Suppress CodeQL false alarm (#4960)

imcarolwang · web-flow · commit 8e05deff8877 · 2023-02-09T16:54:01.000-08:00
* Supress CodeQL false alarm.

* update.

* Update suppress comment
diff --git a/src/System.ServiceModel.Primitives/src/System/IdentityModel/CryptoHelper.cs b/src/System.ServiceModel.Primitives/src/System/IdentityModel/CryptoHelper.cs
@@ -76,7 +76,7 @@ internal static KeyedHashAlgorithm CreateKeyedHashAlgorithm(byte[] key, string a
             {
                 case SecurityAlgorithms.HmacSha1Signature:
 #pragma warning disable CA5350 // Do not use insecure cryptographic algorithm SHA1.
-                    return new HMACSHA1(key);
+                    return new HMACSHA1(key);// CodeQL [SM02200] Insecure cryptographic algorithm HMACSHA1 is needed here as a requirement of SOAP protocols
 #pragma warning restore CA5350 // Do not use insecure cryptographic algorithm SHA1.
                 case SecurityAlgorithms.HmacSha256Signature:
                     return new HMACSHA256(key);
@@ -196,7 +196,7 @@ internal static HashAlgorithm CreateHashAlgorithm(string algorithm)
                 case SystemSecurityCryptographySha1String:
                 case SecurityAlgorithms.Sha1Digest:
 #pragma warning disable CA5350 // Do not use insecure cryptographic algorithm SHA1.
-                    return SHA1.Create();
+                    return SHA1.Create();// CodeQL [SM02196] Insecure cryptographic algorithm SHA1 is needed here as a requirement of SOAP protocols
 #pragma warning restore CA5350 // Do not use insecure cryptographic algorithm SHA1.
                 case SHA256String:
                 case SecurityAlgorithms.Sha256Digest:
@@ -223,7 +223,7 @@ private static object GetDefaultAlgorithm(string algorithm)
                 // will be inside the delegate dictionary.
                 case SecurityAlgorithms.Sha1Digest:
 #pragma warning disable CA5350 // Do not use insecure cryptographic algorithm SHA1.
-                    return SHA1.Create();
+                    return SHA1.Create();// CodeQL [SM02196] Insecure cryptographic algorithm SHA1 is needed here as a requirement of SOAP protocols
 #pragma warning restore CA5350 // Do not use insecure cryptographic algorithm SHA1.
                 case SecurityAlgorithms.ExclusiveC14n:
                     throw ExceptionHelper.PlatformNotSupported();
@@ -242,11 +242,11 @@ private static object GetDefaultAlgorithm(string algorithm)
                 case SecurityAlgorithms.TripleDesEncryption:
                 case SecurityAlgorithms.TripleDesKeyWrap:
 #pragma warning disable CA5350 // Do Not Use Weak Cryptographic Algorithms
-                    return TripleDES.Create();
+                    return TripleDES.Create();// CodeQL [SM02192] Weak cryptographic algorithm TripleDES is needed here as a requirement of SOAP protocols
 #pragma warning restore CA5350 // Do Not Use Weak Cryptographic Algorithms
                 case SecurityAlgorithms.HmacSha1Signature:
 #pragma warning disable CA5350 // Do not use insecure cryptographic algorithm SHA1.
-                    return new HMACSHA1();
+                    return new HMACSHA1();// CodeQL [SM02200] Insecure cryptographic algorithm HMACSHA1 is needed here as a requirement of SOAP protocols
 #pragma warning restore CA5350 // Do not use insecure cryptographic algorithm SHA1.
                 case SecurityAlgorithms.HmacSha256Signature:
                     return new HMACSHA256();
@@ -256,7 +256,7 @@ private static object GetDefaultAlgorithm(string algorithm)
                     return null;
                 case SecurityAlgorithms.DesEncryption:
 #pragma warning disable CA5351 // Do Not Use Broken Cryptographic Algorithms
-                    return DES.Create();
+                    return DES.Create();// CodeQL [SM02192] Broken cryptographic algorithm DES is needed here as a requirement of SOAP protocols
 #pragma warning restore CA5351 // Do Not Use Broken Cryptographic Algorithms
                 default:
                     return null;
@@ -340,11 +340,11 @@ internal static object GetAlgorithmFromConfig(string algorithm)
                     return SHA256.Create();
                 case SecurityAlgorithms.Sha1Digest:
 #pragma warning disable CA5350 // Do not use insecure cryptographic algorithm SHA1.
-                    return SHA1.Create();
+                    return SHA1.Create();// CodeQL [SM02196] Insecure cryptographic algorithm SHA1 is needed here as a requirement of SOAP protocols
 #pragma warning restore CA5350 // Do not use insecure cryptographic algorithm SHA1.
                 case SecurityAlgorithms.HmacSha1Signature:
 #pragma warning disable CA5350 // Do not use insecure cryptographic algorithm SHA1.
-                    return new HMACSHA1();
+                    return new HMACSHA1();// CodeQL [SM02200] Insecure cryptographic algorithm HMACSHA1 is needed here as a requirement of SOAP protocols
 #pragma warning restore CA5350 // Do not use insecure cryptographic algorithm SHA1.
                 default:
                     break;
