You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@commons.apache.org by GitBox <gi...@apache.org> on 2021/02/06 18:06:58 UTC

[GitHub] [commons-codec] YYTVicky commented on a change in pull request #44: Update DigestUtils.java

YYTVicky commented on a change in pull request #44:
URL: https://github.com/apache/commons-codec/pull/44#discussion_r571465718



##########
File path: src/main/java/org/apache/commons/codec/digest/DigestUtils.java
##########
@@ -192,6 +192,7 @@ public static MessageDigest getDigest(final String algorithm) {
      */
     public static MessageDigest getDigest(final String algorithm, final MessageDigest defaultMessageDigest) {
         try {
+            /** potential insecure algorithm (MD2, MD5, SHA1, SHA256) called here */

Review comment:
       Hi @garydgregory , Thanks a lot for your kind reply, we are a security research team at Virginia Tech. We are doing an empirical study about the usefulness of the existing security vulnerability detection tools. May we follow up on several questions: 
    **Is the bug report helpful?**
   **will you prefer to fix the reported vulnerability**
   **Are there any types of bugs/security vulnerabilities you want the detection tools to pay more attention to?**
   Appreciate any feedback from your side!
   




----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.

For queries about this service, please contact Infrastructure at:
users@infra.apache.org