github
diff --git a/‎config/identical-files.json‎
Lines changed: 5 additions & 0 deletions b/‎config/identical-files.json‎
Lines changed: 5 additions & 0 deletions
diff --git a/‎javascript/ql/lib/semmle/javascript/security/CryptoAlgorithms.qll‎
Lines changed: 1 addition & 75 deletions b/‎javascript/ql/lib/semmle/javascript/security/CryptoAlgorithms.qll‎
Lines changed: 1 addition & 75 deletions
diff --git a/‎javascript/ql/lib/semmle/javascript/security/internal/CryptoAlgorithmNames.qll‎
Lines changed: 72 additions & 0 deletions b/‎javascript/ql/lib/semmle/javascript/security/internal/CryptoAlgorithmNames.qll‎
Lines changed: 72 additions & 0 deletions
diff --git a/‎python/ql/lib/semmle/python/concepts/CryptoAlgorithms.qll‎
Lines changed: 1 addition & 75 deletions b/‎python/ql/lib/semmle/python/concepts/CryptoAlgorithms.qll‎
Lines changed: 1 addition & 75 deletions
diff --git a/‎python/ql/lib/semmle/python/concepts/internal/CryptoAlgorithmNames.qll‎
Lines changed: 72 additions & 0 deletions b/‎python/ql/lib/semmle/python/concepts/internal/CryptoAlgorithmNames.qll‎
Lines changed: 72 additions & 0 deletions
@@ -457,6 +457,11 @@
     "python/ql/lib/semmle/python/concepts/CryptoAlgorithms.qll",
     "ruby/ql/lib/codeql/ruby/security/CryptoAlgorithms.qll"
   ],
+  "CryptoAlgorithmNames Python/JS/Ruby": [
+    "javascript/ql/lib/semmle/javascript/security/internal/CryptoAlgorithmNames.qll",
+    "python/ql/lib/semmle/python/concepts/internal/CryptoAlgorithmNames.qll",
+    "ruby/ql/lib/codeql/ruby/security/internal/CryptoAlgorithmNames.qll"
+  ],
   "SensitiveDataHeuristics Python/JS": [
     "javascript/ql/lib/semmle/javascript/security/internal/SensitiveDataHeuristics.qll",
     "python/ql/lib/semmle/python/security/internal/SensitiveDataHeuristics.qll"
 
@@ -4,81 +4,7 @@
  * The classification into strong and weak are based on Wikipedia, OWASP and google (2017).
  */
 
-/**
- * Names of cryptographic algorithms, separated into strong and weak variants.
- *
- * The names are normalized: upper-case, no spaces, dashes or underscores.
- *
- * The names are inspired by the names used in real world crypto libraries.
- *
- * The classification into strong and weak are based on Wikipedia, OWASP and google (2017).
- */
-module AlgorithmNames {
-  /**
-   * Holds if `name` corresponds to a strong hashing algorithm.
-   */
-  predicate isStrongHashingAlgorithm(string name) {
-    name =
-      [
-        "DSA", "ED25519", "ES256", "ECDSA256", "ES384", "ECDSA384", "ES512", "ECDSA512", "SHA2",
-        "SHA224", "SHA256", "SHA384", "SHA512", "SHA3", "SHA3224", "SHA3256", "SHA3384", "SHA3512"
-      ]
-  }
-
-  /**
-   * Holds if `name` corresponds to a weak hashing algorithm.
-   */
-  predicate isWeakHashingAlgorithm(string name) {
-    name =
-      [
-        "HAVEL128", "MD2", "MD4", "MD5", "PANAMA", "RIPEMD", "RIPEMD128", "RIPEMD256", "RIPEMD160",
-        "RIPEMD320", "SHA0", "SHA1"
-      ]
-  }
-
-  /**
-   * Holds if `name` corresponds to a strong encryption algorithm.
-   */
-  predicate isStrongEncryptionAlgorithm(string name) {
-    name =
-      [
-        "AES", "AES128", "AES192", "AES256", "AES512", "AES-128", "AES-192", "AES-256", "AES-512",
-        "ARIA", "BLOWFISH", "BF", "ECIES", "CAST", "CAST5", "CAMELLIA", "CAMELLIA128",
-        "CAMELLIA192", "CAMELLIA256", "CAMELLIA-128", "CAMELLIA-192", "CAMELLIA-256", "CHACHA",
-        "GOST", "GOST89", "IDEA", "RABBIT", "RSA", "SEED", "SM4"
-      ]
-  }
-
-  /**
-   * Holds if `name` corresponds to a weak encryption algorithm.
-   */
-  predicate isWeakEncryptionAlgorithm(string name) {
-    name =
-      [
-        "DES", "3DES", "DES3", "TRIPLEDES", "DESX", "TDEA", "TRIPLEDEA", "ARC2", "RC2", "ARC4",
-        "RC4", "ARCFOUR", "ARC5", "RC5"
-      ]
-  }
-
-  /**
-   * Holds if `name` corresponds to a strong password hashing algorithm.
-   */
-  predicate isStrongPasswordHashingAlgorithm(string name) {
-    name = ["ARGON2", "PBKDF2", "BCRYPT", "SCRYPT"]
-  }
-
-  /**
-   * Holds if `name` corresponds to a weak password hashing algorithm.
-   */
-  predicate isWeakPasswordHashingAlgorithm(string name) { name = "EVPKDF" }
-
-  /**
-   * Holds if `name` corresponds to a weak block cipher mode of operation.
-   */
-  predicate isWeakBlockMode(string name) { name = "ECB" }
-}
-
-private import AlgorithmNames
+private import internal.CryptoAlgorithmNames
 
 /**
  * A cryptographic algorithm.
 
@@ -0,0 +1,72 @@
+/**
+ * Names of cryptographic algorithms, separated into strong and weak variants.
+ *
+ * The names are normalized: upper-case, no spaces, dashes or underscores.
+ *
+ * The names are inspired by the names used in real world crypto libraries.
+ *
+ * The classification into strong and weak are based on Wikipedia, OWASP and google (2017).
+ */
+
+/**
+ * Holds if `name` corresponds to a strong hashing algorithm.
+ */
+predicate isStrongHashingAlgorithm(string name) {
+  name =
+    [
+      "DSA", "ED25519", "ES256", "ECDSA256", "ES384", "ECDSA384", "ES512", "ECDSA512", "SHA2",
+      "SHA224", "SHA256", "SHA384", "SHA512", "SHA3", "SHA3224", "SHA3256", "SHA3384", "SHA3512"
+    ]
+}
+
+/**
+ * Holds if `name` corresponds to a weak hashing algorithm.
+ */
+predicate isWeakHashingAlgorithm(string name) {
+  name =
+    [
+      "HAVEL128", "MD2", "MD4", "MD5", "PANAMA", "RIPEMD", "RIPEMD128", "RIPEMD256", "RIPEMD160",
+      "RIPEMD320", "SHA0", "SHA1"
+    ]
+}
+
+/**
+ * Holds if `name` corresponds to a strong encryption algorithm.
+ */
+predicate isStrongEncryptionAlgorithm(string name) {
+  name =
+    [
+      "AES", "AES128", "AES192", "AES256", "AES512", "AES-128", "AES-192", "AES-256", "AES-512",
+      "ARIA", "BLOWFISH", "BF", "ECIES", "CAST", "CAST5", "CAMELLIA", "CAMELLIA128", "CAMELLIA192",
+      "CAMELLIA256", "CAMELLIA-128", "CAMELLIA-192", "CAMELLIA-256", "CHACHA", "GOST", "GOST89",
+      "IDEA", "RABBIT", "RSA", "SEED", "SM4"
+    ]
+}
+
+/**
+ * Holds if `name` corresponds to a weak encryption algorithm.
+ */
+predicate isWeakEncryptionAlgorithm(string name) {
+  name =
+    [
+      "DES", "3DES", "DES3", "TRIPLEDES", "DESX", "TDEA", "TRIPLEDEA", "ARC2", "RC2", "ARC4", "RC4",
+      "ARCFOUR", "ARC5", "RC5"
+    ]
+}
+
+/**
+ * Holds if `name` corresponds to a strong password hashing algorithm.
+ */
+predicate isStrongPasswordHashingAlgorithm(string name) {
+  name = ["ARGON2", "PBKDF2", "BCRYPT", "SCRYPT"]
+}
+
+/**
+ * Holds if `name` corresponds to a weak password hashing algorithm.
+ */
+predicate isWeakPasswordHashingAlgorithm(string name) { name = "EVPKDF" }
+
+/**
+ * Holds if `name` corresponds to a weak block cipher mode of operation.
+ */
+predicate isWeakBlockMode(string name) { name = "ECB" }
@@ -4,81 +4,7 @@
  * The classification into strong and weak are based on Wikipedia, OWASP and google (2017).
  */
 
-/**
- * Names of cryptographic algorithms, separated into strong and weak variants.
- *
- * The names are normalized: upper-case, no spaces, dashes or underscores.
- *
- * The names are inspired by the names used in real world crypto libraries.
- *
- * The classification into strong and weak are based on Wikipedia, OWASP and google (2017).
- */
-module AlgorithmNames {
-  /**
-   * Holds if `name` corresponds to a strong hashing algorithm.
-   */
-  predicate isStrongHashingAlgorithm(string name) {
-    name =
-      [
-        "DSA", "ED25519", "ES256", "ECDSA256", "ES384", "ECDSA384", "ES512", "ECDSA512", "SHA2",
-        "SHA224", "SHA256", "SHA384", "SHA512", "SHA3", "SHA3224", "SHA3256", "SHA3384", "SHA3512"
-      ]
-  }
-
-  /**
-   * Holds if `name` corresponds to a weak hashing algorithm.
-   */
-  predicate isWeakHashingAlgorithm(string name) {
-    name =
-      [
-        "HAVEL128", "MD2", "MD4", "MD5", "PANAMA", "RIPEMD", "RIPEMD128", "RIPEMD256", "RIPEMD160",
-        "RIPEMD320", "SHA0", "SHA1"
-      ]
-  }
-
-  /**
-   * Holds if `name` corresponds to a strong encryption algorithm.
-   */
-  predicate isStrongEncryptionAlgorithm(string name) {
-    name =
-      [
-        "AES", "AES128", "AES192", "AES256", "AES512", "AES-128", "AES-192", "AES-256", "AES-512",
-        "ARIA", "BLOWFISH", "BF", "ECIES", "CAST", "CAST5", "CAMELLIA", "CAMELLIA128",
-        "CAMELLIA192", "CAMELLIA256", "CAMELLIA-128", "CAMELLIA-192", "CAMELLIA-256", "CHACHA",
-        "GOST", "GOST89", "IDEA", "RABBIT", "RSA", "SEED", "SM4"
-      ]
-  }
-
-  /**
-   * Holds if `name` corresponds to a weak encryption algorithm.
-   */
-  predicate isWeakEncryptionAlgorithm(string name) {
-    name =
-      [
-        "DES", "3DES", "DES3", "TRIPLEDES", "DESX", "TDEA", "TRIPLEDEA", "ARC2", "RC2", "ARC4",
-        "RC4", "ARCFOUR", "ARC5", "RC5"
-      ]
-  }
-
-  /**
-   * Holds if `name` corresponds to a strong password hashing algorithm.
-   */
-  predicate isStrongPasswordHashingAlgorithm(string name) {
-    name = ["ARGON2", "PBKDF2", "BCRYPT", "SCRYPT"]
-  }
-
-  /**
-   * Holds if `name` corresponds to a weak password hashing algorithm.
-   */
-  predicate isWeakPasswordHashingAlgorithm(string name) { name = "EVPKDF" }
-
-  /**
-   * Holds if `name` corresponds to a weak block cipher mode of operation.
-   */
-  predicate isWeakBlockMode(string name) { name = "ECB" }
-}
-
-private import AlgorithmNames
+private import internal.CryptoAlgorithmNames
 
 /**
  * A cryptographic algorithm.
 
@@ -0,0 +1,72 @@
+/**
+ * Names of cryptographic algorithms, separated into strong and weak variants.
+ *
+ * The names are normalized: upper-case, no spaces, dashes or underscores.
+ *
+ * The names are inspired by the names used in real world crypto libraries.
+ *
+ * The classification into strong and weak are based on Wikipedia, OWASP and google (2017).
+ */
+
+/**
+ * Holds if `name` corresponds to a strong hashing algorithm.
+ */
+predicate isStrongHashingAlgorithm(string name) {
+  name =
+    [
+      "DSA", "ED25519", "ES256", "ECDSA256", "ES384", "ECDSA384", "ES512", "ECDSA512", "SHA2",
+      "SHA224", "SHA256", "SHA384", "SHA512", "SHA3", "SHA3224", "SHA3256", "SHA3384", "SHA3512"
+    ]
+}
+
+/**
+ * Holds if `name` corresponds to a weak hashing algorithm.
+ */
+predicate isWeakHashingAlgorithm(string name) {
+  name =
+    [
+      "HAVEL128", "MD2", "MD4", "MD5", "PANAMA", "RIPEMD", "RIPEMD128", "RIPEMD256", "RIPEMD160",
+      "RIPEMD320", "SHA0", "SHA1"
+    ]
+}
+
+/**
+ * Holds if `name` corresponds to a strong encryption algorithm.
+ */
+predicate isStrongEncryptionAlgorithm(string name) {
+  name =
+    [
+      "AES", "AES128", "AES192", "AES256", "AES512", "AES-128", "AES-192", "AES-256", "AES-512",
+      "ARIA", "BLOWFISH", "BF", "ECIES", "CAST", "CAST5", "CAMELLIA", "CAMELLIA128", "CAMELLIA192",
+      "CAMELLIA256", "CAMELLIA-128", "CAMELLIA-192", "CAMELLIA-256", "CHACHA", "GOST", "GOST89",
+      "IDEA", "RABBIT", "RSA", "SEED", "SM4"
+    ]
+}
+
+/**
+ * Holds if `name` corresponds to a weak encryption algorithm.
+ */
+predicate isWeakEncryptionAlgorithm(string name) {
+  name =
+    [
+      "DES", "3DES", "DES3", "TRIPLEDES", "DESX", "TDEA", "TRIPLEDEA", "ARC2", "RC2", "ARC4", "RC4",
+      "ARCFOUR", "ARC5", "RC5"
+    ]
+}
+
+/**
+ * Holds if `name` corresponds to a strong password hashing algorithm.
+ */
+predicate isStrongPasswordHashingAlgorithm(string name) {
+  name = ["ARGON2", "PBKDF2", "BCRYPT", "SCRYPT"]
+}
+
+/**
+ * Holds if `name` corresponds to a weak password hashing algorithm.
+ */
+predicate isWeakPasswordHashingAlgorithm(string name) { name = "EVPKDF" }
+
+/**
+ * Holds if `name` corresponds to a weak block cipher mode of operation.
+ */
+predicate isWeakBlockMode(string name) { name = "ECB" }