Suppress warnings about weak hash algorithms (#10647)
Motivation: LGTM reported that WebSocketUtil uses MD5 and SHA-1 that are considered weak. Although those algorithms are insecure, they are required by draft-ietf-hybi-thewebsocketprotocol-00 specification that is implemented in the corresponding WebSocket handshakers. Once the handshakers are removed, WebSocketUtil can be updated to stop using those weak hash functions. Modifications: Added SuppressWarnings annotations. Result: Suppressed warnings.
This commit is contained in:
parent
d3a41b8b9a
commit
00f21845f8
@ -31,6 +31,8 @@ import java.security.NoSuchAlgorithmException;
|
||||
*/
|
||||
final class WebSocketUtil {
|
||||
|
||||
// Suppress a warning about weak hash algorithm since it's defined in draft-ietf-hybi-thewebsocketprotocol-00
|
||||
@SuppressWarnings("lgtm[java/weak-cryptographic-algorithm]")
|
||||
private static final FastThreadLocal<MessageDigest> MD5 = new FastThreadLocal<MessageDigest>() {
|
||||
@Override
|
||||
protected MessageDigest initialValue() throws Exception {
|
||||
@ -44,6 +46,8 @@ final class WebSocketUtil {
|
||||
}
|
||||
};
|
||||
|
||||
// Suppress a warning about weak hash algorithm since it's defined in draft-ietf-hybi-thewebsocketprotocol-00
|
||||
@SuppressWarnings("lgtm[java/weak-cryptographic-algorithm]")
|
||||
private static final FastThreadLocal<MessageDigest> SHA1 = new FastThreadLocal<MessageDigest>() {
|
||||
@Override
|
||||
protected MessageDigest initialValue() throws Exception {
|
||||
|
Loading…
Reference in New Issue
Block a user