Suppress warnings about weak hash algorithms (#10647)
Motivation: LGTM reported that WebSocketUtil uses MD5 and SHA-1 that are considered weak. Although those algorithms are insecure, they are required by draft-ietf-hybi-thewebsocketprotocol-00 specification that is implemented in the corresponding WebSocket handshakers. Once the handshakers are removed, WebSocketUtil can be updated to stop using those weak hash functions. Modifications: Added SuppressWarnings annotations. Result: Suppressed warnings.
This commit is contained in:
Artem Smotrakov
GitHub
parent
d3a41b8b9a
commit
00f21845f8
@ -31,6 +31,8 @@ import java.security.NoSuchAlgorithmException;
|
|||||||
*/
|
*/
|
||||||
final class WebSocketUtil {
|
final class WebSocketUtil {
|
||||||
|
|
||||||
|
// Suppress a warning about weak hash algorithm since it's defined in draft-ietf-hybi-thewebsocketprotocol-00
|
||||||
|
@SuppressWarnings("lgtm[java/weak-cryptographic-algorithm]")
|
||||||
private static final FastThreadLocal<MessageDigest> MD5 = new FastThreadLocal<MessageDigest>() {
|
private static final FastThreadLocal<MessageDigest> MD5 = new FastThreadLocal<MessageDigest>() {
|
||||||
@Override
|
@Override
|
||||||
protected MessageDigest initialValue() throws Exception {
|
protected MessageDigest initialValue() throws Exception {
|
||||||
@ -44,6 +46,8 @@ final class WebSocketUtil {
|
|||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
|
// Suppress a warning about weak hash algorithm since it's defined in draft-ietf-hybi-thewebsocketprotocol-00
|
||||||
|
@SuppressWarnings("lgtm[java/weak-cryptographic-algorithm]")
|
||||||
private static final FastThreadLocal<MessageDigest> SHA1 = new FastThreadLocal<MessageDigest>() {
|
private static final FastThreadLocal<MessageDigest> SHA1 = new FastThreadLocal<MessageDigest>() {
|
||||||
@Override
|
@Override
|
||||||
protected MessageDigest initialValue() throws Exception {
|
protected MessageDigest initialValue() throws Exception {
|
||||||
|
|||||||
Loading…
Reference in New Issue
Block a user