From 7cfe78a52d45f38209fcb1fa03ff4044aeba818d Mon Sep 17 00:00:00 2001
From: Ed Minnix <egregius313@github.com>
Date: Wed, 9 Aug 2023 13:51:10 -0400
Subject: [PATCH 1/2] Add dashes to SHA algorithm names in `Encryption.qll`

---
 java/ql/lib/semmle/code/java/security/Encryption.qll | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/java/ql/lib/semmle/code/java/security/Encryption.qll b/java/ql/lib/semmle/code/java/security/Encryption.qll
index 88a1996ffd9..28d1f8c1f49 100644
--- a/java/ql/lib/semmle/code/java/security/Encryption.qll
+++ b/java/ql/lib/semmle/code/java/security/Encryption.qll
@@ -270,7 +270,7 @@ string getInsecureAlgorithmRegex() {
 string getASecureAlgorithmName() {
   result =
     [
-      "RSA", "SHA256", "SHA512", "CCM", "GCM", "AES(?![^a-zA-Z](ECB|CBC/PKCS[57]Padding))",
+      "RSA", "SHA-?256", "SHA-?512", "CCM", "GCM", "AES(?![^a-zA-Z](ECB|CBC/PKCS[57]Padding))",
       "Blowfish", "ECIES"
     ]
 }

From cafd08521ec2c436ac19729d918e041bc4e9e4d9 Mon Sep 17 00:00:00 2001
From: Ed Minnix <egregius313@github.com>
Date: Tue, 15 Aug 2023 23:46:12 -0400
Subject: [PATCH 2/2] Add change note

---
 .../change-notes/2023-08-15-add-dashes-to-sha-algorithms.md   | 4 ++++
 1 file changed, 4 insertions(+)
 create mode 100644 java/ql/lib/change-notes/2023-08-15-add-dashes-to-sha-algorithms.md

diff --git a/java/ql/lib/change-notes/2023-08-15-add-dashes-to-sha-algorithms.md b/java/ql/lib/change-notes/2023-08-15-add-dashes-to-sha-algorithms.md
new file mode 100644
index 00000000000..c6b16d9f943
--- /dev/null
+++ b/java/ql/lib/change-notes/2023-08-15-add-dashes-to-sha-algorithms.md
@@ -0,0 +1,4 @@
+---
+category: minorAnalysis
+---
+* Modified the `getSecureAlgorithmName` predicate in `Encryption.qll` to also include `SHA-256` and `SHA-512`. Previously only the versions of the names without dashes were considered secure.