Add AsymmetricAlgorithmNode, refactor and address feedback

java/ql/lib/experimental/quantum/Language.qll

@@ -42,19 +42,15 @@ module CryptoInput implements InputSig<Language::Location> {
   }
 }
 
-/**
- * Instantiate the model
- */
+// Instantiate the `CryptographyBase` module
 module Crypto = CryptographyBase<Language::Location, CryptoInput>;
 
-/**
- * Definitions of various generic data sources
- */
+// Definitions of various generic sources
 final class DefaultFlowSource = SourceNode;
 
 final class DefaultRemoteFlowSource = RemoteFlowSource;
 
-class GenericUnreferencedParameterSource extends Crypto::GenericUnreferencedParameterSource {
+private class GenericUnreferencedParameterSource extends Crypto::GenericUnreferencedParameterSource {
   GenericUnreferencedParameterSource() {
     exists(Parameter p | this = p and not exists(p.getAnArgument()))
   }
@@ -68,7 +64,7 @@ class GenericUnreferencedParameterSource extends Crypto::GenericUnreferencedPara
   override string getAdditionalDescription() { result = this.toString() }
 }
 
-class GenericLocalDataSource extends Crypto::GenericLocalDataSource {
+private class GenericLocalDataSource extends Crypto::GenericLocalDataSource {
   GenericLocalDataSource() {
     any(DefaultFlowSource src | not src instanceof DefaultRemoteFlowSource).asExpr() = this
   }
@@ -82,7 +78,7 @@ class GenericLocalDataSource extends Crypto::GenericLocalDataSource {
   override string getAdditionalDescription() { result = this.toString() }
 }
 
-class GenericRemoteDataSource extends Crypto::GenericRemoteDataSource {
+private class GenericRemoteDataSource extends Crypto::GenericRemoteDataSource {
   GenericRemoteDataSource() { any(DefaultRemoteFlowSource src).asExpr() = this }
 
   override DataFlow::Node getOutputNode() { result.asExpr() = this }
@@ -94,7 +90,7 @@ class GenericRemoteDataSource extends Crypto::GenericRemoteDataSource {
   override string getAdditionalDescription() { result = this.toString() }
 }
 
-class ConstantDataSource extends Crypto::GenericConstantSourceInstance instanceof Literal {
+private class ConstantDataSource extends Crypto::GenericConstantSourceInstance instanceof Literal {
   ConstantDataSource() {
     // TODO: this is an API specific workaround for JCA, as 'EC' is a constant that may be used
     // where typical algorithms are specified, but EC specifically means set up a
@@ -114,14 +110,14 @@ class ConstantDataSource extends Crypto::GenericConstantSourceInstance instanceo
 }
 
 /**
- * Random number generation, where each instance is modelled as the expression
+ * An instance of random number generation, modelled as the expression
  * tied to an output node (i.e., the result of the source of randomness)
  */
 abstract class RandomnessInstance extends Crypto::RandomNumberGenerationInstance {
   override DataFlow::Node getOutputNode() { result.asExpr() = this }
 }
 
-class SecureRandomnessInstance extends RandomnessInstance {
+private class SecureRandomnessInstance extends RandomnessInstance {
   RandomDataSource source;
 
   SecureRandomnessInstance() {
@@ -132,7 +128,7 @@ class SecureRandomnessInstance extends RandomnessInstance {
   override string getGeneratorName() { result = source.getSourceOfRandomness().getQualifiedName() }
 }
 
-class InsecureRandomnessInstance extends RandomnessInstance {
+private class InsecureRandomnessInstance extends RandomnessInstance {
   RandomDataSource source;
 
   InsecureRandomnessInstance() {
@@ -143,7 +139,11 @@ class InsecureRandomnessInstance extends RandomnessInstance {
 }
 
 /**
- * Artifact output to node input configuration
+ * An additional flow step in generic data-flow configurations.
+ * Where a step is an edge between nodes `n1` and `n2`,
+ * `this` = `n1` and `getOutput()` = `n2`.
+ *
+ * FOR INTERNAL MODELING USE ONLY.
  */
 abstract class AdditionalFlowInputStep extends DataFlow::Node {
   abstract DataFlow::Node getOutput();
@@ -151,8 +151,6 @@ abstract class AdditionalFlowInputStep extends DataFlow::Node {
   final DataFlow::Node getInput() { result = this }
 }
 
-module ArtifactFlow = DataFlow::Global<ArtifactFlowConfig>;
-
 /**
  * Generic data source to node input configuration
  */
@@ -214,5 +212,7 @@ module ArtifactFlowConfig implements DataFlow::ConfigSig {
 
 module GenericDataSourceFlow = TaintTracking::Global<GenericDataSourceFlowConfig>;
 
+module ArtifactFlow = DataFlow::Global<ArtifactFlowConfig>;
+
 // Import library-specific modeling
 import JCA

java/ql/src/experimental/quantum/InventorySlices/KnownAsymmetricAlgorithm.ql

@@ -10,6 +10,5 @@
 import java
 import experimental.quantum.Language
 
-from Crypto::AlgorithmNode a
-where Crypto::isKnownAsymmetricAlgorithm(a)
+from Crypto::AsymmetricAlgorithmNode a
 select a, a.getAlgorithmName()

java/ql/src/experimental/quantum/InventorySlices/KnownAsymmetricOperationAlgorithm.ql

@@ -10,6 +10,6 @@
 import java
 import experimental.quantum.Language
 
-from Crypto::OperationNode op, Crypto::AlgorithmNode a
-where a = op.getAKnownAlgorithm() and Crypto::isKnownAsymmetricAlgorithm(a)
+from Crypto::OperationNode op, Crypto::AsymmetricAlgorithmNode a
+where a = op.getAKnownAlgorithm()
 select op, a.getAlgorithmName()

java/ql/src/experimental/quantum/InventorySlices/LikelyCryptoAPIFunction.ql

@@ -1,6 +1,6 @@
 /**
  * @name Likely crypto API function
- * @description Detects functions that take in crypto configuration parameters but calls are not detected in source.
+ * @description Outputs functions that take in crypto configuration parameters but calls are not detected in source.
  * @id java/quantum/slices/likely-crypto-api-function
  * @kind problem
  * @severity info