From bc0b3835955cbeed911c8a8e69539aa36782601e Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Nora=20Dimitrijevi=C4=87?= <d10c@users.noreply.github.com>
Date: Wed, 16 Jul 2025 15:47:31 +0200
Subject: [PATCH] [DIFF-INFORMED] Java: MaybeBrokenCryptoAlgorithm

https://github.com/d10c/codeql/blob/d10c/diff-informed-phase-3/java/ql/src/Security/CWE/CWE-327/MaybeBrokenCryptoAlgorithm.ql#L25
---
 .../code/java/security/MaybeBrokenCryptoAlgorithmQuery.qll  | 6 ++++++
 1 file changed, 6 insertions(+)

diff --git a/java/ql/lib/semmle/code/java/security/MaybeBrokenCryptoAlgorithmQuery.qll b/java/ql/lib/semmle/code/java/security/MaybeBrokenCryptoAlgorithmQuery.qll
index 060a30f87e6..57622b367f3 100644
--- a/java/ql/lib/semmle/code/java/security/MaybeBrokenCryptoAlgorithmQuery.qll
+++ b/java/ql/lib/semmle/code/java/security/MaybeBrokenCryptoAlgorithmQuery.qll
@@ -77,6 +77,12 @@ module InsecureCryptoConfig implements DataFlow::ConfigSig {
     objectToString(n.asExpr()) or
     n.getType().getErasure() instanceof TypeObject
   }
+
+  predicate observeDiffInformedIncrementalMode() { any() }
+
+  Location getASelectedSinkLocation(DataFlow::Node sink) {
+    exists(CryptoAlgoSpec c | result = c.getLocation() | sink.asExpr() = c.getAlgoSpec())
+  }
 }
 
 /**