Suppress warnings about weak hash algorithms (#10647)
Motivation: LGTM reported that WebSocketUtil uses MD5 and SHA-1 that are considered weak. Although those algorithms are insecure, they are required by draft-ietf-hybi-thewebsocketprotocol-00 specification that is implemented in the corresponding WebSocket handshakers. Once the handshakers are removed, WebSocketUtil can be updated to stop using those weak hash functions. Modifications: Added SuppressWarnings annotations. Result: Suppressed warnings.
This commit is contained in:
parent
9707ce183a
commit
327071c7b3
@ -27,6 +27,8 @@ import java.util.concurrent.ThreadLocalRandom;
|
|||||||
*/
|
*/
|
||||||
final class WebSocketUtil {
|
final class WebSocketUtil {
|
||||||
|
|
||||||
|
// Suppress a warning about weak hash algorithm since it's defined in draft-ietf-hybi-thewebsocketprotocol-00
|
||||||
|
@SuppressWarnings("lgtm[java/weak-cryptographic-algorithm]")
|
||||||
private static final FastThreadLocal<MessageDigest> MD5 = new FastThreadLocal<MessageDigest>() {
|
private static final FastThreadLocal<MessageDigest> MD5 = new FastThreadLocal<MessageDigest>() {
|
||||||
@Override
|
@Override
|
||||||
protected MessageDigest initialValue() throws Exception {
|
protected MessageDigest initialValue() throws Exception {
|
||||||
@ -40,6 +42,8 @@ final class WebSocketUtil {
|
|||||||
}
|
}
|
||||||
};
|
};
|
||||||
|
|
||||||
|
// Suppress a warning about weak hash algorithm since it's defined in draft-ietf-hybi-thewebsocketprotocol-00
|
||||||
|
@SuppressWarnings("lgtm[java/weak-cryptographic-algorithm]")
|
||||||
private static final FastThreadLocal<MessageDigest> SHA1 = new FastThreadLocal<MessageDigest>() {
|
private static final FastThreadLocal<MessageDigest> SHA1 = new FastThreadLocal<MessageDigest>() {
|
||||||
@Override
|
@Override
|
||||||
protected MessageDigest initialValue() throws Exception {
|
protected MessageDigest initialValue() throws Exception {
|
||||||
|
Loading…
Reference in New Issue
Block a user