Adding example slicing queries.

java/ql/src/experimental/Quantum/InventorySlices/KnownAsymmetricAlgorithm.ql

@@ -0,0 +1,12 @@
+/**
+ * @name Detects known asymmetric algorithms
+ * @id java/crypto_inventory_slices/known_asymmetric_algorithm
+ * @kind problem
+ */
+
+import java
+import experimental.Quantum.Language
+
+from Crypto::AlgorithmNode a
+where Crypto::isKnownAsymmetricAlgorithm(a)
+select a, "Instance of asymmetric algorithm " + a.getAlgorithmName()

java/ql/src/experimental/Quantum/InventorySlices/KnownAsymmetricOperationAlgorithm.ql

@@ -0,0 +1,12 @@
+/**
+ * @name Detects operations where the algorithm applied is a known asymmetric algorithms
+ * @id java/crypto_inventory_slices/known_asymmetric_operation_algorithm
+ * @kind problem
+ */
+
+import java
+import experimental.Quantum.Language
+
+from Crypto::OperationNode op, Crypto::AlgorithmNode a
+where a = op.getAKnownAlgorithm() and Crypto::isKnownAsymmetricAlgorithm(a)
+select op, "Operation using asymmetric algorithm $@", a, a.getAlgorithmName()

java/ql/src/experimental/Quantum/InventorySlices/KnownEllipticCurveAlgorithm.ql

@@ -0,0 +1,11 @@
+/**
+ * @name Detects known elliptic curve algorithms
+ * @id java/crypto_inventory_slices/known_elliptic_curvee_algorithm
+ * @kind problem
+ */
+
+import java
+import experimental.Quantum.Language
+
+from Crypto::EllipticCurveNode a
+select a, "Instance of elliptic curve algorithm " + a.getAlgorithmName()

java/ql/src/experimental/Quantum/InventorySlices/KnownHashingAlgorithm.ql

@@ -0,0 +1,11 @@
+/**
+ * @name Detects algorithms that are known hashing algorithms
+ * @id java/crypto_inventory_slices/known_hashing_algorithm
+ * @kind problem
+ */
+
+import java
+import experimental.Quantum.Language
+
+from Crypto::HashAlgorithmNode a
+select a, "Instance of hashing algorithm " + a.getAlgorithmName()

java/ql/src/experimental/Quantum/InventorySlices/KnownHashingOperation.ql

@@ -0,0 +1,11 @@
+/**
+ * @name Detects uses of hashing operations (operations exlicitly for hashing only, irrespective of the algorithm used)
+ * @id java/crypto_inventory_slices/known_hashing_operation
+ * @kind problem
+ */
+
+import java
+import experimental.Quantum.Language
+
+from Crypto::HashOperationNode op
+select op, "Known hashing operation"

java/ql/src/experimental/Quantum/InventorySlices/KnownHashingOperationAlgorithm.ql

@@ -0,0 +1,12 @@
+/**
+ * @name Detects operations where the algorithm applied is a known hashing algorithm
+ * @id java/crypto_inventory_slices/operation_with_known_hashing_algorithm
+ * @kind problem
+ */
+
+import java
+import experimental.Quantum.Language
+
+from Crypto::OperationNode op, Crypto::HashAlgorithmNode a
+where a = op.getAKnownAlgorithm()
+select op, "Operation using hashing algorithm $@", a, a.getAlgorithmName()

java/ql/src/experimental/Quantum/InventorySlices/KnownKeyDerivationAlgorithm.ql

@@ -0,0 +1,11 @@
+/**
+ * @name Detects known key derivation algorithms
+ * @id java/crypto_inventory_slices/known_key_derivation_algorithm
+ * @kind problem
+ */
+
+import java
+import experimental.Quantum.Language
+
+from Crypto::KeyDerivationAlgorithmNode alg
+select alg, "Known key derivation algorithm " + alg.getAlgorithmName()

java/ql/src/experimental/Quantum/InventorySlices/KnownKeyDerivationOperation.ql

@@ -0,0 +1,11 @@
+/**
+ * @name Detects uses of key derivation operations (operations exlicitly for key derivation only, irrespective of the algorithm used)
+ * @id java/crypto_inventory_slices/known_key_derivation_operation
+ * @kind problem
+ */
+
+import java
+import experimental.Quantum.Language
+
+from Crypto::KeyDerivationOperationNode op
+select op, "Known key derivation operation"

java/ql/src/experimental/Quantum/InventorySlices/KnownKeyDerivationOperationAlgorithm.ql

@@ -0,0 +1,12 @@
+/**
+ * @name Detects operations where the algorithm applied is a known key derivation algorithm
+ * @id java/crypto_inventory_slices/operation_with_known_key_derivation_algorithm
+ * @kind problem
+ */
+
+import java
+import experimental.Quantum.Language
+
+from Crypto::OperationNode op, Crypto::KeyDerivationAlgorithmNode a
+where a = op.getAKnownAlgorithm()
+select op, "Operation using key derivation algorithm $@", a, a.getAlgorithmName()

java/ql/src/experimental/Quantum/InventorySlices/LikelyCryptoAPIFunction.ql

@@ -0,0 +1,16 @@
+/**
+ * @name Detects functions that take in crypto configuration parameters but calls are not detected in source.
+ * @id java/crypto_inventory_slices/likely_crypto_api_function
+ * @kind problem
+ */
+
+import java
+import experimental.Quantum.Language
+
+from Callable f, Parameter p, Crypto::OperationNode op
+where
+  op.asElement().(Expr).getEnclosingCallable() = f and
+  op.getAnAlgorithmOrGenericSource().asElement() = p
+select f,
+  "Likely crypto API function: Operation $@ configured by parameter $@ with no known configuring call",
+  op, op.toString(), p, p.toString()

java/ql/src/experimental/Quantum/InventorySlices/UnknownOperationAlgorithm.ql

@@ -0,0 +1,22 @@
+/**
+ * @name Detects operations where the algorithm applied is unknown
+ * @id java/crypto_inventory_slices/unknown_operation_algorithm
+ * @kind problem
+ */
+
+import java
+import experimental.Quantum.Language
+
+//TODO: can we have an unknown node concept?
+from Crypto::OperationNode op, Element e, string msg
+where
+  not exists(op.getAnAlgorithmOrGenericSource()) and
+  e = op.asElement() and
+  msg = "Operation with unconfigured algorithm (no known sources)."
+  or
+  exists(Crypto::GenericSourceNode n |
+    n = op.getAnAlgorithmOrGenericSource() and
+    e = n.asElement()
+  ) and
+  msg = "Operation with unknown algorithm source: $@"
+select op, msg, e, e.toString()