github
diff --git a/‎csharp/ql/lib/ext/NHibernate.model.yml‎
Lines changed: 8 additions & 0 deletions b/‎csharp/ql/lib/ext/NHibernate.model.yml‎
Lines changed: 8 additions & 0 deletions
diff --git a/‎csharp/ql/src/change-notes/2025-12-11-nhibernate-sql-sinks.md‎
Lines changed: 4 additions & 0 deletions b/‎csharp/ql/src/change-notes/2025-12-11-nhibernate-sql-sinks.md‎
Lines changed: 4 additions & 0 deletions
@@ -0,0 +1,8 @@
+extensions:
+  - addsTo:
+      pack: codeql/csharp-all
+      extensible: sinkModel
+    data:
+      - ["NHibernate", "ISession", True, "CreateSQLQuery", "(System.String)", "", "Argument[0]", "sql-injection", "manual"]
+      - ["NHibernate", "IStatelessSession", True, "CreateSQLQuery", "(System.String)", "", "Argument[0]", "sql-injection", "manual"]
+      - ["NHibernate.Impl", "AbstractSessionImpl", True, "CreateSQLQuery", "(System.String)", "", "Argument[0]", "sql-injection", "manual"]
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* Added `NHibernate.ISession.CreateSQLQuery`, `NHibernate.IStatelessSession.CreateSQLQuery` and `NHibernate.Impl.AbstractSessionImpl.CreateSQLQuery` as SQL injection sinks.
-Original file line number
+Diff line change
@@ @@ -0,0 +1,4 @@ @@
 +---
 +category: minorAnalysis
 +---
 +* Added `NHibernate.ISession.CreateSQLQuery`, `NHibernate.IStatelessSession.CreateSQLQuery` and `NHibernate.Impl.AbstractSessionImpl.CreateSQLQuery` as SQL injection sinks.