com/liferay/portal/kernel/dao/orm/Session.createQuery(Ljava/lang/String;)Lcom/liferay/portal/kernel/dao/orm/Query;:0
com/liferay/portal/kernel/dao/orm/Session.createQuery(Ljava/lang/String;Z)Lcom/liferay/portal/kernel/dao/orm/Query;:1
com/liferay/portal/kernel/dao/orm/Session.createSQLQuery(Ljava/lang/String;)Lcom/liferay/portal/kernel/dao/orm/SQLQuery;:0
com/liferay/portal/kernel/dao/orm/Session.createSQLQuery(Ljava/lang/String;Z)Lcom/liferay/portal/kernel/dao/orm/SQLQuery;:1
com/liferay/portal/kernel/dao/orm/Session.createSynchronizedSQLQuery(Ljava/lang/String;)Lcom/liferay/portal/kernel/dao/orm/SQLQuery;:0
com/liferay/portal/kernel/dao/orm/Session.createSynchronizedSQLQuery(Ljava/lang/String;Z)Lcom/liferay/portal/kernel/dao/orm/SQLQuery;:1

- In liferay.txt we whitelisted OrderByComparator as generally safe (we use String constants):
-
- com/liferay/portal/kernel/service/persistence/impl/BasePersistenceImpl.appendOrderByComparator(Lcom/liferay/portal/kernel/util/StringBundler;Ljava/lang/String;Lcom/liferay/portal/kernel/util/OrderByComparator;)V:1,2#2
- com/liferay/portal/kernel/service/persistence/impl/BasePersistenceImpl.appendOrderByComparator(Lcom/liferay/portal/kernel/util/StringBundler;Ljava/lang/String;Lcom/liferay/portal/kernel/util/OrderByComparator;Z)V:2,3#3
- com/liferay/util/dao/orm/CustomSQLUtil.replaceOrderBy(Ljava/lang/String;Lcom/liferay/portal/kernel/util/OrderByComparator;)Ljava/lang/String;:1
- com/liferay/portal/dao/orm/custom/sql/CustomSQLUtil.replaceOrderBy(Ljava/lang/String;Lcom/liferay/portal/kernel/util/OrderByComparator;)Ljava/lang/String;:1
- com/liferay/portal/kernel/util/OrderByComparator.getOrderByConditionFields()[Ljava/lang/String;:SAFE
- com/liferay/portal/kernel/util/OrderByComparator.getOrderByFields()[Ljava/lang/String;:SAFE
-
- Here are OrderByComparator impls that _can_ be insecure source so let's consider them as SQLi sink source.
- Insecure OrderByComparator is the one that doesn't use constants for getOrderBy(), getOrderByFields() and getOrderByConditionFields() return values.
-
com/liferay/portal/kernel/dao/orm/QueryDefinition.getOrderByComparator(Ljava/lang/String;)Lcom/liferay/portal/kernel/util/OrderByComparator:0
com/liferay/portal/kernel/util/OrderByComparatorFactoryUtil.create(Ljava/lang/String;[Ljava/lang/Object;)Lcom/liferay/portal/kernel/util/OrderByComparator:0,1
com/liferay/portal/kernel/util/TableNameOrderByComparator.<init>(Lcom/liferay/portal/kernel/util/OrderByComparator;Ljava/lang/String;)V:0
com/liferay/portal/kernel/util/TableNameOrderByComparator.setTableName(Ljava/lang/String;)V:0
com/liferay/portal/kernel/workflow/comparator/WorkflowDefinitionNameComparator.<init>(ZLjava/lang/String;Ljava/lang/String;[Ljava/lang/String;)V:0,1,2
com/liferay/portal/kernel/workflow/comparator/WorkflowInstanceCompletedComparator.<init>(ZLjava/lang/String;Ljava/lang/String;[Ljava/lang/String;)V:0,1,2
com/liferay/portal/kernel/workflow/comparator/WorkflowInstanceEndDateComparator.<init>(ZLjava/lang/String;Ljava/lang/String;[Ljava/lang/String;)V:0,1,2
com/liferay/portal/kernel/workflow/comparator/WorkflowInstanceStartDateComparator.<init>(ZLjava/lang/String;Ljava/lang/String;[Ljava/lang/String;)V:0,1,2
com/liferay/portal/kernel/workflow/comparator/WorkflowInstanceStateComparator.<init>(ZLjava/lang/String;Ljava/lang/String;[Ljava/lang/String;)V:0,1,2
com/liferay/portal/kernel/workflow/comparator/WorkflowLogCreateDateComparator.<init>(ZLjava/lang/String;Ljava/lang/String;[Ljava/lang/String;)V:0,1,2
com/liferay/portal/kernel/workflow/comparator/WorkflowLogUserIdComparator.<init>(ZLjava/lang/String;Ljava/lang/String;[Ljava/lang/String;)V:0,1,2
com/liferay/portal/kernel/workflow/comparator/WorkflowTaskCompletionDateComparator.<init>(ZLjava/lang/String;Ljava/lang/String;[Ljava/lang/String;)V:0,1,2
com/liferay/portal/kernel/workflow/comparator/WorkflowTaskCreateDateComparator.<init>(ZLjava/lang/String;Ljava/lang/String;[Ljava/lang/String;)V:0,1,2
com/liferay/portal/kernel/workflow/comparator/WorkflowTaskDueDateComparator.<init>(ZLjava/lang/String;Ljava/lang/String;[Ljava/lang/String;)V:0,1,2
com/liferay/portal/kernel/workflow/comparator/WorkflowTaskNameComparator.<init>(ZLjava/lang/String;Ljava/lang/String;[Ljava/lang/String;)V:0,1,2
com/liferay/portal/kernel/workflow/comparator/WorkflowTaskUserIdComparator.<init>(ZLjava/lang/String;Ljava/lang/String;[Ljava/lang/String;)V:0,1,2
