Suppress warnings about weak hash algorithms (#10647)

Motivation: LGTM reported that WebSocketUtil uses MD5 and SHA-1 that are considered weak. Although those algorithms are insecure, they are required by draft-ietf-hybi-thewebsocketprotocol-00 specification that is implemented in the corresponding WebSocket handshakers. Once the handshakers are removed, WebSocketUtil can be updated to stop using those weak hash functions. Modifications: Added SuppressWarnings annotations. Result: Suppressed warnings.
2020-10-12 09:24:17 +02:00 · 2020-10-12 09:24:17 +02:00 · 00f21845f8
commit 00f21845f8
parent d3a41b8b9a
1 changed files with 4 additions and 0 deletions
--- a/codec-http/src/main/java/io/netty/handler/codec/http/websocketx/WebSocketUtil.java
+++ b/codec-http/src/main/java/io/netty/handler/codec/http/websocketx/WebSocketUtil.java
@ -31,6 +31,8 @@ import java.security.NoSuchAlgorithmException;
 */
 final class WebSocketUtil {

+    // Suppress a warning about weak hash algorithm since it's defined in draft-ietf-hybi-thewebsocketprotocol-00
+    @SuppressWarnings("lgtm[java/weak-cryptographic-algorithm]")
    private static final FastThreadLocal<MessageDigest> MD5 = new FastThreadLocal<MessageDigest>() {
        @Override
        protected MessageDigest initialValue() throws Exception {
@ -44,6 +46,8 @@ final class WebSocketUtil {
        }
    };

+    // Suppress a warning about weak hash algorithm since it's defined in draft-ietf-hybi-thewebsocketprotocol-00
+    @SuppressWarnings("lgtm[java/weak-cryptographic-algorithm]")
    private static final FastThreadLocal<MessageDigest> SHA1 = new FastThreadLocal<MessageDigest>() {
        @Override
        protected MessageDigest initialValue() throws Exception {