Weak cryptography suppression. (#10689)

RohitRanjanMS · web-flow · commit cb0a62c51dd8 · 2024-12-20T12:44:35.000-08:00
* Weak cryptography suppression.
diff --git a/src/WebJobs.Script/Description/DotNet/PackageManager.cs b/src/WebJobs.Script/Description/DotNet/PackageManager.cs
@@ -125,6 +125,7 @@ internal static string GetCurrentLockFileHash(string functionDirectory)
                 return string.Empty;
             }
 
+            // CodeQL [SM02196] The hash here is used to create a unique identifier over non-sensitive data and there is no security impact. Changing the hashing algorithm of the file path hash would be a breaking change for applications.
             using (var md5 = MD5.Create())
             {
                 using (var stream = File.OpenRead(lockFilePath))
diff --git a/src/WebJobs.Script/Host/ScriptHostIdProvider.cs b/src/WebJobs.Script/Host/ScriptHostIdProvider.cs
@@ -57,6 +57,8 @@ internal static HostIdResult GetDefaultHostId(IEnvironment environment, ScriptAp
                 if (!string.IsNullOrEmpty(uniqueSlotName))
                 {
                     byte[] hash;
+                    // The Functions Host uses a Host ID to uniquely identify a particular Function App. By default, the ID is auto-generated from the Function App name, by taking the first 32 characters.
+                    // CodeQL [SM02196] The hash here is used to create a unique identifier over non-sensitive data and there is no security impact. Changing the hashing algorithm of the host ID creation would be a breaking change for applications.
                     using (MD5 md5 = MD5.Create())
                     {
                         hash = md5.ComputeHash(Encoding.UTF8.GetBytes(uniqueSlotName));

Original file line number	Diff line number	Diff line change
`@@ -125,6 +125,7 @@ internal static string GetCurrentLockFileHash(string functionDirectory)`
`125`	`125`	`return string.Empty;`
`126`	`126`	`}`
`127`	`127`
	`128`	`+ // CodeQL [SM02196] The hash here is used to create a unique identifier over non-sensitive data and there is no security impact. Changing the hashing algorithm of the file path hash would be a breaking change for applications.`
`128`	`129`	`using (var md5 = MD5.Create())`
`129`	`130`	`{`
`130`	`131`	`using (var stream = File.OpenRead(lockFilePath))`
Original file line number	Diff line number	Diff line change
`@@ -57,6 +57,8 @@ internal static HostIdResult GetDefaultHostId(IEnvironment environment, ScriptAp`
`57`	`57`	`if (!string.IsNullOrEmpty(uniqueSlotName))`
`58`	`58`	`{`
`59`	`59`	`byte[] hash;`
	`60`	`+ // The Functions Host uses a Host ID to uniquely identify a particular Function App. By default, the ID is auto-generated from the Function App name, by taking the first 32 characters.`
	`61`	`+ // CodeQL [SM02196] The hash here is used to create a unique identifier over non-sensitive data and there is no security impact. Changing the hashing algorithm of the host ID creation would be a breaking change for applications.`
`60`	`62`	`using (MD5 md5 = MD5.Create())`
`61`	`63`	`{`
`62`	`64`	`hash = md5.ComputeHash(Encoding.UTF8.GetBytes(uniqueSlotName));`