Change Java inventory slices to @kind table

java/ql/src/experimental/quantum/Examples/InsecureOrUnknownNonceAtOperation.ql

@@ -1,70 +0,0 @@
-/**
- * @name Insecure or unknown nonce source at a cipher operation
- * @id java/insecure-or-unknown-nonce-at-operation
- * @kind problem
- */
-
-import experimental.quantum.Language
-
-from
-  Crypto::NonceArtifactNode n, Crypto::KeyOperationNode op, Crypto::FlowAwareElement src, string msg
-where
-  op.getANonce() = n and
-  // Only encryption mode is relevant for insecure nonces, consder any 'unknown' subtype
-  // as possibly encryption.
-  (
-    op.getKeyOperationSubtype() instanceof Crypto::EncryptionSubtype
-    or
-    op.getKeyOperationSubtype() instanceof Crypto::WrapSubtype
-    or
-    op.getKeyOperationSubtype() instanceof Crypto::UnwrapSubtype
-  ) and
-  (
-    // Known sources cases that are not secure
-    src = n.getSourceElement() and
-    not src instanceof SecureRandomnessInstance and
-    msg = "Operation uses insecure nonce source $@"
-    or
-    // Totally unknown sources (unmodeled input sources)
-    not exists(n.getSourceElement()) and
-    msg = "Operation uses unknown nonce source" and
-    src = n.asElement()
-  )
-select n, msg, src, src.toString()
-// variant using instances, does not yield the same results
-// from Crypto::NonceArtifactConsumer n, Crypto::CipherOperationInstance op, Crypto::FlowAwareElement src, string msg
-// where
-//   op.getNonceConsumer() = n and
-// TODO: only perform the query on encryption
-//   (
-//     // Known sources cases that are not secure
-//     src = n.getAKnownArtifactSource()and
-//       not src instanceof SecureRandomnessInstance and
-//       msg = "Operation uses insecure nonce source $@"
-//     or
-//     // Totally unknown sources (unmodeled input sources)
-//     // When this occurs set src to n, just to bind it, but the output message will not report any source
-//     not exists(n.getAKnownArtifactSource()) and msg = "Operation uses unknown nonce source" and src = n
-//   )
-// select n, msg, src, src.toString()
-// NOTE: this will find all unknowns too, constants, and allocations, without needing to model them
-// which is kinda nice, but accidental, since getSourceElement is not modeled for everything
-// If users want to find constants or unallocated, they need to model those sources, and output the
-// getSourceElement
-// QUESTION: why isn't the source element a node?
-// NOTE: when not all sources are modeled, if one source is secure, even if others do exist, you
-// will see the nonce and operation are secure, regardless of potentially insecure IV sources
-// resulting in False Negatives
-// NOTE: need to have a query where the op has no Nonce
-// // Ideal query
-// from Crypto::NonceNode n, Crypto::CipherOperationNode op
-// where
-// n = op.getANonce() and
-// // n = op.getAnUnknownNonce()
-// not n.asElement() instanceof SecureRandomSource
-// select op, "Operation uses insecure nonce source @", n, n.toString()
-//  from Crypto::Nonce n, Crypto::ArtifactLocatableElement nonceSrc
-//  where
-//    n.() = nonceSrc and
-//    not nonceSrc instanceof SecureRandomnessInstance
-// select n, nonceSrc

java/ql/src/experimental/quantum/Examples/TestCipherKey.ql

@@ -1,17 +0,0 @@
-/**
- * @name "PQC Test"
- */
-
-import experimental.quantum.Language
-
-from Crypto::KeyOperationNode op, Crypto::CipherAlgorithmNode a, Crypto::KeyArtifactNode k
-where
-  a = op.getAKnownCipherAlgorithm() and
-  k = op.getAKey()
-select op, op.getKeyOperationSubtype(), a, a.getRawAlgorithmName(), k, k.getSourceNode()
-/*
- * from Crypto::CipherOperationNode op
- * where op.getLocation().getFile().getBaseName() = "AsymmetricEncryptionMacHybridCryptosystem.java"
- * select op, op.getAKey().getSourceNode()
- */
-

java/ql/src/experimental/quantum/InventorySlices/KnownAsymmetricAlgorithm.ql

@@ -1,7 +1,7 @@
 /**
  * @name Detects known asymmetric algorithms
  * @id java/crypto_inventory_slices/known_asymmetric_algorithm
- * @kind problem
+ * @kind table
  */
 
 import java

java/ql/src/experimental/quantum/InventorySlices/KnownAsymmetricCipherAlgorithm.ql

@@ -1,7 +1,7 @@
 /**
  * @name Detects known asymmetric cipher algorithms
  * @id java/crypto_inventory_slices/known_asymmetric_cipher_algorithm
- * @kind problem
+ * @kind table
  */
 
 import java

java/ql/src/experimental/quantum/InventorySlices/KnownAsymmetricOperationAlgorithm.ql

@@ -1,7 +1,7 @@
 /**
  * @name Detects operations where the algorithm applied is a known asymmetric algorithms
  * @id java/crypto_inventory_slices/known_asymmetric_operation_algorithm
- * @kind problem
+ * @kind table
  */
 
 import java

java/ql/src/experimental/quantum/InventorySlices/KnownCipherAlgorithm.ql

@@ -1,7 +1,7 @@
 /**
  * @name Detects known cipher algorithms
  * @id java/crypto_inventory_slices/known_cipher_algorithm
- * @kind problem
+ * @kind table
  */
 
 import java

java/ql/src/experimental/quantum/InventorySlices/KnownEllipticCurveAlgorithm.ql

@@ -1,7 +1,7 @@
 /**
  * @name Detects known elliptic curve algorithms
  * @id java/crypto_inventory_slices/known_elliptic_curve_algorithm
- * @kind problem
+ * @kind table
  */
 
 import java

java/ql/src/experimental/quantum/InventorySlices/KnownHashingAlgorithm.ql

@@ -1,7 +1,7 @@
 /**
  * @name Detects algorithms that are known hashing algorithms
  * @id java/crypto_inventory_slices/known_hashing_algorithm
- * @kind problem
+ * @kind table
  */
 
 import java

java/ql/src/experimental/quantum/InventorySlices/KnownHashingOperation.ql

@@ -1,7 +1,7 @@
 /**
  * @name Detects uses of hashing operations (operations exlicitly for hashing only, irrespective of the algorithm used)
  * @id java/crypto_inventory_slices/known_hashing_operation
- * @kind problem
+ * @kind table
  */
 
 import java

java/ql/src/experimental/quantum/InventorySlices/KnownHashingOperationAlgorithm.ql

@@ -1,7 +1,7 @@
 /**
  * @name Detects operations where the algorithm applied is a known hashing algorithm
  * @id java/crypto_inventory_slices/operation_with_known_hashing_algorithm
- * @kind problem
+ * @kind table
  */
 
 import java

java/ql/src/experimental/quantum/InventorySlices/KnownKeyDerivationAlgorithm.ql

@@ -1,7 +1,7 @@
 /**
  * @name Detects known key derivation algorithms
  * @id java/crypto_inventory_slices/known_key_derivation_algorithm
- * @kind problem
+ * @kind table
  */
 
 import java

java/ql/src/experimental/quantum/InventorySlices/KnownKeyDerivationOperation.ql

@@ -1,7 +1,7 @@
 /**
  * @name Detects uses of key derivation operations (operations exlicitly for key derivation only, irrespective of the algorithm used)
  * @id java/crypto_inventory_slices/known_key_derivation_operation
- * @kind problem
+ * @kind table
  */
 
 import java

java/ql/src/experimental/quantum/InventorySlices/KnownKeyDerivationOperationAlgorithm.ql

@@ -1,8 +1,7 @@
 /**
  * @name Detects operations where the algorithm applied is a known key derivation algorithm
- * @id java/cryptography-inventory-slices/operation-known-key-derivation-algorithm
- * @description This query identifies operations that utilize a known key derivation algorithm.
- * @kind problem
+ * @id java/crypto_inventory_slices/operation_known_key_derivation_algorithm
+ * @kind table
  */
 
 import java

java/ql/src/experimental/quantum/InventorySlices/KnownSymmetricCipherAlgorithm.ql

@@ -1,7 +1,7 @@
 /**
  * @name Detects known symmetric cipher algorithms
  * @id java/crypto_inventory_slices/known_symmetric_cipher_algorithm
- * @kind problem
+ * @kind table
  */
 
 import java

java/ql/src/experimental/quantum/InventorySlices/LikelyCryptoAPIFunction.ql

@@ -1,7 +1,7 @@
 /**
  * @name Detects functions that take in crypto configuration parameters but calls are not detected in source.
  * @id java/crypto_inventory_slices/likely_crypto_api_function
- * @kind problem
+ * @kind table
  */
 
 import java

java/ql/src/experimental/quantum/InventorySlices/UnknownOperationAlgorithm.ql

@@ -1,7 +1,7 @@
 /**
  * @name Detects operations where the algorithm applied is unknown
  * @id java/crypto_inventory_slices/unknown_operation_algorithm
- * @kind problem
+ * @kind table
  */
 
 import java