From ff9ed0d4fbf27f17f46fcd525c8d9a700ff33734 Mon Sep 17 00:00:00 2001
From: Rasmus Wriedt Larsen <rasmuswl@github.com>
Date: Mon, 6 Dec 2021 13:59:00 +0100
Subject: [PATCH] Java: Tag queries with CWE-328

CWE-328: Use of Weak Hash, see https://cwe.mitre.org/data/definitions/328.html

Since weak hash functions (md5/sha1) are considered for the
`java/weak-cryptographic-algorithm` query. See
https://github.com/github/codeql/blob/caeeebf572f84f428476ec36745c832f21c8e5c0/java/ql/lib/semmle/code/java/security/Encryption.qll#L148

To keep things consistent between `java/weak-cryptographic-algorithm`
and `java/potentially-weak-cryptographic-algorithm`, I also added the
tag to the latter.
---
 java/ql/src/Security/CWE/CWE-327/BrokenCryptoAlgorithm.ql      | 1 +
 java/ql/src/Security/CWE/CWE-327/MaybeBrokenCryptoAlgorithm.ql | 1 +
 2 files changed, 2 insertions(+)

diff --git a/java/ql/src/Security/CWE/CWE-327/BrokenCryptoAlgorithm.ql b/java/ql/src/Security/CWE/CWE-327/BrokenCryptoAlgorithm.ql
index cce856a32e1..3fa4b63015d 100644
--- a/java/ql/src/Security/CWE/CWE-327/BrokenCryptoAlgorithm.ql
+++ b/java/ql/src/Security/CWE/CWE-327/BrokenCryptoAlgorithm.ql
@@ -8,6 +8,7 @@
  * @id java/weak-cryptographic-algorithm
  * @tags security
  *       external/cwe/cwe-327
+ *       external/cwe/cwe-328
  */
 
 import java
diff --git a/java/ql/src/Security/CWE/CWE-327/MaybeBrokenCryptoAlgorithm.ql b/java/ql/src/Security/CWE/CWE-327/MaybeBrokenCryptoAlgorithm.ql
index 7286a854a54..40c32805914 100644
--- a/java/ql/src/Security/CWE/CWE-327/MaybeBrokenCryptoAlgorithm.ql
+++ b/java/ql/src/Security/CWE/CWE-327/MaybeBrokenCryptoAlgorithm.ql
@@ -8,6 +8,7 @@
  * @id java/potentially-weak-cryptographic-algorithm
  * @tags security
  *       external/cwe/cwe-327
+ *       external/cwe/cwe-328
  */
 
 import java