Suppress warnings about weak hash algorithms (#10647)

Motivation:

LGTM reported that WebSocketUtil uses MD5 and SHA-1
that are considered weak. Although those algorithms
are insecure, they are required by draft-ietf-hybi-thewebsocketprotocol-00
specification that is implemented in the corresponding WebSocket
handshakers. Once the handshakers are removed, WebSocketUtil can be
updated to stop using those weak hash functions.

Modifications:

Added SuppressWarnings annotations.

Result:

Suppressed warnings.
This commit is contained in:
Artem Smotrakov 2020-10-12 09:24:17 +02:00 committed by Norman Maurer
parent 9707ce183a
commit 327071c7b3

View File

@ -27,6 +27,8 @@ import java.util.concurrent.ThreadLocalRandom;
*/ */
final class WebSocketUtil { final class WebSocketUtil {
// Suppress a warning about weak hash algorithm since it's defined in draft-ietf-hybi-thewebsocketprotocol-00
@SuppressWarnings("lgtm[java/weak-cryptographic-algorithm]")
private static final FastThreadLocal<MessageDigest> MD5 = new FastThreadLocal<MessageDigest>() { private static final FastThreadLocal<MessageDigest> MD5 = new FastThreadLocal<MessageDigest>() {
@Override @Override
protected MessageDigest initialValue() throws Exception { protected MessageDigest initialValue() throws Exception {
@ -40,6 +42,8 @@ final class WebSocketUtil {
} }
}; };
// Suppress a warning about weak hash algorithm since it's defined in draft-ietf-hybi-thewebsocketprotocol-00
@SuppressWarnings("lgtm[java/weak-cryptographic-algorithm]")
private static final FastThreadLocal<MessageDigest> SHA1 = new FastThreadLocal<MessageDigest>() { private static final FastThreadLocal<MessageDigest> SHA1 = new FastThreadLocal<MessageDigest>() {
@Override @Override
protected MessageDigest initialValue() throws Exception { protected MessageDigest initialValue() throws Exception {