchbase.client.java", "Cluster", true, "queryStreaming", "(String,Consumer<QueryRow>)", "", "Argument[0]", "sql-injection", "manual"]
+      - ["com.couchbase.client.java", "Cluster", true, "queryStreaming", "(String,QueryOptions,Consumer<QueryRow>)", "", "Argument[0]", "sql-injection", "manual"]
+      - ["com.couchbase.client.java", "Cluster", true, "searchQuery", "(String,SearchQuery)", "", "Argument[1]", "sql-injection", "manual"]
+      - ["com.couchbase.client.java", "Cluster", true, "searchQuery", "(String,SearchQuery,SearchOptions)", "", "Argument[1]", "sql-injection", "manual"]
+      - ["com.couchbase.client.java", "Collection", true, "upsert", "(String,Object)", "", "Argument[1]", "sql-injection", "manual"]
+      - ["com.couchbase.client.java", "Collection", true, "upsert", "(String,Object,UpsertOptions)", "", "Argument[1]", "sql-injection", "manual"]
+      - ["com.couchbase.client.java", "Collection", true, "replace", "(String,Object)", "", "Argument[1]", "sql-injection", "manual"]
+      - ["com.couchbase.client.java", "Collection", true, "replace", "(String,Object,ReplaceOptions)", "", "Argument[1]", "sql-injection", "manual"]
+
+  - addsTo:
+      pack: codeql/java-all
+      extensible: summaryModel
+    data:
+      - ["com.couchbase.client.java.json", "JsonObject", true, "put", "(String,Object)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["com.couchbase.client.java.json", "JsonObject", true, "put", "(String,Object)", "", "Argument[1]", "ReturnValue", "taint", "manual"]
+      - ["com.couchbase.client.java.json", "JsonObject", true, "put", "(String,String)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["com.couchbase.client.java.json", "JsonObject", true, "put", "(String,String)", "", "Argument[1]", "ReturnValue", "taint", "manual"]
+      - ["com.couchbase.client.java.json", "JsonObject", true, "put", "(String,int)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["com.couchbase.client.java.json", "JsonObject", true, "put", "(String,long)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["com.couchbase.client.java.json", "JsonObject", true, "put", "(String,number)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["com.couchbase.client.java.json", "JsonObject", true, "put", "(String,double)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["com.couchbase.client.java.json", "JsonObject", true, "put", "(String,boolean)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["com.couchbase.client.java.json", "JsonObject", true, "put", "(String,JsonObject)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["com.couchbase.client.java.json", "JsonObject", true, "put", "(String,JsonObject)", "", "Argument[1]", "ReturnValue", "taint", "manual"]
+      - ["com.couchbase.client.java.json", "JsonObject", true, "put", "(String,Map<String, ?>)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["com.couchbase.client.java.json", "JsonObject", true, "put", "(String,Map<String, ?>)", "", "Argument[1]", "ReturnValue", "taint", "manual"]
+      - ["com.couchbase.client.java.json", "JsonObject", true, "put", "(String,JsonArray)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["com.couchbase.client.java.json", "JsonObject", true, "put", "(String,JsonArray)", "", "Argument[1]", "ReturnValue", "taint", "manual"]
+      - ["com.couchbase.client.java.json", "JsonObject", true, "put", "(String,List<?>)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
+      - ["com.couchbase.client.java.json", "JsonObject", true, "put", "(String,List<?>)", "", "Argument[1]", "ReturnValue", "taint", "manual"]
+      - ["com.couchbase.client.java.json", "JsonObject", true, "putNull", "(String)", "", "Argument[0]", "ReturnValue", "taint", "manual"]
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* Added sink models for `com.couchbase` supporting SQL Injection and Hardcoded Cretentials queries.
@@ -0,0 +1,18 @@
+package com.example;
+
+import com.couchbase.client.java.Bucket;
+import com.couchbase.client.java.Cluster;
+import com.couchbase.client.java.Collection;
+import com.couchbase.client.java.json.JsonObject;
+
+public class CouchBase {
+  public static void main(String[] args) {
+    Cluster cluster = Cluster.connect("192.168.0.158", "Administrator", "Administrator");
+    Bucket bucket = cluster.bucket("travel-sample");
+    cluster.query(args[1]);
+
+    Collection collection = bucket.defaultCollection();
+    collection.replace("airbnb_1", JsonObject.create().putNull(System.getenv("ITEM_CATEGORY")));
+    collection.upsert("airbnb_1", JsonObject.create().put("country", args[1]));
+  }
+}
-Original file line number
+Diff line change
@@ @@ -0,0 +1,4 @@ @@
 +---
 +category: minorAnalysis
 +---
 +* Added sink models for `com.couchbase` supporting SQL Injection and Hardcoded Cretentials queries.