C#: Fix CWE tag for cs/insufficient-key-size

RasmusWL · web-flow · commit 8f52089475b4 · 2021-09-07T12:59:10.000+02:00
Since this targets CWE-326 Inadequate Encryption Strength > The software stores or transmits sensitive data using an encryption scheme that is theoretically sound, but is not strong enough for the level of protection required. > \- https://cwe.mitre.org/data/definitions/326.html and not CWE-327: Use of a Broken or Risky Cryptographic Algorithm > The use of a broken or risky cryptographic algorithm is an unnecessary risk that may result in the exposure of sensitive information. > \- https://cwe.mitre.org/data/definitions/327.html This matches what we do for similar query in Python: https://github.com/github/codeql/blob/main/python/ql/src/Security/CWE-326/WeakCryptoKey.ql
diff --git a/csharp/ql/src/Security Features/InsufficientKeySize.ql b/csharp/ql/src/Security Features/InsufficientKeySize.ql
@@ -7,7 +7,7 @@
  * @precision high
  * @id cs/insufficient-key-size
  * @tags security
- *       external/cwe/cwe-327
+ *       external/cwe/cwe-326
  */
 
 import csharp
