Suppress warnings about weak hash algorithms (#10647)

Motivation:

LGTM reported that WebSocketUtil uses MD5 and SHA-1
that are considered weak. Although those algorithms
are insecure, they are required by draft-ietf-hybi-thewebsocketprotocol-00
specification that is implemented in the corresponding WebSocket
handshakers. Once the handshakers are removed, WebSocketUtil can be
updated to stop using those weak hash functions.

Modifications:

Added SuppressWarnings annotations.

Result:

Suppressed warnings.
This commit is contained in:
Artem Smotrakov 2020-10-12 09:24:17 +02:00 committed by GitHub
parent d3a41b8b9a
commit 00f21845f8
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23

View File

@ -31,6 +31,8 @@ import java.security.NoSuchAlgorithmException;
*/
final class WebSocketUtil {
// Suppress a warning about weak hash algorithm since it's defined in draft-ietf-hybi-thewebsocketprotocol-00
@SuppressWarnings("lgtm[java/weak-cryptographic-algorithm]")
private static final FastThreadLocal<MessageDigest> MD5 = new FastThreadLocal<MessageDigest>() {
@Override
protected MessageDigest initialValue() throws Exception {
@ -44,6 +46,8 @@ final class WebSocketUtil {
}
};
// Suppress a warning about weak hash algorithm since it's defined in draft-ietf-hybi-thewebsocketprotocol-00
@SuppressWarnings("lgtm[java/weak-cryptographic-algorithm]")
private static final FastThreadLocal<MessageDigest> SHA1 = new FastThreadLocal<MessageDigest>() {
@Override
protected MessageDigest initialValue() throws Exception {