From 143be8cc35a6acb985757811f6897cd196a41bf4 Mon Sep 17 00:00:00 2001 From: "REDMOND\\brodes" Date: Wed, 8 Oct 2025 10:26:05 -0400 Subject: [PATCH] Crypto: Remove redundant queries. --- .../Analysis/InsecureNonceGeneration.ql | 22 ------------------- .../Analysis/KnownWeakKDFIterationCount.ql | 20 ----------------- 2 files changed, 42 deletions(-) delete mode 100644 java/ql/src/experimental/quantum/Analysis/InsecureNonceGeneration.ql delete mode 100644 java/ql/src/experimental/quantum/Analysis/KnownWeakKDFIterationCount.ql diff --git a/java/ql/src/experimental/quantum/Analysis/InsecureNonceGeneration.ql b/java/ql/src/experimental/quantum/Analysis/InsecureNonceGeneration.ql deleted file mode 100644 index 2514f6b384a..00000000000 --- a/java/ql/src/experimental/quantum/Analysis/InsecureNonceGeneration.ql +++ /dev/null @@ -1,22 +0,0 @@ -/** - * @name Insecure nonce at a cipher operation - * @id java/quantum/insecure-nonce - * @description A nonce is generated from a source that is not secure. This can lead to - * vulnerabilities such as replay attacks or key recovery. - * @kind problem - * @problem.severity error - * @precision high - * @tags quantum - * experimental - */ - -import experimental.quantum.Language - -predicate isInsecureNonceSource(Crypto::NonceArtifactNode n, Crypto::NodeBase src) { - src = n.getSourceNode() and - not src.asElement() instanceof SecureRandomnessInstance -} - -from Crypto::KeyOperationNode op, Crypto::NodeBase src -where isInsecureNonceSource(op.getANonce(), src) -select op, "Operation uses insecure nonce source $@", src, src.toString() \ No newline at end of file diff --git a/java/ql/src/experimental/quantum/Analysis/KnownWeakKDFIterationCount.ql b/java/ql/src/experimental/quantum/Analysis/KnownWeakKDFIterationCount.ql deleted file mode 100644 index 2dd5b0b006b..00000000000 --- a/java/ql/src/experimental/quantum/Analysis/KnownWeakKDFIterationCount.ql +++ /dev/null @@ -1,20 +0,0 @@ -/** - * @name Weak known key derivation function iteration count - * @description Detects key derivation operations with a known weak iteration count. - * @id java/quantum/weak-kdf-iteration-count - * @kind problem - * @problem.severity error - * @precision high - * @tags quantum - * experimental - */ - -import java -import experimental.quantum.Language - -from Crypto::KeyDerivationOperationNode op, Literal l -where - op.getIterationCount().asElement() = l and - l.getValue().toInt() < 100000 -select op, "Key derivation operation configures iteration count below 100k: $@", l, - l.getValue().toString()