YYTVicky commented on a change in pull request #44:
URL: https://github.com/apache/commons-codec/pull/44#discussion_r571465718
##########
File path: src/main/java/org/apache/commons/codec/digest/DigestUtils.java
##########
@@ -192,6 +192,7 @@ public static MessageDigest getDigest(final String
algorithm) {
*/
public static MessageDigest getDigest(final String algorithm, final
MessageDigest defaultMessageDigest) {
try {
+ /** potential insecure algorithm (MD2, MD5, SHA1, SHA256) called
here */
Review comment:
Hi @garydgregory , Thanks a lot for your kind reply, we are a security
research team at Virginia Tech. We are doing an empirical study about the
usefulness of the existing security vulnerability detection tools. May we
follow up on several questions:
**Is the bug report helpful?**
**will you prefer to fix the reported vulnerability**
**Are there any types of bugs/security vulnerabilities you want the
detection tools to pay more attention to?**
Appreciate any feedback from your side!
----------------------------------------------------------------
This is an automated message from the Apache Git Service.
To respond to the message, please log on to GitHub and use the
URL above to go to the specific comment.
For queries about this service, please contact Infrastructure at:
[email protected]
