Java: Tag queries with CWE-328

CWE-328: Use of Weak Hash, see https://cwe.mitre.org/data/definitions/328.html Since weak hash functions (md5/sha1) are considered for the `java/weak-cryptographic-algorithm` query. See caeeebf572/java/ql/lib/semmle/code/java/security/Encryption.qll (L148) To keep things consistent between `java/weak-cryptographic-algorithm` and `java/potentially-weak-cryptographic-algorithm`, I also added the tag to the latter.
2025-12-22 03:36:30 +01:00 · 2021-12-06 13:59:00 +01:00
parent 6b1ac73a46
commit ff9ed0d4fb
2 changed files with 2 additions and 0 deletions
--- a/java/ql/src/Security/CWE/CWE-327/BrokenCryptoAlgorithm.ql
+++ b/java/ql/src/Security/CWE/CWE-327/BrokenCryptoAlgorithm.ql
@@ -8,6 +8,7 @@
 * @id java/weak-cryptographic-algorithm
 * @tags security
 *       external/cwe/cwe-327
+ *       external/cwe/cwe-328
 */

 import java
--- a/java/ql/src/Security/CWE/CWE-327/MaybeBrokenCryptoAlgorithm.ql
+++ b/java/ql/src/Security/CWE/CWE-327/MaybeBrokenCryptoAlgorithm.ql
@@ -8,6 +8,7 @@
 * @id java/potentially-weak-cryptographic-algorithm
 * @tags security
 *       external/cwe/cwe-327
+ *       external/cwe/cwe-328
 */

 import java