[
https://issues.apache.org/jira/browse/GROOVY-11459?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17880849#comment-17880849
] ASF GitHub Bot commented on GROOVY-11459: ----------------------------------------- codecov-commenter commented on PR #2112: URL: https://github.com/apache/groovy/pull/2112#issuecomment-2342577261 ## [Codecov](https://app.codecov.io/gh/apache/groovy/pull/2112?dropdown=coverage&src=pr&el=h1&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=apache) Report Attention: Patch coverage is `42.85714%` with `8 lines` in your changes missing coverage. Please review. > Project coverage is 68.6751%. Comparing base [(`6cd477b`)](https://app.codecov.io/gh/apache/groovy/commit/6cd477b3157675f0ceee9fbd62e3efd0cc9bdb3e?dropdown=coverage&el=desc&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=apache) to head [(`aed169b`)](https://app.codecov.io/gh/apache/groovy/commit/aed169bee71f5b79835024d20ca030f67b3cda73?dropdown=coverage&el=desc&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=apache). > Report is 235 commits behind head on master. | [Files with missing lines](https://app.codecov.io/gh/apache/groovy/pull/2112?dropdown=coverage&src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=apache) | Patch % | Lines | |---|---|---| | [src/main/java/groovy/lang/GroovyClassLoader.java](https://app.codecov.io/gh/apache/groovy/pull/2112?src=pr&el=tree&filepath=src%2Fmain%2Fjava%2Fgroovy%2Flang%2FGroovyClassLoader.java&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=apache#diff-c3JjL21haW4vamF2YS9ncm9vdnkvbGFuZy9Hcm9vdnlDbGFzc0xvYWRlci5qYXZh) | 42.8571% | [6 Missing and 2 partials :warning: ](https://app.codecov.io/gh/apache/groovy/pull/2112?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=apache) | <details><summary>Additional details and impacted files</summary> [](https://app.codecov.io/gh/apache/groovy/pull/2112?src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=apache) ```diff @@ Coverage Diff @@ ## master #2112 +/- ## ================================================== + Coverage 68.5957% 68.6751% +0.0794% - Complexity 29233 29404 +171 ================================================== Files 1426 1426 Lines 113494 113635 +141 Branches 19548 19599 +51 ================================================== + Hits 77852 78039 +187 + Misses 29088 29048 -40 + Partials 6554 6548 -6 ``` | [Files with missing lines](https://app.codecov.io/gh/apache/groovy/pull/2112?dropdown=coverage&src=pr&el=tree&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=apache) | Coverage Δ | | |---|---|---| | [src/main/java/groovy/lang/GroovyClassLoader.java](https://app.codecov.io/gh/apache/groovy/pull/2112?src=pr&el=tree&filepath=src%2Fmain%2Fjava%2Fgroovy%2Flang%2FGroovyClassLoader.java&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=apache#diff-c3JjL21haW4vamF2YS9ncm9vdnkvbGFuZy9Hcm9vdnlDbGFzc0xvYWRlci5qYXZh) | `71.0456% <42.8571%> (-0.4613%)` | :arrow_down: | ... and [53 files with indirect coverage changes](https://app.codecov.io/gh/apache/groovy/pull/2112/indirect-changes?src=pr&el=tree-more&utm_medium=referral&utm_source=github&utm_content=comment&utm_campaign=pr+comments&utm_term=apache) </details> > weak hashing algorithm (使用弱哈希算法) > -------------------------------- > > Key: GROOVY-11459 > URL: https://issues.apache.org/jira/browse/GROOVY-11459 > Project: Groovy > Issue Type: Bug > Affects Versions: 4.0.22 > Reporter: wellchang > Assignee: Paul King > Priority: Major > > 通过iast扫描发现groovy中使用了md5来生成缓存键名,路径为groovy.lang.GroovyClassLoader.getSourceCacheKey > 建议使用常见的安全的哈希算法,如SHA-256,SHA-384,SHA-512等 > Google Translate gives: > Through iast scanning, it was found that md5 is used in groovy to generate > the cache key name, and the path is > groovy.lang.GroovyClassLoader.getSourceCacheKey > It is recommended to use common secure hash algorithms, such as SHA-256, > SHA-384, SHA-512, etc. -- This message was sent by Atlassian Jira (v8.20.10#820010)
