add draft code to find algo type to replace tainttracking configs

java/ql/src/Security/CWE/CWE-326/InsufficientKeySize.ql

@@ -4,6 +4,7 @@
  *              allow an attacker to compromise security.
  * @kind path-problem
  * @problem.severity error
+ * @security-severity 7.5
  * @precision high
  * @id java/insufficient-key-size
  * @tags security
@@ -12,10 +13,12 @@
 
 import java
 import semmle.code.java.security.InsufficientKeySizeQuery
+import DataFlow::PathGraph
 
 // from Expr e, string msg
 // where hasInsufficientKeySize(e, msg)
 // select e, msg
 from AsymmetricKeyTrackingConfiguration cfg, DataFlow::PathNode source, DataFlow::PathNode sink
 where cfg.hasFlowPath(source, sink)
-select sink, source, sink, "The size of this RSA key should be at least 2048 bits."
+select sink.getNode(), source, sink, "The $@ of an asymmetric key should be at least 2048 bits.",
+  sink.getNode(), "size"