Crypto: altering all query IDs in examples to have "examples" in the ID, to make clear the query is not intended for production.

2026-04-29 02:35:15 +02:00 · 2025-10-17 13:39:50 -04:00
parent 1b205d8673
commit b06e05362b
13 changed files with 32 additions and 29 deletions
--- a/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownHash/WeakHashing.java
+++ b/java/ql/test/experimental/query-tests/quantum/examples/WeakOrUnknownHash/WeakHashing.java
@@ -12,19 +12,19 @@ public class WeakHashing {
        props.load(new FileInputStream("example.properties"));

        // BAD: Using a weak hashing algorithm even with a secure default
-        MessageDigest bad = MessageDigest.getInstance(props.getProperty("hashAlg1")); // $Alert[java/quantum/weak-hash]
+        MessageDigest bad = MessageDigest.getInstance(props.getProperty("hashAlg1")); // $Alert[java/quantum/examples/weak-hash]

        // BAD: Using a weak hashing algorithm even with a secure default
-        MessageDigest bad2 = MessageDigest.getInstance(props.getProperty("hashAlg1", "SHA-256")); // $Alert[java/quantum/weak-hash]
+        MessageDigest bad2 = MessageDigest.getInstance(props.getProperty("hashAlg1", "SHA-256")); // $Alert[java/quantum/examples/weak-hash]

        // BAD: Using a strong hashing algorithm but with a weak default
-        MessageDigest bad3 = MessageDigest.getInstance(props.getProperty("hashAlg2", "MD5")); // $Alert[java/quantum/weak-hash]
+        MessageDigest bad3 = MessageDigest.getInstance(props.getProperty("hashAlg2", "MD5")); // $Alert[java/quantum/examples/weak-hash]

        // BAD: Using a weak hash
-        MessageDigest bad4 = MessageDigest.getInstance("SHA-1"); // $Alert[java/quantum/weak-hash]
+        MessageDigest bad4 = MessageDigest.getInstance("SHA-1"); // $Alert[java/quantum/examples/weak-hash]

        // BAD: Property does not exist and default (used value) is unknown
-        MessageDigest bad5 = MessageDigest.getInstance(props.getProperty("non-existent_property", "non-existent_default")); // $Alert[java/quantum/unknown-hash]
+        MessageDigest bad5 = MessageDigest.getInstance(props.getProperty("non-existent_property", "non-existent_default")); // $Alert[java/quantum/examples/unknown-hash]

        java.util.Properties props2 = new java.util.Properties();

@@ -32,13 +32,13 @@ public class WeakHashing {

        // BAD: "hashAlg2" is not visible in the file loaded for props2, should be an unknown 
        // FALSE NEGATIVE for unknown hash
-        MessageDigest bad6 = MessageDigest.getInstance(props2.getProperty("hashAlg2", "SHA-256")); // $Alert[java/quantum/unknown-hash]
+        MessageDigest bad6 = MessageDigest.getInstance(props2.getProperty("hashAlg2", "SHA-256")); // $Alert[java/quantum/examples/unknown-hash]

        // GOOD: Using a strong hashing algorithm
        MessageDigest ok = MessageDigest.getInstance(props.getProperty("hashAlg2"));

        // BAD?: Property does not exist (considered unknown) and but default is secure
-        MessageDigest ok2 = MessageDigest.getInstance(props.getProperty("non-existent-property", "SHA-256")); // $Alert[java/quantum/unknown-hash]
+        MessageDigest ok2 = MessageDigest.getInstance(props.getProperty("non-existent-property", "SHA-256")); // $Alert[java/quantum/examples/unknown-hash]

        // GOOD: Using a strong hashing algorithm
        MessageDigest ok3 = MessageDigest.getInstance("SHA3-512");