update python cbom queries to be recommendation only - prevents false alarms when converted into SARIF for GH Code Scanning output panes.

unprovable · unprovable · commit 925f070e49b3 · 2025-10-01T12:17:29.000+01:00
diff --git a/python/ql/src/experimental/cryptography/inventory/new_models/AllAsymmetricAlgorithms.ql b/python/ql/src/experimental/cryptography/inventory/new_models/AllAsymmetricAlgorithms.ql
@@ -3,7 +3,7 @@
  * @description Finds all potential usage of asymmeric keys (RSA & ECC) using the supported libraries.
  * @kind problem
  * @id py/quantum-readiness/cbom/all-asymmetric-algorithms
- * @problem.severity error
+ * @severity recommendation
  * @tags cbom
  *       cryptography
  */
diff --git a/python/ql/src/experimental/cryptography/inventory/new_models/AllCryptoAlgorithms.ql b/python/ql/src/experimental/cryptography/inventory/new_models/AllCryptoAlgorithms.ql
@@ -3,7 +3,7 @@
  * @description Finds all potential usage of cryptographic algorithms usage using the supported libraries.
  * @kind problem
  * @id py/quantum-readiness/cbom/all-cryptographic-algorithms
- * @problem.severity error
+ * @severity recommendation
  * @tags cbom
  *       cryptography
  */
diff --git a/python/ql/src/experimental/cryptography/inventory/new_models/AsymmetricEncryptionAlgorithms.ql b/python/ql/src/experimental/cryptography/inventory/new_models/AsymmetricEncryptionAlgorithms.ql
@@ -3,7 +3,7 @@
  * @description Finds all potential usage of asymmeric keys for encryption or key exchange using the supported libraries.
  * @kind problem
  * @id py/quantum-readiness/cbom/all-asymmetric-encryption-algorithms
- * @problem.severity error
+ * @severity recommendation
  * @tags cbom
  *       cryptography
  */
diff --git a/python/ql/src/experimental/cryptography/inventory/new_models/AsymmetricKeyGenOperation.ql b/python/ql/src/experimental/cryptography/inventory/new_models/AsymmetricKeyGenOperation.ql
@@ -3,7 +3,7 @@
  * @description Finds all known potential sources for asymmetric key generation while using the supported libraries.
  * @kind problem
  * @id py/quantum-readiness/cbom/asymmetric-key-generation
- * @problem.severity error
+ * @severity recommendation
  * @tags cbom
  *       cryptography
  */
diff --git a/python/ql/src/experimental/cryptography/inventory/new_models/AsymmetricPaddingAlgorithms.ql b/python/ql/src/experimental/cryptography/inventory/new_models/AsymmetricPaddingAlgorithms.ql
@@ -3,7 +3,7 @@
  * @description Finds all potential usage of padding schemes used with asymmeric algorithms.
  * @kind problem
  * @id py/quantum-readiness/cbom/asymmetric-padding-schemes
- * @problem.severity error
+ * @severity recommendation
  * @tags cbom
  *       cryptography
  */
diff --git a/python/ql/src/experimental/cryptography/inventory/new_models/AuthenticatedEncryptionAlgorithms.ql b/python/ql/src/experimental/cryptography/inventory/new_models/AuthenticatedEncryptionAlgorithms.ql
@@ -3,7 +3,7 @@
  * @description Finds all potential usage of authenticated encryption schemes using the supported libraries.
  * @kind problem
  * @id py/quantum-readiness/cbom/authenticated-encryption-algorithms
- * @problem.severity error
+ * @severity recommendation
  * @tags cbom
  *       cryptography
  */
diff --git a/python/ql/src/experimental/cryptography/inventory/new_models/BlockModeAlgorithms.ql b/python/ql/src/experimental/cryptography/inventory/new_models/BlockModeAlgorithms.ql
@@ -3,7 +3,7 @@
  * @description Finds all potential block cipher modes of operations using the supported libraries.
  * @kind problem
  * @id py/quantum-readiness/cbom/block-cipher-mode
- * @problem.severity error
+ * @severity recommendation
  * @tags cbom
  *       cryptography
  */
diff --git a/python/ql/src/experimental/cryptography/inventory/new_models/BlockModeKnownIVsOrNonces.ql b/python/ql/src/experimental/cryptography/inventory/new_models/BlockModeKnownIVsOrNonces.ql
@@ -3,7 +3,7 @@
  * @description Finds all potential sources for initialization vectors (IV) or nonce used in block ciphers while using the supported libraries.
  * @kind problem
  * @id py/quantum-readiness/cbom/iv-sources
- * @problem.severity error
+ * @severity recommendation
  * @tags cbom
  *       cryptography
  */
diff --git a/python/ql/src/experimental/cryptography/inventory/new_models/BlockModeUnknownIVsOrNonces.ql b/python/ql/src/experimental/cryptography/inventory/new_models/BlockModeUnknownIVsOrNonces.ql
@@ -3,7 +3,7 @@
  * @description Finds all potentially unknown sources for initialization vectors (IV) or nonce used in block ciphers while using the supported libraries.
  * @kind problem
  * @id py/quantum-readiness/cbom/unkown-iv-sources
- * @problem.severity error
+ * @severity recommendation
  * @tags cbom
  *       cryptography
  */
diff --git a/python/ql/src/experimental/cryptography/inventory/new_models/EllipticCurveAlgorithms.ql b/python/ql/src/experimental/cryptography/inventory/new_models/EllipticCurveAlgorithms.ql
@@ -3,7 +3,7 @@
  * @description Finds all potential usage of elliptic curve algorithms using the supported libraries.
  * @kind problem
  * @id py/quantum-readiness/cbom/elliptic-curve-algorithms
- * @problem.severity error
+ * @severity recommendation
  * @tags cbom
  *       cryptography
  */
diff --git a/python/ql/src/experimental/cryptography/inventory/new_models/HashingAlgorithms.ql b/python/ql/src/experimental/cryptography/inventory/new_models/HashingAlgorithms.ql
@@ -3,7 +3,7 @@
  * @description Finds all potential usage of cryptographic hash algorithms using the supported libraries.
  * @kind problem
  * @id py/quantum-readiness/cbom/hash-algorithms
- * @problem.severity error
+ * @severity recommendation
  * @tags cbom
  *       cryptography
  */
diff --git a/python/ql/src/experimental/cryptography/inventory/new_models/KeyDerivationAlgorithms.ql b/python/ql/src/experimental/cryptography/inventory/new_models/KeyDerivationAlgorithms.ql
@@ -3,7 +3,7 @@
  * @description Finds all potential usage of key derivation using the supported libraries.
  * @kind problem
  * @id py/quantum-readiness/cbom/key-derivation
- * @problem.severity error
+ * @severity recommendation
  * @tags cbom
  *       cryptography
  */
diff --git a/python/ql/src/experimental/cryptography/inventory/new_models/KeyExchangeAlgorithms.ql b/python/ql/src/experimental/cryptography/inventory/new_models/KeyExchangeAlgorithms.ql
@@ -3,7 +3,7 @@
  * @description Finds all potential usage of key exchange using the supported libraries.
  * @kind problem
  * @id py/quantum-readiness/cbom/key-exchange
- * @problem.severity error
+ * @severity recommendation
  * @tags cbom
  *       cryptography
  */
diff --git a/python/ql/src/experimental/cryptography/inventory/new_models/SigningAlgorithms.ql b/python/ql/src/experimental/cryptography/inventory/new_models/SigningAlgorithms.ql
@@ -3,7 +3,7 @@
  * @description Finds all potential usage of signing algorithms using the supported libraries.
  * @kind problem
  * @id py/quantum-readiness/cbom/signing-algorithms
- * @problem.severity error
+ * @severity recommendation
  * @tags cbom
  *       cryptography
  */
diff --git a/python/ql/src/experimental/cryptography/inventory/new_models/SymmetricEncryptionAlgorithms.ql b/python/ql/src/experimental/cryptography/inventory/new_models/SymmetricEncryptionAlgorithms.ql
@@ -3,7 +3,7 @@
  * @description Finds all potential usage of symmetric encryption algorithms using the supported libraries.
  * @kind problem
  * @id py/quantum-readiness/cbom/symmetric-encryption-algorithms
- * @problem.severity error
+ * @severity recommendation
  * @tags cbom
  *       cryptography
  */
diff --git a/python/ql/src/experimental/cryptography/inventory/new_models/SymmetricPaddingAlgorithms.ql b/python/ql/src/experimental/cryptography/inventory/new_models/SymmetricPaddingAlgorithms.ql
@@ -3,7 +3,7 @@
  * @description Finds all potential usage of padding schemes used with symmeric algorithms.
  * @kind problem
  * @id py/quantum-readiness/cbom/symmetric-padding-schemes
- * @problem.severity error
+ * @severity recommendation
  * @tags cbom
  *       cryptography
  */
