Update Java analysis query metadata

2026-02-17 07:23:42 +01:00 · 2025-05-08 04:13:57 +02:00
parent e03f57da9b
commit a57f4a1022
4 changed files with 26 additions and 9 deletions
--- a/java/ql/src/experimental/quantum/Analysis/InsecureNonceSource.ql
+++ b/java/ql/src/experimental/quantum/Analysis/InsecureNonceSource.ql
@@ -1,11 +1,13 @@
 /**
 * @name Insecure nonce at a cipher operation
- * @id java/insecure-nonce
+ * @id java/quantum/insecure-nonce
+ * @description A nonce is generated from a source that is not secure. This can lead to
+ *              vulnerabilities such as replay attacks or key recovery.
 * @kind problem
 * @problem.severity error
 * @precision high
- * @description A nonce is generated from a source that is not secure. This can lead to
- *              vulnerabilities such as replay attacks or key recovery.
+ * @tags quantum
+ *       experimental
 */

 import experimental.quantum.Language
--- a/java/ql/src/experimental/quantum/Analysis/KnownWeakKDFIterationCount.ql
+++ b/java/ql/src/experimental/quantum/Analysis/KnownWeakKDFIterationCount.ql
@@ -1,7 +1,12 @@
 /**
- * @name Detects known weak KDf iteration counts (less than 100k and the count is statically known)
- * @id java/crypto_inventory_filters/known_weak_kdf_iteration_count
+ * @name Weak known key derivation function iteration count
+ * @description Detects key derivation operations with a known weak iteration count.
+ * @id java/quantum/weak-kdf-iteration-count
 * @kind problem
+ * @precision high
+ * @severity problem
+ * @tags quantum
+ *       experimental
 */

 import java
--- a/java/ql/src/experimental/quantum/Analysis/ReusedNonce.ql
+++ b/java/ql/src/experimental/quantum/Analysis/ReusedNonce.ql
@@ -1,7 +1,12 @@
 /**
- * @name Detects reuse of the same nonce in multiple operations
- * @id java/crypto_inventory_filter/nonce_reuse
+ * @name Reuse of cryptographic nonce
+ * @description Reuse of nonce in cryptographic operations can lead to vulnerabilities.
+ * @id java/quantum/reused-nonce
 * @kind problem
+ * @precision medium
+ * @severity problem
+ * @tags quantum
+ *       experimental
 */

 import java
--- a/java/ql/src/experimental/quantum/Analysis/UnknownKDFIterationCount.ql
+++ b/java/ql/src/experimental/quantum/Analysis/UnknownKDFIterationCount.ql
@@ -1,7 +1,12 @@
 /**
- * @name Detects unknown KDf iteration counts
- * @id java/crypto_inventory_filters/unknown_kdf_iteration_count
+ * @name Unknown key derivation function iteration count
+ * @description Detects key derivation operations with an unknown iteration count.
+ * @id java/quantum/unknown-kdf-iteration-count
 * @kind problem
+ * @precision medium
+ * @severity warning
+ * @tags quantum
+ *       experimental
 */

 import java