`js/weak-cryptographic-algorithm`/`BrokenCryptoAlgorithm` got 25-30x slower

[maschwenk]

Description of the issue

Similar to

• RegExpInjection takes 6 hours to scan the TypeScript repo after 2.20.2 #18584

this rule appears to run 20-30x slower on the same exact repo with the same hardware

[106/106 eval 30m34s] Evaluation done; writing results to codeql/javascript-queries/Security/CWE-327/BrokenCryptoAlgorithm.bqrs.

unsure root cause is the same as the other issue, but disabling rule rule like

query-filters:
  - exclude:
      id: js/weak-cryptographic-algorithm

is a workaround

[asgerf]

Hi @maschwenk, thanks for the report.

If you've seen this on a public repository could you share a link to the repository?

[maschwenk]

Sadly not public, and unsure of how to give a repro. Failing on a very large 20k+ LoC typescript app.

[oliveirafilipe]

Hey folks.

Do you have any new information about this?

On a private repository, after I switched from the cypto-js lib to Node's native crypto lib, this particular query appears to be timing out the pipeline.
codeql/javascript-queries/Security/CWE-327/BrokenCryptoAlgorithm.ql

Current runner version: '2.323.0'
Runner name: 'ubuntu-latest_1a42b9204bdb'
Runner group name: 'Default'
Machine name: 'pkrvmjydaqcps29'
##[group]Operating System
Ubuntu
24.04.2
LTS
##[endgroup]
##[group]Runner Image
Image: ubuntu-24.04
Version: 20250504.1.0

[build-stdout] Found Node.js version: v20.19.1

[command]/opt/hostedtoolcache/CodeQL/2.21.2/x64/codeql/codeql version --format=json
{
  "productName" : "CodeQL",
  "vendor" : "GitHub",
  "version" : "2.21.2",
  "sha" : "1ee17689399348659904c76fb340946964fc053e",
  "branches" : [
    "codeql-cli-2.21.2"
  ],
  "copyright" : "Copyright (C) 2019-2025 GitHub, Inc.",
  "unpackedLocation" : "/opt/hostedtoolcache/CodeQL/2.21.2/x64/codeql",
  "configFileLocation" : "/home/runner/.config/codeql/config",
  "configFileFound" : false,
  "features" : {
    "analysisSummaryV2Default" : true,
    "buildModeOption" : true,
    "bundleSupportsIncludeDiagnostics" : true,
    "bundleSupportsIncludeLogs" : true,
    "databaseInterpretResultsSupportsSarifRunProperty" : true,
    "featuresInVersionResult" : true,
    "indirectTracingSupportsStaticBinaries" : false,
    "informsAboutUnsupportedPathFilters" : true,
    "supportsPython312" : true,
    "mrvaPackCreate" : true,
    "threatModelOption" : true,
    "traceCommandUseBuildMode" : true,
    "v2ramSizing" : true,
    "mrvaPackCreateMultipleQueries" : true,
    "setsCodeqlRunnerEnvVar" : true,
    "sarifMergeRunsFromEqualCategory" : true,
    "forceOverwrite" : true,
    "generateSummarySymbolMap" : true,
    "pythonDefaultIsToNotExtractStdlib" : true
  }

##[group]Run github/codeql-action/analyze@v3
with:
  upload: never
  ref: REDACTED
  sha: REDACTED
  output: ../results
  cleanup-level: brutal
  add-snippets: false
  skip-queries: false
  checkout_path: REDACTED
  upload-database: true
  wait-for-processing: true
  token: ***
  matrix: null
  expect-error: false
env:
  REF: REDACTED
  SHA: REDACTED
  CODEQL_ACTION_FEATURE_MULTI_LANGUAGE: false
  CODEQL_ACTION_FEATURE_SANDWICH: false
  CODEQL_ACTION_FEATURE_SARIF_COMBINE: true
  CODEQL_ACTION_FEATURE_WILL_UPLOAD: true
  CODEQL_ACTION_VERSION: 3.28.17
  CODEQL_ACTION_INIT_HAS_RUN: true
  CODEQL_WORKFLOW_STARTED_AT: 2025-05-14T01:57:36.292Z
  CODEQL_RAM: 6914
  CODEQL_THREADS: 2