Crypto: altering all query IDs in examples to have "examples" in the ID, to make clear the query is not intended for production.

2026-02-16 23:13:43 +01:00 · 2025-10-17 13:39:50 -04:00
parent 1b205d8673
commit b06e05362b
13 changed files with 32 additions and 29 deletions
--- a/java/ql/src/experimental/quantum/Examples/WeakBlockModes.ql
+++ b/java/ql/src/experimental/quantum/Examples/WeakBlockModes.ql
@@ -1,6 +1,6 @@
 /**
 * @name Weak AES Block mode
- * @id java/quantum/weak-block-modes
+ * @id java/quantum/examples/weak-block-modes
 * @description An AES cipher is in use with an insecure block mode
 * @kind problem
 * @problem.severity error
--- a/java/ql/src/experimental/quantum/Examples/WeakHash.ql
+++ b/java/ql/src/experimental/quantum/Examples/WeakHash.ql
@@ -1,7 +1,7 @@
 /**
 * @name Weak hashes
 * @description Finds uses of cryptographic hashing algorithms that are unapproved or otherwise weak.
- * @id java/quantum/weak-hash
+ * @id java/quantum/examples/weak-hash
 * @kind problem
 * @problem.severity error
 * @tags external/cwe/cwe-327
--- a/java/ql/src/experimental/quantum/Examples/WeakKDFIterationCount.ql
+++ b/java/ql/src/experimental/quantum/Examples/WeakKDFIterationCount.ql
@@ -1,7 +1,7 @@
 /**
 * @name Weak known key derivation function iteration count
 * @description Detects key derivation operations with a known weak iteration count.
- * @id java/quantum/weak-kdf-iteration-count
+ * @id java/quantum/examples/weak-kdf-iteration-count
 * @kind path-problem
 * @problem.severity error
 * @tags quantum
--- a/java/ql/src/experimental/quantum/Examples/WeakKDFKeySize.ql
+++ b/java/ql/src/experimental/quantum/Examples/WeakKDFKeySize.ql
@@ -1,7 +1,7 @@
 /**
 * @name Weak known key derivation function output length
 * @description Detects key derivation operations with a known weak output length
- * @id java/quantum/weak-kdf-key-size
+ * @id java/quantum/examples/weak-kdf-key-size
 * @kind path-problem
 * @problem.severity error
 * @tags quantum
--- a/java/ql/src/experimental/quantum/Examples/WeakSymmetricCipher.ql
+++ b/java/ql/src/experimental/quantum/Examples/WeakSymmetricCipher.ql
@@ -1,7 +1,7 @@
 /**
 * @name Weak symmetric ciphers
 * @description Finds uses of cryptographic symmetric cipher algorithms that are unapproved or otherwise weak.
- * @id java/quantum/weak-ciphers
+ * @id java/quantum/examples/weak-ciphers
 * @kind problem
 * @problem.severity error
 * @tags external/cwe/cwe-327
@@ -16,6 +16,9 @@ import Crypto::KeyOpAlg as KeyOpAlg
 from Crypto::KeyOperationAlgorithmNode alg, KeyOpAlg::AlgorithmType algType
 where
  algType = alg.getAlgorithmType() and
+  // NOTE: an org may disallow all but AES we could similarly look for
+  // algType != KeyOpAlg::TSymmetricCipher(KeyOpAlg::AES())
+  // This is a more comprehensive check than looking for all weak ciphers
  (
    algType = KeyOpAlg::TSymmetricCipher(KeyOpAlg::DES()) or
    algType = KeyOpAlg::TSymmetricCipher(KeyOpAlg::TRIPLE_DES()) or
--- a/java/ql/src/experimental/quantum/InventorySlices/UnknownOperationAlgorithm.ql
+++ b/java/ql/src/experimental/quantum/InventorySlices/UnknownOperationAlgorithm.ql
@@ -1,7 +1,7 @@
 /**
 * @name Operations with unknown algorithm
 * @description Outputs operations where the algorithm applied is unknown
- * @id java/quantum/slices/operation-with-unknown-algorithm
+ * @id java/quantum/examples/slices/operation-with-unknown-algorithm
 * @kind problem
 * @severity info
 * @tags quantum