Add MaybeBrokenCryptoAlgorithmQuery

java/ql/src/Security/CWE/CWE-327/MaybeBrokenCryptoAlgorithm.ql

@@ -13,56 +13,7 @@
 
 import java
 import semmle.code.java.security.Encryption
-import semmle.code.java.dataflow.TaintTracking
-import DataFlow
-import semmle.code.java.dispatch.VirtualDispatch
-
-private class ShortStringLiteral extends StringLiteral {
-  ShortStringLiteral() { this.getValue().length() < 100 }
-}
-
-class InsecureAlgoLiteral extends ShortStringLiteral {
-  InsecureAlgoLiteral() {
-    // Algorithm identifiers should be at least two characters.
-    this.getValue().length() > 1 and
-    exists(string s | s = this.getValue() |
-      not s.regexpMatch(getSecureAlgorithmRegex()) and
-      // Exclude results covered by another query.
-      not s.regexpMatch(getInsecureAlgorithmRegex())
-    )
-  }
-}
-
-predicate objectToString(MethodAccess ma) {
-  exists(ToStringMethod m |
-    m = ma.getMethod() and
-    m.getDeclaringType() instanceof TypeObject and
-    exprNode(ma.getQualifier()).getTypeBound().getErasure() instanceof TypeObject
-  )
-}
-
-class StringContainer extends RefType {
-  StringContainer() {
-    this instanceof TypeString or
-    this instanceof StringBuildingType or
-    this.hasQualifiedName("java.util", "StringTokenizer") or
-    this.(Array).getComponentType() instanceof StringContainer
-  }
-}
-
-module InsecureCryptoConfig implements ConfigSig {
-  predicate isSource(Node n) { n.asExpr() instanceof InsecureAlgoLiteral }
-
-  predicate isSink(Node n) { exists(CryptoAlgoSpec c | n.asExpr() = c.getAlgoSpec()) }
-
-  predicate isBarrier(Node n) {
-    objectToString(n.asExpr()) or
-    not n.getType().getErasure() instanceof StringContainer
-  }
-}
-
-module InsecureCryptoFlow = TaintTracking::Global<InsecureCryptoConfig>;
-
+import semmle.code.java.security.MaybeBrokenCryptoAlgorithmQuery
 import InsecureCryptoFlow::PathGraph
 
 from