added kg taintracking config to all

java/ql/src/Security/CWE/CWE-326/InsufficientKeySize.ql

@@ -2,7 +2,7 @@
  * @name Insufficient key size used with a cryptographic algorithm
  * @description Using cryptographic algorithms with too small of a key size can
  *              allow an attacker to compromise security.
- * @kind path-problem
+ * @kind problem
  * @problem.severity error
  * @security-severity 7.5
  * @precision high
@@ -13,8 +13,8 @@
 
 import java
 import semmle.code.java.security.InsufficientKeySizeQuery
-import DataFlow::PathGraph
 
+//import DataFlow::PathGraph
 // from Expr e, string msg
 // where hasInsufficientKeySize(e, msg)
 // select e, msg
@@ -34,9 +34,11 @@ import DataFlow::PathGraph
 // select sink.getNode(), source, sink, "This $@ is too small, and flows to $@.", source.getNode(),
 //   "key size", sink.getNode(), "here"
 // * Use Above
+// * Use Below for taint-tracking with kpg
 from DataFlow::Node source, DataFlow::Node sink
-where exists(AsymmetricKeyTrackingConfiguration config1 | config1.hasFlow(source, sink)) //or
-//exists(AsymmetricECCKeyTrackingConfiguration config2 | config2.hasFlowPath(source, sink)) //or
-//exists(SymmetricKeyTrackingConfiguration config3 | config3.hasFlowPath(source, sink))
-select sink, source, sink, "This $@ is too small, and flows to $@.", source, "key size", sink,
-  "here"
+where
+  exists(AsymmetricKeyTrackingConfiguration config1 | config1.hasFlow(source, sink)) or
+  exists(AsymmetricECCKeyTrackingConfiguration config2 | config2.hasFlow(source, sink)) or
+  exists(SymmetricKeyTrackingConfiguration config3 | config3.hasFlow(source, sink))
+select sink, "This $@ is too small and creates a key $@.", source, "key size", sink, "here"
+// * Use Above for taint-tracking with kpg