From db3354c2584fd3bd6a78c582bb6800ce725c962c Mon Sep 17 00:00:00 2001
From: Rakshith Gopala krishna <rakshith@squareup.com>
Date: Mon, 3 Jun 2024 10:57:04 -0700
Subject: [PATCH] fix: address PR comments

---
 .../semmle/code/java/security/BrokenCryptoAlgorithmQuery.qll   | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/java/ql/lib/semmle/code/java/security/BrokenCryptoAlgorithmQuery.qll b/java/ql/lib/semmle/code/java/security/BrokenCryptoAlgorithmQuery.qll
index f60eb2a4566c5..bfd48b24e80a0 100644
--- a/java/ql/lib/semmle/code/java/security/BrokenCryptoAlgorithmQuery.qll
+++ b/java/ql/lib/semmle/code/java/security/BrokenCryptoAlgorithmQuery.qll
@@ -15,7 +15,8 @@ private class ShortStringLiteral extends StringLiteral {
 class BrokenAlgoLiteral extends ShortStringLiteral {
   BrokenAlgoLiteral() {
     this.getValue().regexpMatch(getInsecureAlgorithmRegex()) and
-    not this.getValue().regexpMatch(getASecureAlgorithmName()) and
+    // Exclude RSA/ECB/.* ciphers.
+    not this.getValue().regexpMatch("RSA/ECB.*") and
     // Exclude German and French sentences.
     not this.getValue().regexpMatch(".*\\p{IsLowercase} des \\p{IsLetter}.*")
   }