From b558e844ffa902b6ab7b665c902ca3e1bbdaed1c Mon Sep 17 00:00:00 2001 From: Nicolas Will Date: Thu, 8 May 2025 03:56:20 +0200 Subject: [PATCH] Update slice query metadata and output tables --- .../InventorySlices/KnownAsymmetricAlgorithm.ql | 9 ++++++--- .../InventorySlices/KnownAsymmetricCipherAlgorithm.ql | 9 ++++++--- .../KnownAsymmetricOperationAlgorithm.ql | 9 ++++++--- .../quantum/InventorySlices/KnownCipherAlgorithm.ql | 9 ++++++--- .../InventorySlices/KnownEllipticCurveAlgorithm.ql | 9 ++++++--- .../quantum/InventorySlices/KnownHashingAlgorithm.ql | 9 ++++++--- .../quantum/InventorySlices/KnownHashingOperation.ql | 9 ++++++--- .../InventorySlices/KnownHashingOperationAlgorithm.ql | 9 ++++++--- .../InventorySlices/KnownKeyDerivationAlgorithm.ql | 9 ++++++--- .../InventorySlices/KnownKeyDerivationOperation.ql | 9 ++++++--- .../KnownKeyDerivationOperationAlgorithm.ql | 9 ++++++--- .../InventorySlices/KnownSymmetricCipherAlgorithm.ql | 9 ++++++--- .../quantum/InventorySlices/LikelyCryptoAPIFunction.ql | 10 +++++++--- .../InventorySlices/UnknownOperationAlgorithm.ql | 10 +++++++--- 14 files changed, 86 insertions(+), 42 deletions(-) diff --git a/java/ql/src/experimental/quantum/InventorySlices/KnownAsymmetricAlgorithm.ql b/java/ql/src/experimental/quantum/InventorySlices/KnownAsymmetricAlgorithm.ql index 918be510b6c..a74da7d1acc 100644 --- a/java/ql/src/experimental/quantum/InventorySlices/KnownAsymmetricAlgorithm.ql +++ b/java/ql/src/experimental/quantum/InventorySlices/KnownAsymmetricAlgorithm.ql @@ -1,7 +1,10 @@ /** - * @name Detects known asymmetric algorithms - * @id java/crypto_inventory_slices/known_asymmetric_algorithm + * @name Operations using known asymmetric cipher algorithms (slice) + * @description Outputs operations where the algorithm used is a known asymmetric cipher algorithm. + * @id java/quantum/slices/known-asymmetric-cipher-algorithm * @kind table + * @tags quantum + * experimental */ import java @@ -9,4 +12,4 @@ import experimental.quantum.Language from Crypto::AlgorithmNode a where Crypto::isKnownAsymmetricAlgorithm(a) -select a, "Instance of asymmetric algorithm " + a.getAlgorithmName() +select a, a.getAlgorithmName() diff --git a/java/ql/src/experimental/quantum/InventorySlices/KnownAsymmetricCipherAlgorithm.ql b/java/ql/src/experimental/quantum/InventorySlices/KnownAsymmetricCipherAlgorithm.ql index b40910b10f4..69643d92cd2 100644 --- a/java/ql/src/experimental/quantum/InventorySlices/KnownAsymmetricCipherAlgorithm.ql +++ b/java/ql/src/experimental/quantum/InventorySlices/KnownAsymmetricCipherAlgorithm.ql @@ -1,7 +1,10 @@ /** - * @name Detects known asymmetric cipher algorithms - * @id java/crypto_inventory_slices/known_asymmetric_cipher_algorithm + * @name Known asymmetric cipher algorithms (slice) + * @description Outputs known asymmetric cipher algorithms. + * @id java/quantum/slices/known-asymmetric-cipher-algorithm * @kind table + * @tags quantum + * experimental */ import java @@ -9,4 +12,4 @@ import experimental.quantum.Language from Crypto::KeyOperationAlgorithmNode a where a.getAlgorithmType() instanceof Crypto::KeyOpAlg::AsymmetricCipherAlgorithm -select a, "Instance of asymmetric cipher algorithm " + a.getAlgorithmName() +select a, a.getAlgorithmName() diff --git a/java/ql/src/experimental/quantum/InventorySlices/KnownAsymmetricOperationAlgorithm.ql b/java/ql/src/experimental/quantum/InventorySlices/KnownAsymmetricOperationAlgorithm.ql index b3e0097ec4c..224ee1161fb 100644 --- a/java/ql/src/experimental/quantum/InventorySlices/KnownAsymmetricOperationAlgorithm.ql +++ b/java/ql/src/experimental/quantum/InventorySlices/KnownAsymmetricOperationAlgorithm.ql @@ -1,7 +1,10 @@ /** - * @name Detects operations where the algorithm applied is a known asymmetric algorithms - * @id java/crypto_inventory_slices/known_asymmetric_operation_algorithm + * @name Operations using known asymmetric algorithms (slice) + * @description Outputs operations where the algorithm used is a known asymmetric algorithm. + * @id java/quantum/slices/known-asymmetric-operation-algorithm * @kind table + * @tags quantum + * experimental */ import java @@ -9,4 +12,4 @@ import experimental.quantum.Language from Crypto::OperationNode op, Crypto::AlgorithmNode a where a = op.getAKnownAlgorithm() and Crypto::isKnownAsymmetricAlgorithm(a) -select op, "Operation using asymmetric algorithm $@", a, a.getAlgorithmName() +select op, a.getAlgorithmName() diff --git a/java/ql/src/experimental/quantum/InventorySlices/KnownCipherAlgorithm.ql b/java/ql/src/experimental/quantum/InventorySlices/KnownCipherAlgorithm.ql index de80f2a6d1a..da3371a59b3 100644 --- a/java/ql/src/experimental/quantum/InventorySlices/KnownCipherAlgorithm.ql +++ b/java/ql/src/experimental/quantum/InventorySlices/KnownCipherAlgorithm.ql @@ -1,7 +1,10 @@ /** - * @name Detects known cipher algorithms - * @id java/crypto_inventory_slices/known_cipher_algorithm + * @name Known cipher algorithms (slice) + * @description Outputs known cipher algorithms. + * @id java/quantum/slices/known-cipher-algorithm * @kind table + * @tags quantum + * experimental */ import java @@ -12,4 +15,4 @@ from Crypto::KeyOperationAlgorithmNode a where a.getAlgorithmType() instanceof Crypto::KeyOpAlg::AsymmetricCipherAlgorithm or a.getAlgorithmType() instanceof Crypto::KeyOpAlg::SymmetricCipherAlgorithm -select a, "Instance of cipher algorithm " + a.getAlgorithmName() +select a, a.getAlgorithmName() diff --git a/java/ql/src/experimental/quantum/InventorySlices/KnownEllipticCurveAlgorithm.ql b/java/ql/src/experimental/quantum/InventorySlices/KnownEllipticCurveAlgorithm.ql index dd204bfd54e..ca72e2de251 100644 --- a/java/ql/src/experimental/quantum/InventorySlices/KnownEllipticCurveAlgorithm.ql +++ b/java/ql/src/experimental/quantum/InventorySlices/KnownEllipticCurveAlgorithm.ql @@ -1,11 +1,14 @@ /** - * @name Detects known elliptic curve algorithms - * @id java/crypto_inventory_slices/known_elliptic_curve_algorithm + * @name Known elliptic curve algorithms (slice) + * @description Outputs known elliptic curve algorithms. + * @id java/quantum/slices/known-elliptic-curve-algorithm * @kind table + * @tags quantum + * experimental */ import java import experimental.quantum.Language from Crypto::EllipticCurveNode a -select a, "Instance of elliptic curve algorithm " + a.getAlgorithmName() +select a, a.getAlgorithmName() diff --git a/java/ql/src/experimental/quantum/InventorySlices/KnownHashingAlgorithm.ql b/java/ql/src/experimental/quantum/InventorySlices/KnownHashingAlgorithm.ql index 26762543740..042f3b3dc91 100644 --- a/java/ql/src/experimental/quantum/InventorySlices/KnownHashingAlgorithm.ql +++ b/java/ql/src/experimental/quantum/InventorySlices/KnownHashingAlgorithm.ql @@ -1,11 +1,14 @@ /** - * @name Detects algorithms that are known hashing algorithms - * @id java/crypto_inventory_slices/known_hashing_algorithm + * @name Known hashing algorithms (slice) + * @description Outputs known hashing algorithms. + * @id java/quantum/slices/known-hashing-algorithm * @kind table + * @tags quantum + * experimental */ import java import experimental.quantum.Language from Crypto::HashAlgorithmNode a -select a, "Instance of hashing algorithm " + a.getAlgorithmName() +select a, a.getAlgorithmName() diff --git a/java/ql/src/experimental/quantum/InventorySlices/KnownHashingOperation.ql b/java/ql/src/experimental/quantum/InventorySlices/KnownHashingOperation.ql index 2edfa6190ea..b004fae7fbb 100644 --- a/java/ql/src/experimental/quantum/InventorySlices/KnownHashingOperation.ql +++ b/java/ql/src/experimental/quantum/InventorySlices/KnownHashingOperation.ql @@ -1,11 +1,14 @@ /** - * @name Detects uses of hashing operations (operations exlicitly for hashing only, irrespective of the algorithm used) - * @id java/crypto_inventory_slices/known_hashing_operation + * @name Known hashing operations (slice) + * @description Outputs known hashing operations. + * @id java/quantum/slices/known-hashing-operation * @kind table + * @tags quantum + * experimental */ import java import experimental.quantum.Language from Crypto::HashOperationNode op -select op, "Known hashing operation" +select op diff --git a/java/ql/src/experimental/quantum/InventorySlices/KnownHashingOperationAlgorithm.ql b/java/ql/src/experimental/quantum/InventorySlices/KnownHashingOperationAlgorithm.ql index 6ee2ce9ac4d..38d197bb7dd 100644 --- a/java/ql/src/experimental/quantum/InventorySlices/KnownHashingOperationAlgorithm.ql +++ b/java/ql/src/experimental/quantum/InventorySlices/KnownHashingOperationAlgorithm.ql @@ -1,7 +1,10 @@ /** - * @name Detects operations where the algorithm applied is a known hashing algorithm - * @id java/crypto_inventory_slices/operation_with_known_hashing_algorithm + * @name Operations using known hashing algorithms (slice) + * @description Outputs operations where the algorithm used is a known hashing algorithm. + * @id java/quantum/slices/operation-with-known-hashing-algorithm * @kind table + * @tags quantum + * experimental */ import java @@ -9,4 +12,4 @@ import experimental.quantum.Language from Crypto::OperationNode op, Crypto::HashAlgorithmNode a where a = op.getAKnownAlgorithm() -select op, "Operation using hashing algorithm $@", a, a.getAlgorithmName() +select op, a.getAlgorithmName() diff --git a/java/ql/src/experimental/quantum/InventorySlices/KnownKeyDerivationAlgorithm.ql b/java/ql/src/experimental/quantum/InventorySlices/KnownKeyDerivationAlgorithm.ql index 28de1170d27..5a9744c966b 100644 --- a/java/ql/src/experimental/quantum/InventorySlices/KnownKeyDerivationAlgorithm.ql +++ b/java/ql/src/experimental/quantum/InventorySlices/KnownKeyDerivationAlgorithm.ql @@ -1,11 +1,14 @@ /** - * @name Detects known key derivation algorithms - * @id java/crypto_inventory_slices/known_key_derivation_algorithm + * @name Known key derivation algorithms (slice) + * @description Outputs known key derivation algorithms. + * @id java/quantum/slices/known-key-derivation-algorithm * @kind table + * @tags quantum + * experimental */ import java import experimental.quantum.Language from Crypto::KeyDerivationAlgorithmNode alg -select alg, "Known key derivation algorithm " + alg.getAlgorithmName() +select alg, alg.getAlgorithmName() diff --git a/java/ql/src/experimental/quantum/InventorySlices/KnownKeyDerivationOperation.ql b/java/ql/src/experimental/quantum/InventorySlices/KnownKeyDerivationOperation.ql index c0ee9c88b2b..95623ec7a1e 100644 --- a/java/ql/src/experimental/quantum/InventorySlices/KnownKeyDerivationOperation.ql +++ b/java/ql/src/experimental/quantum/InventorySlices/KnownKeyDerivationOperation.ql @@ -1,11 +1,14 @@ /** - * @name Detects uses of key derivation operations (operations exlicitly for key derivation only, irrespective of the algorithm used) - * @id java/crypto_inventory_slices/known_key_derivation_operation + * @name Known key derivation operations (slice) + * @description Outputs known key derivation operations. + * @id java/quantum/slices/known-key-derivation-operation * @kind table + * @tags quantum + * experimental */ import java import experimental.quantum.Language from Crypto::KeyDerivationOperationNode op -select op, "Known key derivation operation" +select op diff --git a/java/ql/src/experimental/quantum/InventorySlices/KnownKeyDerivationOperationAlgorithm.ql b/java/ql/src/experimental/quantum/InventorySlices/KnownKeyDerivationOperationAlgorithm.ql index db27630cafa..efbfd9ed865 100644 --- a/java/ql/src/experimental/quantum/InventorySlices/KnownKeyDerivationOperationAlgorithm.ql +++ b/java/ql/src/experimental/quantum/InventorySlices/KnownKeyDerivationOperationAlgorithm.ql @@ -1,7 +1,10 @@ /** - * @name Detects operations where the algorithm applied is a known key derivation algorithm - * @id java/crypto_inventory_slices/operation_known_key_derivation_algorithm + * @name Operations using known key derivation algorithms (slice) + * @description Outputs operations where the algorithm used is a known key derivation algorithm. + * @id java/quantum/slices/operation-with-known-kdf-algorithm * @kind table + * @tags quantum + * experimental */ import java @@ -9,4 +12,4 @@ import experimental.quantum.Language from Crypto::OperationNode op, Crypto::KeyDerivationAlgorithmNode a where a = op.getAKnownAlgorithm() -select op, "Operation using key derivation algorithm $@", a, a.getAlgorithmName() +select op, a.getAlgorithmName() diff --git a/java/ql/src/experimental/quantum/InventorySlices/KnownSymmetricCipherAlgorithm.ql b/java/ql/src/experimental/quantum/InventorySlices/KnownSymmetricCipherAlgorithm.ql index 6c5f9c63677..e4a8d3ff867 100644 --- a/java/ql/src/experimental/quantum/InventorySlices/KnownSymmetricCipherAlgorithm.ql +++ b/java/ql/src/experimental/quantum/InventorySlices/KnownSymmetricCipherAlgorithm.ql @@ -1,7 +1,10 @@ /** - * @name Detects known symmetric cipher algorithms - * @id java/crypto_inventory_slices/known_symmetric_cipher_algorithm + * @name Known symmetric cipher algorithms (slice) + * @description Outputs known symmetric cipher algorithms. + * @id java/quantum/slices/known-symmetric-cipher-algorithm * @kind table + * @tags quantum + * experimental */ import java @@ -9,4 +12,4 @@ import experimental.quantum.Language from Crypto::KeyOperationAlgorithmNode a where a.getAlgorithmType() instanceof Crypto::KeyOpAlg::SymmetricCipherAlgorithm -select a, "Instance of symmetric cipher algorithm " + a.getAlgorithmName() +select a, a.getAlgorithmName() diff --git a/java/ql/src/experimental/quantum/InventorySlices/LikelyCryptoAPIFunction.ql b/java/ql/src/experimental/quantum/InventorySlices/LikelyCryptoAPIFunction.ql index cb16064667a..2b81cf22dba 100644 --- a/java/ql/src/experimental/quantum/InventorySlices/LikelyCryptoAPIFunction.ql +++ b/java/ql/src/experimental/quantum/InventorySlices/LikelyCryptoAPIFunction.ql @@ -1,7 +1,11 @@ /** - * @name Detects functions that take in crypto configuration parameters but calls are not detected in source. - * @id java/crypto_inventory_slices/likely_crypto_api_function - * @kind table + * @name Likely crypto API function + * @description Detects functions that take in crypto configuration parameters but calls are not detected in source. + * @id java/quantum/slices/likely-crypto-api-function + * @kind problem + * @severity info + * @tags quantum + * experimental */ import java diff --git a/java/ql/src/experimental/quantum/InventorySlices/UnknownOperationAlgorithm.ql b/java/ql/src/experimental/quantum/InventorySlices/UnknownOperationAlgorithm.ql index 962e8945e81..8469924a850 100644 --- a/java/ql/src/experimental/quantum/InventorySlices/UnknownOperationAlgorithm.ql +++ b/java/ql/src/experimental/quantum/InventorySlices/UnknownOperationAlgorithm.ql @@ -1,7 +1,11 @@ /** - * @name Detects operations where the algorithm applied is unknown - * @id java/crypto_inventory_slices/unknown_operation_algorithm - * @kind table + * @name Operations with unknown algorithm + * @description Outputs operations where the algorithm applied is unknown + * @id java/quantum/slices/operation-with-unknown-algorithm + * @kind problem + * @severity info + * @tags quantum + * experimental */ import java