Crypto: altering all query IDs in examples to have "examples" in the ID, to make clear the query is not intended for production.

java/ql/test/experimental/query-tests/quantum/examples/BadMacUse/BadMacUse.java

@@ -57,7 +57,7 @@ class BadMacUse {
         SecretKey macKey = new SecretKeySpec(macKeyBytes, "HmacSHA256");
         Mac mac = Mac.getInstance("HmacSHA256");
         mac.init(macKey);
-        byte[] computedMac = mac.doFinal(plaintext); // $Alert[java/quantum/bad-mac-order-decrypt-to-mac]
+        byte[] computedMac = mac.doFinal(plaintext); // $Alert[java/quantum/examples/bad-mac-order-decrypt-to-mac]
 
         if (!MessageDigest.isEqual(receivedMac, computedMac)) {
             throw new SecurityException("MAC verification failed");
@@ -77,7 +77,7 @@ class BadMacUse {
         // Encrypt the plaintext
         Cipher cipher = Cipher.getInstance("AES/GCM/NoPadding");
         cipher.init(Cipher.ENCRYPT_MODE, encryptionKey, new SecureRandom());
-        byte[] ciphertext = cipher.doFinal(plaintext); // $Alert[java/quantum/bad-mac-order-encrypt-plaintext-also-in-mac]
+        byte[] ciphertext = cipher.doFinal(plaintext); // $Alert[java/quantum/examples/bad-mac-order-encrypt-plaintext-also-in-mac]
 
         // Concatenate ciphertext and MAC
         byte[] output = new byte[ciphertext.length + computedMac.length];

java/ql/test/experimental/query-tests/quantum/examples/InsecureOrUnknownNonceSource/InsecureIVorNonceSource.java

@@ -17,7 +17,7 @@ public class InsecureIVorNonceSource {
         SecretKeySpec keySpec = new SecretKeySpec(key, "AES");
 
         Cipher cipher = Cipher.getInstance("AES/GCM/PKCS5PADDING");
-        cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivSpec); // $Alert[java/quantum/insecure-iv-or-nonce]
+        cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivSpec); // $Alert[java/quantum/examples/insecure-iv-or-nonce]
         cipher.update(plaintext);
         return cipher.doFinal();
     }
@@ -30,7 +30,7 @@ public class InsecureIVorNonceSource {
         SecretKeySpec keySpec = new SecretKeySpec(key, "AES");
 
         Cipher cipher = Cipher.getInstance("AES/GCM/PKCS5PADDING");
-        cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivSpec); // $Alert[java/quantum/unknown-iv-or-nonce-source]
+        cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivSpec); // $Alert[java/quantum/examples/unknown-iv-or-nonce-source]
         cipher.update(plaintext);
         return cipher.doFinal();
     }
@@ -46,7 +46,7 @@ public class InsecureIVorNonceSource {
         SecretKeySpec keySpec = new SecretKeySpec(key, "AES");
 
         Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5PADDING");
-        cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivSpec); // $Alert[java/quantum/insecure-iv-or-nonce]
+        cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivSpec); // $Alert[java/quantum/examples/insecure-iv-or-nonce]
         cipher.update(plaintext);
         return cipher.doFinal();
     }
@@ -62,7 +62,7 @@ public class InsecureIVorNonceSource {
         SecretKeySpec keySpec = new SecretKeySpec(key, "AES");
 
         Cipher cipher = Cipher.getInstance("AES/GCM/PKCS5PADDING");
-        cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivSpec); // $Alert[java/quantum/insecure-iv-or-nonce]
+        cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivSpec); // $Alert[java/quantum/examples/insecure-iv-or-nonce]
         cipher.update(plaintext);
         return cipher.doFinal();
     }
@@ -78,7 +78,7 @@ public class InsecureIVorNonceSource {
         SecretKeySpec keySpec = new SecretKeySpec(key, "AES");
 
         Cipher cipher = Cipher.getInstance("AES/GCM/PKCS5PADDING");
-        cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivSpec); // $Alert[java/quantum/insecure-iv-or-nonce]
+        cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivSpec); // $Alert[java/quantum/examples/insecure-iv-or-nonce]
         cipher.update(plaintext);
         return cipher.doFinal();
     }
@@ -94,7 +94,7 @@ public class InsecureIVorNonceSource {
         SecretKeySpec keySpec = new SecretKeySpec(key, "AES");
 
         Cipher cipher = Cipher.getInstance("AES/GCM/PKCS5PADDING");
-        cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivSpec); // $Alert[java/quantum/unknown-iv-or-nonce-source]
+        cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivSpec); // $Alert[java/quantum/examples/unknown-iv-or-nonce-source]
         cipher.update(plaintext);
         return cipher.doFinal();
     }
@@ -203,7 +203,7 @@ public class InsecureIVorNonceSource {
         SecretKeySpec keySpec = new SecretKeySpec(key, "AES");
 
         Cipher cipher = Cipher.getInstance("AES/CBC/PKCS5PADDING");
-        cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivSpec);  // $Alert[java/quantum/insecure-iv-or-nonce]]
+        cipher.init(Cipher.ENCRYPT_MODE, keySpec, ivSpec);  // $Alert[java/quantum/examples/insecure-iv-or-nonce]]
         cipher.update(plaintext);
         return cipher.doFinal();
     }

java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownAsymmetricKeySize/InsufficientAsymmetricKeySize.java

@@ -2,15 +2,15 @@ import java.security.*;
 public class InsufficientAsymmetricKeySize{
     public static void test() throws Exception{
         KeyPairGenerator keyPairGen1 = KeyPairGenerator.getInstance("RSA");
-        keyPairGen1.initialize(1024); // $Alert[java/quantum/weak-asymmetric-key-gen-size]
+        keyPairGen1.initialize(1024); // $Alert[java/quantum/examples/weak-asymmetric-key-gen-size]
         keyPairGen1.generateKeyPair();
 
         KeyPairGenerator keyPairGen2 = KeyPairGenerator.getInstance("DSA");
-        keyPairGen2.initialize(1024); // $Alert[java/quantum/weak-asymmetric-key-gen-size]
+        keyPairGen2.initialize(1024); // $Alert[java/quantum/examples/weak-asymmetric-key-gen-size]
         keyPairGen2.generateKeyPair();
 
         KeyPairGenerator keyPairGen3 = KeyPairGenerator.getInstance("DH");
-        keyPairGen3.initialize(1024); // $Alert[java/quantum/weak-asymmetric-key-gen-size]
+        keyPairGen3.initialize(1024); // $Alert[java/quantum/examples/weak-asymmetric-key-gen-size]
         keyPairGen3.generateKeyPair();
 
         KeyPairGenerator keyPairGen4 = KeyPairGenerator.getInstance("RSA");

java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownHash/WeakHashing.java

@@ -12,19 +12,19 @@ public class WeakHashing {
         props.load(new FileInputStream("example.properties"));
 
         // BAD: Using a weak hashing algorithm even with a secure default
-        MessageDigest bad = MessageDigest.getInstance(props.getProperty("hashAlg1")); // $Alert[java/quantum/weak-hash]
+        MessageDigest bad = MessageDigest.getInstance(props.getProperty("hashAlg1")); // $Alert[java/quantum/examples/weak-hash]
 
         // BAD: Using a weak hashing algorithm even with a secure default
-        MessageDigest bad2 = MessageDigest.getInstance(props.getProperty("hashAlg1", "SHA-256")); // $Alert[java/quantum/weak-hash]
+        MessageDigest bad2 = MessageDigest.getInstance(props.getProperty("hashAlg1", "SHA-256")); // $Alert[java/quantum/examples/weak-hash]
 
         // BAD: Using a strong hashing algorithm but with a weak default
-        MessageDigest bad3 = MessageDigest.getInstance(props.getProperty("hashAlg2", "MD5")); // $Alert[java/quantum/weak-hash]
+        MessageDigest bad3 = MessageDigest.getInstance(props.getProperty("hashAlg2", "MD5")); // $Alert[java/quantum/examples/weak-hash]
 
         // BAD: Using a weak hash
-        MessageDigest bad4 = MessageDigest.getInstance("SHA-1"); // $Alert[java/quantum/weak-hash]
+        MessageDigest bad4 = MessageDigest.getInstance("SHA-1"); // $Alert[java/quantum/examples/weak-hash]
 
         // BAD: Property does not exist and default (used value) is unknown
-        MessageDigest bad5 = MessageDigest.getInstance(props.getProperty("non-existent_property", "non-existent_default")); // $Alert[java/quantum/unknown-hash]
+        MessageDigest bad5 = MessageDigest.getInstance(props.getProperty("non-existent_property", "non-existent_default")); // $Alert[java/quantum/examples/unknown-hash]
 
         java.util.Properties props2 = new java.util.Properties();
 
@@ -32,13 +32,13 @@ public class WeakHashing {
 
         // BAD: "hashAlg2" is not visible in the file loaded for props2, should be an unknown 
         // FALSE NEGATIVE for unknown hash
-        MessageDigest bad6 = MessageDigest.getInstance(props2.getProperty("hashAlg2", "SHA-256")); // $Alert[java/quantum/unknown-hash]
+        MessageDigest bad6 = MessageDigest.getInstance(props2.getProperty("hashAlg2", "SHA-256")); // $Alert[java/quantum/examples/unknown-hash]
 
         // GOOD: Using a strong hashing algorithm
         MessageDigest ok = MessageDigest.getInstance(props.getProperty("hashAlg2"));
 
         // BAD?: Property does not exist (considered unknown) and but default is secure
-        MessageDigest ok2 = MessageDigest.getInstance(props.getProperty("non-existent-property", "SHA-256")); // $Alert[java/quantum/unknown-hash]
+        MessageDigest ok2 = MessageDigest.getInstance(props.getProperty("non-existent-property", "SHA-256")); // $Alert[java/quantum/examples/unknown-hash]
 
         // GOOD: Using a strong hashing algorithm
         MessageDigest ok3 = MessageDigest.getInstance("SHA3-512");

java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownKDFIterationCount/Test.java

@@ -29,7 +29,7 @@ public class Test {
     public void pbkdf2LowIteration(String password) throws Exception {
         byte[] salt = generateSalt(16);
         int iterationCount = 10; // $Source
-        PBEKeySpec spec = new PBEKeySpec(password.toCharArray(), salt, iterationCount, 256); // $Alert[java/quantum/weak-kdf-iteration-count]
+        PBEKeySpec spec = new PBEKeySpec(password.toCharArray(), salt, iterationCount, 256); // $Alert[java/quantum/examples/weak-kdf-iteration-count]
         SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256");
         byte[] key = factory.generateSecret(spec).getEncoded();
     }
@@ -42,7 +42,7 @@ public class Test {
      */
     public void pbkdf2LowIteration(String password, int iterationCount) throws Exception { // $Source
         byte[] salt = generateSalt(16);
-        PBEKeySpec spec = new PBEKeySpec(password.toCharArray(), salt, iterationCount, 256); // $Alert[java/quantum/unknown-kdf-iteration-count]
+        PBEKeySpec spec = new PBEKeySpec(password.toCharArray(), salt, iterationCount, 256); // $Alert[java/quantum/examples/unknown-kdf-iteration-count]
         SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256");
         byte[] key = factory.generateSecret(spec).getEncoded();
     }

java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownKDFIterationCount/UnknownKDFIterationCount.expected

@@ -1,5 +1,5 @@
 #select
 | Test.java:47:22:47:49 | KeyDerivation | Key derivation operation with unknown iteration: $@ | Test.java:43:53:43:70 | iterationCount | iterationCount |
 testFailures
-| Test.java:45:94:45:145 | // $Alert[java/quantum/unknown-kdf-iteration-count] | Missing result: Alert[java/quantum/unknown-kdf-iteration-count] |
+| Test.java:45:94:45:145 | // $Alert[java/quantum/examples/unknown-kdf-iteration-count] | Missing result: Alert[java/quantum/examples/unknown-kdf-iteration-count] |
 | Test.java:47:22:47:49 | Key derivation operation with unknown iteration: $@ | Unexpected result: Alert |

java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownKDFKeySize/Test.java

@@ -21,7 +21,7 @@ public class Test {
         byte[] salt = generateSalt(16);
         int iterationCount = 100_000;
         int keySize = 64; // $Source
-        PBEKeySpec spec = new PBEKeySpec(password.toCharArray(), salt, iterationCount, keySize); // $Alert[java/quantum/weak-kdf-key-size]
+        PBEKeySpec spec = new PBEKeySpec(password.toCharArray(), salt, iterationCount, keySize); // $Alert[java/quantum/examples/weak-kdf-key-size]
         SecretKeyFactory factory = SecretKeyFactory.getInstance("PBKDF2WithHmacSHA256");
         byte[] key = factory.generateSecret(spec).getEncoded();
     }