Примеры ошибок, обнаруженных с помощью диагностики V5314

V5314. OWASP. Use of an outdated hash algorithm is not recommended.

DBeaver

V5314. Use of the 'MD5' hash algorithm is not recommended. Such code may cause the exposure of sensitive data. EditConnectionWizard.java 330

private boolean checkLockPassword() {
  BaseAuthDialog dialog = new BaseAuthDialog(....);
  if (dialog.open() == IDialogConstants.OK_ID) {
    final String userPassword = dialog.getUserPassword();
    if (!CommonUtils.isEmpty(userPassword)) {
      try {
        final byte[]
                md5hash = MessageDigest.getInstance("MD5") // <=
                .digest(userPassword.getBytes(....));
        final String hexString = CommonUtils.toHexString(md5hash)
                                            .toLowerCase(Locale.ENGLISH)
                                            .trim();
        if (hexString.equals(dataSource.getLockPasswordHash())) {
          return true;
        }
        UIUtils.showMessageBox(....);
      } catch (Throwable e) {
        DBWorkbench.getPlatformUI().showError(....);
      }
    }
  }
  return false;
}