From 95116eec51c9753fde58ee6037e1400201e2e022 Mon Sep 17 00:00:00 2001
From: Owen Mansel-Chan <owen-mc@github.com>
Date: Wed, 4 Dec 2024 00:42:23 +0000
Subject: [PATCH] Update recommendations

---
 java/ql/lib/semmle/code/java/security/Encryption.qll | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/java/ql/lib/semmle/code/java/security/Encryption.qll b/java/ql/lib/semmle/code/java/security/Encryption.qll
index 6d32e16b4794..ba374f5d7af3 100644
--- a/java/ql/lib/semmle/code/java/security/Encryption.qll
+++ b/java/ql/lib/semmle/code/java/security/Encryption.qll
@@ -219,11 +219,11 @@ predicate insecureAlgorithm(string name, string reason) {
   or
   name = "ECB" and
   reason =
-    "Encryption mode ECB like AES/ECB/NoPadding is vulnerable to replay and other attacks. Use a different encryption mode."
+    "Encryption mode ECB like AES/ECB/NoPadding is vulnerable to replay and other attacks. Consider using a different encryption mode, like CBC or GCM, instead."
   or
   name = "AES/CBC/PKCS[57]Padding" and
   reason =
-    "CBC mode of operation with PKCS#5 or PKCS#7 padding is vulnerable to padding oracle attacks. Consider using AES instead."
+    "CBC mode of operation with PKCS#5 or PKCS#7 padding is vulnerable to padding oracle attacks. Consider using GCM encryption mode instead."
 }
 
 /**