From 62d5d957ab7ae87df84130a293cbe2f4ba4025e5 Mon Sep 17 00:00:00 2001 From: Mark C Date: Wed, 1 Oct 2025 11:57:38 +0100 Subject: [PATCH] added java cryptographic discovery queries --- .../quantum/InventorySlices/KnownAsymmetricAlgorithm.ql | 3 ++- .../quantum/InventorySlices/KnownAsymmetricCipherAlgorithm.ql | 4 +++- .../InventorySlices/KnownAsymmetricOperationAlgorithm.ql | 3 ++- .../quantum/InventorySlices/KnownCipherAlgorithm.ql | 4 +++- .../quantum/InventorySlices/KnownEllipticCurveAlgorithm.ql | 3 ++- .../quantum/InventorySlices/KnownHashingAlgorithm.ql | 3 ++- .../quantum/InventorySlices/KnownHashingOperationAlgorithm.ql | 3 ++- .../quantum/InventorySlices/KnownKeyDerivationAlgorithm.ql | 3 ++- .../InventorySlices/KnownKeyDerivationOperationAlgorithm.ql | 3 ++- .../quantum/InventorySlices/KnownSymmetricCipherAlgorithm.ql | 3 ++- .../quantum/InventorySlices/LikelyCryptoAPIFunction.ql | 2 +- .../quantum/InventorySlices/UnknownOperationAlgorithm.ql | 2 +- 12 files changed, 24 insertions(+), 12 deletions(-) diff --git a/java/ql/src/experimental/quantum/InventorySlices/KnownAsymmetricAlgorithm.ql b/java/ql/src/experimental/quantum/InventorySlices/KnownAsymmetricAlgorithm.ql index dbdc832c70b5..02d327bce898 100644 --- a/java/ql/src/experimental/quantum/InventorySlices/KnownAsymmetricAlgorithm.ql +++ b/java/ql/src/experimental/quantum/InventorySlices/KnownAsymmetricAlgorithm.ql @@ -2,7 +2,8 @@ * @name Operations using known asymmetric cipher algorithms (slice) * @description Outputs operations where the algorithm used is a known asymmetric cipher algorithm. * @id java/quantum/slices/known-asymmetric-algorithm - * @kind table + * @kind problem + * @severity recommendation * @tags quantum * experimental */ diff --git a/java/ql/src/experimental/quantum/InventorySlices/KnownAsymmetricCipherAlgorithm.ql b/java/ql/src/experimental/quantum/InventorySlices/KnownAsymmetricCipherAlgorithm.ql index ab4a2e72e5ac..3b72b244fc81 100644 --- a/java/ql/src/experimental/quantum/InventorySlices/KnownAsymmetricCipherAlgorithm.ql +++ b/java/ql/src/experimental/quantum/InventorySlices/KnownAsymmetricCipherAlgorithm.ql @@ -2,13 +2,15 @@ * @name Known asymmetric cipher algorithms (slice) * @description Outputs known asymmetric cipher algorithms. * @id java/quantum/slices/known-asymmetric-cipher-algorithm - * @kind table + * @kind problem + * @severity recommendation * @tags quantum * experimental */ import java import experimental.quantum.Language +/* import codeql.quantum.experimental.Model */ from Crypto::KeyOperationAlgorithmNode a where a.getAlgorithmType() instanceof Crypto::KeyOpAlg::AsymmetricCipherAlgorithmType diff --git a/java/ql/src/experimental/quantum/InventorySlices/KnownAsymmetricOperationAlgorithm.ql b/java/ql/src/experimental/quantum/InventorySlices/KnownAsymmetricOperationAlgorithm.ql index 060b7df99a94..350aa6b4b358 100644 --- a/java/ql/src/experimental/quantum/InventorySlices/KnownAsymmetricOperationAlgorithm.ql +++ b/java/ql/src/experimental/quantum/InventorySlices/KnownAsymmetricOperationAlgorithm.ql @@ -2,7 +2,8 @@ * @name Operations using known asymmetric algorithms (slice) * @description Outputs operations where the algorithm used is a known asymmetric algorithm. * @id java/quantum/slices/known-asymmetric-operation-algorithm - * @kind table + * @kind problem + * @severity recommendation * @tags quantum * experimental */ diff --git a/java/ql/src/experimental/quantum/InventorySlices/KnownCipherAlgorithm.ql b/java/ql/src/experimental/quantum/InventorySlices/KnownCipherAlgorithm.ql index e8c839126177..225efcd566ea 100644 --- a/java/ql/src/experimental/quantum/InventorySlices/KnownCipherAlgorithm.ql +++ b/java/ql/src/experimental/quantum/InventorySlices/KnownCipherAlgorithm.ql @@ -2,13 +2,15 @@ * @name Known cipher algorithms (slice) * @description Outputs known cipher algorithms. * @id java/quantum/slices/known-cipher-algorithm - * @kind table + * @kind problem + * @severity recommendation * @tags quantum * experimental */ import java import experimental.quantum.Language +import codeql.quantum.experimental.Model // TODO: should there be a cipher algorithm node? from Crypto::KeyOperationAlgorithmNode a diff --git a/java/ql/src/experimental/quantum/InventorySlices/KnownEllipticCurveAlgorithm.ql b/java/ql/src/experimental/quantum/InventorySlices/KnownEllipticCurveAlgorithm.ql index ca72e2de2517..ccaa26663972 100644 --- a/java/ql/src/experimental/quantum/InventorySlices/KnownEllipticCurveAlgorithm.ql +++ b/java/ql/src/experimental/quantum/InventorySlices/KnownEllipticCurveAlgorithm.ql @@ -2,7 +2,8 @@ * @name Known elliptic curve algorithms (slice) * @description Outputs known elliptic curve algorithms. * @id java/quantum/slices/known-elliptic-curve-algorithm - * @kind table + * @kind problem + * @severity recommendation * @tags quantum * experimental */ diff --git a/java/ql/src/experimental/quantum/InventorySlices/KnownHashingAlgorithm.ql b/java/ql/src/experimental/quantum/InventorySlices/KnownHashingAlgorithm.ql index 042f3b3dc915..ac60e9616a95 100644 --- a/java/ql/src/experimental/quantum/InventorySlices/KnownHashingAlgorithm.ql +++ b/java/ql/src/experimental/quantum/InventorySlices/KnownHashingAlgorithm.ql @@ -2,7 +2,8 @@ * @name Known hashing algorithms (slice) * @description Outputs known hashing algorithms. * @id java/quantum/slices/known-hashing-algorithm - * @kind table + * @kind problem + * @severity recommendation * @tags quantum * experimental */ diff --git a/java/ql/src/experimental/quantum/InventorySlices/KnownHashingOperationAlgorithm.ql b/java/ql/src/experimental/quantum/InventorySlices/KnownHashingOperationAlgorithm.ql index 38d197bb7dd8..b144740731dc 100644 --- a/java/ql/src/experimental/quantum/InventorySlices/KnownHashingOperationAlgorithm.ql +++ b/java/ql/src/experimental/quantum/InventorySlices/KnownHashingOperationAlgorithm.ql @@ -2,7 +2,8 @@ * @name Operations using known hashing algorithms (slice) * @description Outputs operations where the algorithm used is a known hashing algorithm. * @id java/quantum/slices/operation-with-known-hashing-algorithm - * @kind table + * @kind problem + * @severity recommendation * @tags quantum * experimental */ diff --git a/java/ql/src/experimental/quantum/InventorySlices/KnownKeyDerivationAlgorithm.ql b/java/ql/src/experimental/quantum/InventorySlices/KnownKeyDerivationAlgorithm.ql index 5a9744c966b0..d89bbc05f920 100644 --- a/java/ql/src/experimental/quantum/InventorySlices/KnownKeyDerivationAlgorithm.ql +++ b/java/ql/src/experimental/quantum/InventorySlices/KnownKeyDerivationAlgorithm.ql @@ -2,7 +2,8 @@ * @name Known key derivation algorithms (slice) * @description Outputs known key derivation algorithms. * @id java/quantum/slices/known-key-derivation-algorithm - * @kind table + * @kind problem + * @severity recommendation * @tags quantum * experimental */ diff --git a/java/ql/src/experimental/quantum/InventorySlices/KnownKeyDerivationOperationAlgorithm.ql b/java/ql/src/experimental/quantum/InventorySlices/KnownKeyDerivationOperationAlgorithm.ql index efbfd9ed8658..23278607bb2e 100644 --- a/java/ql/src/experimental/quantum/InventorySlices/KnownKeyDerivationOperationAlgorithm.ql +++ b/java/ql/src/experimental/quantum/InventorySlices/KnownKeyDerivationOperationAlgorithm.ql @@ -2,7 +2,8 @@ * @name Operations using known key derivation algorithms (slice) * @description Outputs operations where the algorithm used is a known key derivation algorithm. * @id java/quantum/slices/operation-with-known-kdf-algorithm - * @kind table + * @kind problem + * @severity recommendation * @tags quantum * experimental */ diff --git a/java/ql/src/experimental/quantum/InventorySlices/KnownSymmetricCipherAlgorithm.ql b/java/ql/src/experimental/quantum/InventorySlices/KnownSymmetricCipherAlgorithm.ql index 7f2d550da74c..c999b7653ac9 100644 --- a/java/ql/src/experimental/quantum/InventorySlices/KnownSymmetricCipherAlgorithm.ql +++ b/java/ql/src/experimental/quantum/InventorySlices/KnownSymmetricCipherAlgorithm.ql @@ -2,7 +2,8 @@ * @name Known symmetric cipher algorithms (slice) * @description Outputs known symmetric cipher algorithms. * @id java/quantum/slices/known-symmetric-cipher-algorithm - * @kind table + * @kind problem + * @severity recommendation * @tags quantum * experimental */ diff --git a/java/ql/src/experimental/quantum/InventorySlices/LikelyCryptoAPIFunction.ql b/java/ql/src/experimental/quantum/InventorySlices/LikelyCryptoAPIFunction.ql index 14148354d0fc..f3104473c9e7 100644 --- a/java/ql/src/experimental/quantum/InventorySlices/LikelyCryptoAPIFunction.ql +++ b/java/ql/src/experimental/quantum/InventorySlices/LikelyCryptoAPIFunction.ql @@ -3,7 +3,7 @@ * @description Outputs functions that take in crypto configuration parameters but calls are not detected in source. * @id java/quantum/slices/likely-crypto-api-function * @kind problem - * @severity info + * @severity recommendation * @tags quantum * experimental */ diff --git a/java/ql/src/experimental/quantum/InventorySlices/UnknownOperationAlgorithm.ql b/java/ql/src/experimental/quantum/InventorySlices/UnknownOperationAlgorithm.ql index 8469924a8501..89c245ad742c 100644 --- a/java/ql/src/experimental/quantum/InventorySlices/UnknownOperationAlgorithm.ql +++ b/java/ql/src/experimental/quantum/InventorySlices/UnknownOperationAlgorithm.ql @@ -3,7 +3,7 @@ * @description Outputs operations where the algorithm applied is unknown * @id java/quantum/slices/operation-with-unknown-algorithm * @kind problem - * @severity info + * @severity recommendation * @tags quantum * experimental */