Update inline expectations and relearn affected tests

java/ql/test/experimental/query-tests/quantum/examples/BadMacUse/BadMacOrderDecryptThenMac.expected

@@ -30,7 +30,5 @@ nodes
 | BadMacUse.java:152:42:152:51 | ciphertext | semmle.label | ciphertext |
 subpaths
 testFailures
-| BadMacUse.java:50:56:50:66 | // $ Source | Missing result: Source |
-| BadMacUse.java:63:118:63:128 | // $ Source | Missing result: Source |
 | BadMacUse.java:92:31:92:35 | bytes : byte[] | Unexpected result: Source |
 | BadMacUse.java:146:95:146:105 | // $ Source | Missing result: Source |

java/ql/test/experimental/query-tests/quantum/examples/BadMacUse/BadMacOrderDecryptToMac.expected

@@ -31,7 +31,7 @@ nodes
 | BadMacUse.java:124:42:124:51 | ciphertext | semmle.label | ciphertext |
 subpaths
 testFailures
-| BadMacUse.java:63:118:63:128 | // $ Source | Missing result: Source |
+| BadMacUse.java:50:28:50:53 | doFinal(...) : byte[] | Fixed missing result: Source |
 | BadMacUse.java:92:16:92:36 | doFinal(...) : byte[] | Unexpected result: Source |
 | BadMacUse.java:124:42:124:51 | ciphertext | Unexpected result: Alert |
 | BadMacUse.java:146:95:146:105 | // $ Source | Missing result: Source |

java/ql/test/experimental/query-tests/quantum/examples/BadMacUse/BadMacOrderMacOnEncryptPlaintext.expected

@@ -45,7 +45,7 @@ nodes
 | BadMacUse.java:152:42:152:51 | ciphertext | semmle.label | ciphertext |
 subpaths
 testFailures
-| BadMacUse.java:50:56:50:66 | // $ Source | Missing result: Source |
+| BadMacUse.java:63:82:63:97 | plaintext : byte[] | Fixed missing result: Source |
 | BadMacUse.java:139:79:139:90 | input : byte[] | Unexpected result: Source |
 | BadMacUse.java:146:95:146:105 | // $ Source | Missing result: Source |
 | BadMacUse.java:152:42:152:51 | ciphertext | Unexpected result: Alert |

java/ql/test/experimental/query-tests/quantum/examples/BadMacUse/BadMacUse.java

@@ -47,7 +47,7 @@ class BadMacUse {
         SecretKey encryptionKey = new SecretKeySpec(encryptionKeyBytes, "AES");
         Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
         cipher.init(Cipher.DECRYPT_MODE, encryptionKey, new SecureRandom());
-        byte[] plaintext = cipher.doFinal(ciphertext); // $ Source
+        byte[] plaintext = cipher.doFinal(ciphertext); // $ MISSING: Source
 
         // Now verify MAC (too late)
         SecretKey macKey = new SecretKeySpec(macKeyBytes, "HmacSHA256");
@@ -60,7 +60,7 @@ class BadMacUse {
         }
     }
 
-    public void BadMacOnPlaintext(byte[] encryptionKeyBytes, byte[] macKeyBytes, byte[] plaintext) throws Exception {// $ Source
+    public void BadMacOnPlaintext(byte[] encryptionKeyBytes, byte[] macKeyBytes, byte[] plaintext) throws Exception {// $ MISSING: Source
         // Create keys directly from provided byte arrays
         SecretKey encryptionKey = new SecretKeySpec(encryptionKeyBytes, "AES");
         SecretKey macKey = new SecretKeySpec(macKeyBytes, "HmacSHA256");

java/ql/test/experimental/query-tests/quantum/examples/InsecureOrUnknownNonceSource/InsecureIVorNonceSource.expected

@@ -126,5 +126,3 @@ nodes
 | InsecureIVorNonceSource.java:202:54:202:55 | iv : byte[] | semmle.label | iv : byte[] |
 | InsecureIVorNonceSource.java:206:51:206:56 | ivSpec | semmle.label | ivSpec |
 subpaths
-testFailures
-| InsecureIVorNonceSource.java:42:21:42:21 | 1 : Number | Unexpected result: Source |

java/ql/test/experimental/query-tests/quantum/examples/InsecureOrUnknownNonceSource/InsecureIVorNonceSource.java

@@ -39,7 +39,7 @@ public class InsecureIVorNonceSource {
     public byte[] encryptWithStaticIvByteArray(byte[] key, byte[] plaintext) throws Exception {
         byte[] iv = new byte[16];
         for (byte i = 0; i < iv.length; i++) {
-            iv[i] = 1;
+            iv[i] = 1; // $ Source
         }
 
         IvParameterSpec ivSpec = new IvParameterSpec(iv);

java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownKDFIterationCount/Test.java

@@ -40,11 +40,11 @@ public class Test {
      * SAST/CBOM: - Parent: PBKDF2. - Iteration count is only 10, which is far
      * below acceptable security standards. - Flagged as insecure.
      */
-    public void pbkdf2LowIteration(String password, int iterationCount) throws Exception { // $ Source
+    public void pbkdf2LowIteration(String password, int iterationCount) throws Exception { // $ MISSING: Source
         byte[] salt = generateSalt(16);
-        PBEKeySpec spec = new PBEKeySpec(password.toCharArray(), salt, iterationCount, 256); // $ Alert[java/quantum/examples/unknown-kdf-iteration-count]
+        PBEKeySpec spec = new PBEKeySpec(password.toCharArray(), salt, iterationCount, 256);
         SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256");
-        byte[] key = factory.generateSecret(spec).getEncoded();
+        byte[] key = factory.generateSecret(spec).getEncoded(); // $ Alert[java/quantum/examples/unknown-kdf-iteration-count]
     }
 
     /**

java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownKDFIterationCount/UnknownKDFIterationCount.expected

@@ -1,5 +1 @@
-#select
 | Test.java:47:22:47:49 | KeyDerivation | Key derivation operation with unknown iteration: $@ | Test.java:43:53:43:70 | iterationCount | iterationCount |
-testFailures
-| Test.java:45:94:45:154 | // $ Alert[java/quantum/examples/unknown-kdf-iteration-count] | Missing result: Alert[java/quantum/examples/unknown-kdf-iteration-count] |
-| Test.java:47:22:47:49 | Key derivation operation with unknown iteration: $@ | Unexpected result: Alert |

java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownKDFIterationCount/WeakKDFIterationCount.expected

@@ -12,5 +12,3 @@ nodes
 | Test.java:58:30:58:38 | 1_000_000 : Number | semmle.label | 1_000_000 : Number |
 | Test.java:59:72:59:85 | iterationCount | semmle.label | iterationCount |
 subpaths
-testFailures
-| Test.java:43:92:43:102 | // $ Source | Missing result: Source |