From 90db349f4bf623498d1b86bbf94495339824b90b Mon Sep 17 00:00:00 2001
From: Owen Mansel-Chan <owen-mc@github.com>
Date: Wed, 8 Oct 2025 14:05:00 +0100
Subject: [PATCH] State that ruby broken crypto algo doesn't deal with hashing

---
 .../queries/security/cwe-327/BrokenCryptoAlgorithm.qhelp    | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/ruby/ql/src/queries/security/cwe-327/BrokenCryptoAlgorithm.qhelp b/ruby/ql/src/queries/security/cwe-327/BrokenCryptoAlgorithm.qhelp
index cede4e735d5..d793312c45d 100644
--- a/ruby/ql/src/queries/security/cwe-327/BrokenCryptoAlgorithm.qhelp
+++ b/ruby/ql/src/queries/security/cwe-327/BrokenCryptoAlgorithm.qhelp
@@ -13,6 +13,12 @@
       algorithm means that encrypted or hashed data is less
       secure than it appears to be.
     </p>
+    <p>
+      This query alerts on any use of a weak cryptographic algorithm, that is
+      not a hashing algorithm. Use of broken or weak cryptographic hash
+      functions are handled by the
+      <code>rb/weak-sensitive-data-hashing</code> query.
+    </p>
   </overview>
   <recommendation>
     <p>