From 00f21845f82f535c5b4e74baa8a78fa65231984f Mon Sep 17 00:00:00 2001 From: Artem Smotrakov Date: Mon, 12 Oct 2020 09:24:17 +0200 Subject: [PATCH] Suppress warnings about weak hash algorithms (#10647) Motivation: LGTM reported that WebSocketUtil uses MD5 and SHA-1 that are considered weak. Although those algorithms are insecure, they are required by draft-ietf-hybi-thewebsocketprotocol-00 specification that is implemented in the corresponding WebSocket handshakers. Once the handshakers are removed, WebSocketUtil can be updated to stop using those weak hash functions. Modifications: Added SuppressWarnings annotations. Result: Suppressed warnings. --- .../io/netty/handler/codec/http/websocketx/WebSocketUtil.java | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/codec-http/src/main/java/io/netty/handler/codec/http/websocketx/WebSocketUtil.java b/codec-http/src/main/java/io/netty/handler/codec/http/websocketx/WebSocketUtil.java index 8699f6412c..f2805d9cfb 100644 --- a/codec-http/src/main/java/io/netty/handler/codec/http/websocketx/WebSocketUtil.java +++ b/codec-http/src/main/java/io/netty/handler/codec/http/websocketx/WebSocketUtil.java @@ -31,6 +31,8 @@ import java.security.NoSuchAlgorithmException; */ final class WebSocketUtil { + // Suppress a warning about weak hash algorithm since it's defined in draft-ietf-hybi-thewebsocketprotocol-00 + @SuppressWarnings("lgtm[java/weak-cryptographic-algorithm]") private static final FastThreadLocal MD5 = new FastThreadLocal() { @Override protected MessageDigest initialValue() throws Exception { @@ -44,6 +46,8 @@ final class WebSocketUtil { } }; + // Suppress a warning about weak hash algorithm since it's defined in draft-ietf-hybi-thewebsocketprotocol-00 + @SuppressWarnings("lgtm[java/weak-cryptographic-algorithm]") private static final FastThreadLocal SHA1 = new FastThreadLocal() { @Override protected MessageDigest initialValue() throws Exception {