Adding inventory queries.

Author: bdrodes

cpp/ql/src/experimental/crypto/inventory/AllAsymmetricAlgorithms.ql

@@ -0,0 +1,17 @@
+/**
+ * @name All Asymmetric Algorithms
+ * @description Finds all potential usage of asymmeric keys (RSA & ECC) using the supported libraries.
+ * @kind problem
+ * @id cpp/quantum-readiness/cbom/all-asymmetric-algorithms
+ * @problem.severity error
+ * @precision high
+ * @tags security
+ *       cbom
+ *       cryptography
+ */
+
+import cpp
+import experimental.crypto.Concepts
+
+from AsymmetricAlgorithm alg
+select alg, "Use of algorithm " + alg.getName()

cpp/ql/src/experimental/crypto/inventory/AllCryptoAlgorithms.ql

@@ -0,0 +1,17 @@
+/**
+ * @name All Cryptographic Algorithms
+ * @description Finds all potential usage of cryptographic algorithms usage using the supported libraries.
+ * @kind problem
+ * @id cpp/quantum-readiness/cbom/all-cryptographic-algorithms
+ * @problem.severity error
+ * @precision high
+ * @tags security
+ *       cbom
+ *       cryptography
+ */
+
+import cpp
+import experimental.crypto.Concepts
+
+from CryptographicAlgorithm alg
+select alg, "Use of algorithm " + alg.getName()

cpp/ql/src/experimental/crypto/inventory/AsymmetricEncryptionAlgorithms.ql

@@ -0,0 +1,17 @@
+/**
+ * @name Asymmetric Encryption Algorithms
+ * @description Finds all potential usage of asymmeric keys for encryption or key exchange using the supported libraries.
+ * @kind problem
+ * @id cpp/quantum-readiness/cbom/all-asymmetric-encryption-algorithms
+ * @problem.severity error
+ * @precision high
+ * @tags security
+ *       cbom
+ *       cryptography
+ */
+
+import cpp
+import experimental.crypto.Concepts
+
+from AsymmetricEncryptionAlgorithm alg
+select alg, "Use of algorithm " + alg.getEncryptionName()

cpp/ql/src/experimental/crypto/inventory/AsymmetricPaddingAlgorithms.ql

@@ -0,0 +1,17 @@
+/**
+ * @name Asymmetric Padding Schemes
+ * @description Finds all potential usage of padding schemes used with asymmeric algorithms.
+ * @kind problem
+ * @id cpp/quantum-readiness/cbom/asymmetric-padding-schemes
+ * @problem.severity error
+ * @tags security
+ *       cbom
+ *       cryptography
+ */
+
+import cpp
+import experimental.crypto.Concepts
+
+// TODO: currently not modeled for any API
+from AsymmetricPadding alg
+select alg, "Use of algorithm " + alg.getPaddingName()

cpp/ql/src/experimental/crypto/inventory/AuthenticatedEncryptionAlgorithms.ql

@@ -0,0 +1,17 @@
+/**
+ * @name Authenticated Encryption Algorithms
+ * @description Finds all potential usage of authenticated encryption schemes using the supported libraries.
+ * @kind problem
+ * @id cpp/quantum-readiness/cbom/authenticated-encryption-algorithms
+ * @problem.severity error
+ * @precision high
+ * @tags security
+ *       cbom
+ *       cryptography
+ */
+
+import cpp
+import experimental.crypto.Concepts
+
+from AuthenticatedEncryptionAlgorithm alg
+select alg, "Use of algorithm " + alg.getAuthticatedEncryptionName()

cpp/ql/src/experimental/crypto/inventory/BlockModeAlgorithms.ql

@@ -0,0 +1,17 @@
+/**
+ * @name Block cipher mode of operation
+ * @description Finds all potential block cipher modes of operations using the supported libraries.
+ * @kind problem
+ * @id cpp/quantum-readiness/cbom/block-cipher-mode
+ * @problem.severity error
+ * @precision high
+ * @tags security
+ *       cbom
+ *       cryptography
+ */
+
+import cpp
+import experimental.crypto.Concepts
+
+from BlockModeAlgorithm alg
+select alg, "Use of algorithm " + alg.getBlockModeName()

cpp/ql/src/experimental/crypto/inventory/BlockModeKnownIVsOrNonces.ql

@@ -0,0 +1,18 @@
+/**
+ * @name Initialization Vector (IV) or nonces
+ * @description Finds all potential sources for initialization vectors (IV) or nonce used in block ciphers while using the supported libraries.
+ * @kind problem
+ * @id cpp/quantum-readiness/cbom/iv-sources
+ * @problem.severity error
+ * @precision high
+ * @tags security
+ *       cbom
+ *       cryptography
+ */
+
+import cpp
+import experimental.crypto.Concepts
+
+// TODO: currently not modeled for any API
+from BlockModeAlgorithm alg
+select alg.getIVorNonce(), "Block mode IV/Nonce source"

cpp/ql/src/experimental/crypto/inventory/BlockModeUnknownIVsOrNonces.ql

@@ -0,0 +1,19 @@
+/**
+ * @name Unknown Initialization Vector (IV) or nonces
+ * @description Finds all potentially unknown sources for initialization vectors (IV) or nonce used in block ciphers while using the supported libraries.
+ * @kind problem
+ * @id cpp/quantum-readiness/cbom/unkown-iv-sources
+ * @problem.severity error
+ * @precision high
+ * @tags security
+ *       cbom
+ *       cryptography
+ */
+
+import cpp
+import experimental.crypto.Concepts
+
+// TODO: currently not modeled for any API
+from BlockModeAlgorithm alg
+where not alg.hasIVorNonce()
+select alg, "Block mode with unknown IV or Nonce configuration"

cpp/ql/src/experimental/crypto/inventory/EllipticCurveAlgorithmSize.ql

@@ -0,0 +1,21 @@
+/**
+ * @name Elliptic Curve Key length
+ * @description Finds all potential key lengths for elliptic curve algorithms usage.
+ * @kind problem
+ * @id cpp/quantum-readiness/cbom/elliptic-curve-key-length
+ * @problem.severity error
+ * @precision high
+ * @tags security
+ *       cbom
+ *       cryptography
+ */
+
+import cpp
+import experimental.crypto.Concepts
+
+from EllipticCurveAlgorithm alg, string size
+where
+  if not exists(alg.getCurveBitSize())
+  then size = "UNKNOWN SIZE"
+  else size = alg.getCurveBitSize().toString()
+select alg, "Use of algorithm " + alg.getCurveName() + " with key size (in bits) " + size

cpp/ql/src/experimental/crypto/inventory/EllipticCurveAlgorithms.ql

@@ -0,0 +1,17 @@
+/**
+ * @name Elliptic Curve Algorithms
+ * @description Finds all potential usage of elliptic curve algorithms using the supported libraries.
+ * @kind problem
+ * @id cpp/quantum-readiness/cbom/elliptic-curve-algorithms
+ * @problem.severity error
+ * @precision high
+ * @tags security
+ *       cbom
+ *       cryptography
+ */
+
+import cpp
+import experimental.crypto.Concepts
+
+from EllipticCurveAlgorithm alg
+select alg, "Use of algorithm " + alg.getCurveName()