C++: In fact it's just not good enough to get additional evidence from the declaring type.

cpp/ql/test/query-tests/Security/CWE/CWE-327/BrokenCryptoAlgorithm.expected

@@ -7,9 +7,7 @@
 | test2.cpp:182:38:182:45 | ALGO_DES | This macro invocation specifies a broken or weak cryptographic algorithm. |
 | test2.cpp:185:38:185:44 | USE_DES | This enum constant access specifies a broken or weak cryptographic algorithm. |
 | test2.cpp:238:2:238:20 | call to encrypt | This function call specifies a broken or weak cryptographic algorithm. |
-| test2.cpp:240:2:240:28 | call to doSomethingElse | This function call specifies a broken or weak cryptographic algorithm. |
 | test2.cpp:245:5:245:11 | call to encrypt | This function call specifies a broken or weak cryptographic algorithm. |
-| test2.cpp:247:5:247:19 | call to doSomethingElse | This function call specifies a broken or weak cryptographic algorithm. |
 | test.cpp:38:2:38:31 | ENCRYPT_WITH_DES(data,amount) | This macro invocation specifies a broken or weak cryptographic algorithm. |
 | test.cpp:39:2:39:31 | ENCRYPT_WITH_RC2(data,amount) | This macro invocation specifies a broken or weak cryptographic algorithm. |
 | test.cpp:41:2:41:32 | ENCRYPT_WITH_3DES(data,amount) | This macro invocation specifies a broken or weak cryptographic algorithm. |

cpp/ql/test/query-tests/Security/CWE/CWE-327/test2.cpp

@@ -237,14 +237,14 @@ void do_classes(const char *data)
 {
 	desEncrypt::encrypt(data); // BAD
 	aes256Encrypt::encrypt(data); // GOOD
-	desEncrypt::doSomethingElse(); // GOOD [FALSE POSITIVE]
+	desEncrypt::doSomethingElse(); // GOOD
 	aes256Encrypt::doSomethingElse(); // GOOD
 
 	desCipher dc;
 	aesCipher ac;
 	dc.encrypt(data); // BAD
 	ac.encrypt(data); // GOOD
-	dc.doSomethingElse(); // GOOD [FALSE POSITIVE]
+	dc.doSomethingElse(); // GOOD
 	ac.doSomethingElse(); // GOOD
 }