Python: Tweak name of new query and add change note.

2025-12-16 16:53:25 +01:00 · 2018-11-27 12:53:00 +00:00
parent 3c4c8cf7d3
commit 4f0a666a43
2 changed files with 2 additions and 1 deletions
--- a/change-notes/1.19/analysis-python.md
+++ b/change-notes/1.19/analysis-python.md
@@ -60,6 +60,7 @@ A new predicate `Stmt.getAnEntryNode()` has been added to make it easier to writ
 | Information exposure through an exception (`py/stack-trace-exposure`) | security, external/cwe/cwe-209, external/cwe/cwe-497 | Finds instances where information about an exception may be leaked to an external user. Results are shown on LGTM by default. |
 | Jinja2 templating with autoescape=False (`py/jinja2/autoescape-false`) | security, external/cwe/cwe-079 | Finds instantiations of `jinja2.Environment` with `autoescape=False` which may allow XSS attacks. Results are hidden on LGTM by default. |
 | Request without certificate validation (`py/request-without-cert-validation`) | security, external/cwe/cwe-295 | Finds requests where certificate verification has been explicitly turned off, possibly allowing man-in-the-middle attacks. Results are hidden on LGTM by default. |
+| Use of weak cryptographic key (`py/weak-crypto-key`) | security, external/cwe/cwe-326 | Finds creation of weak cryptographic keys. Results are shown on LGTM by default. |

 ## Changes to existing queries

--- a/python/ql/src/Security/CWE-326/WeakCrypto.ql
+++ b/python/ql/src/Security/CWE-326/WeakCrypto.ql
@@ -1,5 +1,5 @@
 /**
- * @name Weak Cryptographic Key Use
+ * @name Use of weak cryptographic key
 * @description Use of a cryptographic key that is too small may allow the encryption to be broken.
 * @kind problem
 * @problem.severity error