More CodeQL Suppressions (#2264)

brianrob · web-flow · commit eeec45196239 · 2025-07-16T17:02:12.000-07:00
diff --git a/src/TraceEvent/Symbols/NativeSymbolModule.cs b/src/TraceEvent/Symbols/NativeSymbolModule.cs
@@ -664,11 +664,17 @@ private void TryInitializeCppChecksum(IDiaSourceFile sourceFile)
                 // 3 checksum generated with the SHA256 hashing algorithm.
                 if (sourceFile.checksumType == 1)
                 {
-                    _hashAlgorithm = System.Security.Cryptography.MD5.Create(); // lgtm [cs/weak-crypto] The PDB specifies the checksum algorithm.  This is not controlled by TraceEvent.
+                    // CodeQL [SM02196] The checksum algorithm is specified by the built artifact.  This is not controlled by TraceEvent.
+                    // CodeQL [SM03938] The checksum algorithm is specified by the built artifact.  This is not controlled by TraceEvent.
+                    // CodeQL [SM03939] The checksum algorithm is specified by the built artifact.  This is not controlled by TraceEvent.
+                    _hashAlgorithm = System.Security.Cryptography.MD5.Create();
                 }
                 else if (sourceFile.checksumType == 2)
                 {
-                    _hashAlgorithm = System.Security.Cryptography.SHA1.Create(); // lgtm [cs/weak-crypto] The PDB specifies the checksum algorithm.  This is not controlled by TraceEvent.
+                    // CodeQL [SM02196] The checksum algorithm is specified by the built artifact.  This is not controlled by TraceEvent.
+                    // CodeQL [SM03938] The checksum algorithm is specified by the built artifact.  This is not controlled by TraceEvent.
+                    // CodeQL [SM03939] The checksum algorithm is specified by the built artifact.  This is not controlled by TraceEvent.
+                    _hashAlgorithm = System.Security.Cryptography.SHA1.Create();
                 }
                 else if (sourceFile.checksumType == 3)
                 {
@@ -725,11 +731,17 @@ private void TryInitializeManagedChecksum(NativeSymbolModule module)
 
                     if (srcFormat.Header.algorithmId == guidMD5)
                     {
-                        _hashAlgorithm = System.Security.Cryptography.MD5.Create(); // lgtm [cs/weak-crypto] The checksum algorithm is specified by the injected source.  This is not controlled by TraceEvent.
+                        // CodeQL [SM02196] The checksum algorithm is specified by the built artifact.  This is not controlled by TraceEvent.
+                        // CodeQL [SM03938] The checksum algorithm is specified by the built artifact.  This is not controlled by TraceEvent.
+                        // CodeQL [SM03939] The checksum algorithm is specified by the built artifact.  This is not controlled by TraceEvent.
+                        _hashAlgorithm = System.Security.Cryptography.MD5.Create();
                     }
                     else if (srcFormat.Header.algorithmId == guidSHA1)
                     {
-                        _hashAlgorithm = System.Security.Cryptography.SHA1.Create(); // lgtm [cs/weak-crypto] The checksum algorithm is specified by the injected source.  This is not controlled by TraceEvent.
+                        // CodeQL [SM02196] The checksum algorithm is specified by the built artifact.  This is not controlled by TraceEvent.
+                        // CodeQL [SM03938] The checksum algorithm is specified by the built artifact.  This is not controlled by TraceEvent.
+                        // CodeQL [SM03939] The checksum algorithm is specified by the built artifact.  This is not controlled by TraceEvent.
+                        _hashAlgorithm = System.Security.Cryptography.SHA1.Create();
                     }
                     else if (srcFormat.Header.algorithmId == guidSHA256)
                     {
diff --git a/src/TraceEvent/Symbols/PortableSymbolModule.cs b/src/TraceEvent/Symbols/PortableSymbolModule.cs
@@ -119,7 +119,10 @@ internal PortablePdbSourceFile(DocumentHandle documentHandle, PortableSymbolModu
                 Guid hashAlgorithmGuid = metaData.GetGuid(sourceFileDocument.HashAlgorithm);
                 if (hashAlgorithmGuid == HashAlgorithmSha1)
                 {
-                    _hashAlgorithm = System.Security.Cryptography.SHA1.Create(); // lgtm [cs/weak-crypto] The PDB specifies the checksum algorithm.  This is not controlled by TraceEvent.
+                    // CodeQL [SM02196] The PDB specifies the checksum algorithm.  This is not controlled by TraceEvent.
+                    // CodeQL [SM03938] The PDB specifies the checksum algorithm.  This is not controlled by TraceEvent.
+                    // CodeQL [SM03939] The PDB specifies the checksum algorithm.  This is not controlled by TraceEvent.
+                    _hashAlgorithm = System.Security.Cryptography.SHA1.Create();
                 }
                 else if (hashAlgorithmGuid == HashAlgorithmSha256)
                 {
diff --git a/src/TraceEvent/TraceEventSession.cs b/src/TraceEvent/TraceEventSession.cs
@@ -3053,7 +3053,10 @@ public static Guid GetEventSourceGuidFromName(string name)
             }
 
             // Compute the Sha1 hash
-            var sha1 = System.Security.Cryptography.SHA1.Create(); // lgtm [cs/weak-crypto] The EventSource name to GUID protocol requires a SHA1 hash.
+            // CodeQL [SM02196] The EventSource name to GUID protocol requires a SHA1 hash.
+            // CodeQL [SM03938] The EventSource name to GUID protocol requires a SHA1 hash.
+            // CodeQL [SM03939] The EventSource name to GUID protocol requires a SHA1 hash.
+            var sha1 = System.Security.Cryptography.SHA1.Create();
             byte[] hash = sha1.ComputeHash(bytes);
 
             // Create a GUID out of the first 16 bytes of the hash (SHA-1 create a 20 byte hash)
diff --git a/src/TraceParserGen/Program.cs b/src/TraceParserGen/Program.cs
@@ -636,7 +636,10 @@ private static Guid GenerateGuidFromName(string name)
         }
 
         // Compute the Sha1 hash
-        var sha1 = System.Security.Cryptography.SHA1.Create(); // lgtm [cs/weak-crypto] The EventSource name to GUID protocol requires a SHA1 hash.
+        // CodeQL [SM02196] The EventSource name to GUID protocol requires a SHA1 hash.
+        // CodeQL [SM03938] The EventSource name to GUID protocol requires a SHA1 hash.
+        // CodeQL [SM03939] The EventSource name to GUID protocol requires a SHA1 hash.
+        var sha1 = System.Security.Cryptography.SHA1.Create();
         byte[] hash = sha1.ComputeHash(bytes);
 
         // Create a GUID out of the first 16 bytes of the hash (SHA-1 create a 20 byte hash)

Original file line number	Diff line number	Diff line change
`@@ -664,11 +664,17 @@ private void TryInitializeCppChecksum(IDiaSourceFile sourceFile)`
`664`	`664`	`// 3 checksum generated with the SHA256 hashing algorithm.`
`665`	`665`	`if (sourceFile.checksumType == 1)`
`666`	`666`	`{`
`667`		`- _hashAlgorithm = System.Security.Cryptography.MD5.Create(); // lgtm [cs/weak-crypto] The PDB specifies the checksum algorithm. This is not controlled by TraceEvent.`
	`667`	`+ // CodeQL [SM02196] The checksum algorithm is specified by the built artifact. This is not controlled by TraceEvent.`
	`668`	`+ // CodeQL [SM03938] The checksum algorithm is specified by the built artifact. This is not controlled by TraceEvent.`
	`669`	`+ // CodeQL [SM03939] The checksum algorithm is specified by the built artifact. This is not controlled by TraceEvent.`
	`670`	`+ _hashAlgorithm = System.Security.Cryptography.MD5.Create();`
`668`	`671`	`}`
`669`	`672`	`else if (sourceFile.checksumType == 2)`
`670`	`673`	`{`
`671`		`- _hashAlgorithm = System.Security.Cryptography.SHA1.Create(); // lgtm [cs/weak-crypto] The PDB specifies the checksum algorithm. This is not controlled by TraceEvent.`
	`674`	`+ // CodeQL [SM02196] The checksum algorithm is specified by the built artifact. This is not controlled by TraceEvent.`
	`675`	`+ // CodeQL [SM03938] The checksum algorithm is specified by the built artifact. This is not controlled by TraceEvent.`
	`676`	`+ // CodeQL [SM03939] The checksum algorithm is specified by the built artifact. This is not controlled by TraceEvent.`
	`677`	`+ _hashAlgorithm = System.Security.Cryptography.SHA1.Create();`
`672`	`678`	`}`
`673`	`679`	`else if (sourceFile.checksumType == 3)`
`674`	`680`	`{`
`@@ -725,11 +731,17 @@ private void TryInitializeManagedChecksum(NativeSymbolModule module)`
`725`	`731`
`726`	`732`	`if (srcFormat.Header.algorithmId == guidMD5)`
`727`	`733`	`{`
`728`		`- _hashAlgorithm = System.Security.Cryptography.MD5.Create(); // lgtm [cs/weak-crypto] The checksum algorithm is specified by the injected source. This is not controlled by TraceEvent.`
	`734`	`+ // CodeQL [SM02196] The checksum algorithm is specified by the built artifact. This is not controlled by TraceEvent.`
	`735`	`+ // CodeQL [SM03938] The checksum algorithm is specified by the built artifact. This is not controlled by TraceEvent.`
	`736`	`+ // CodeQL [SM03939] The checksum algorithm is specified by the built artifact. This is not controlled by TraceEvent.`
	`737`	`+ _hashAlgorithm = System.Security.Cryptography.MD5.Create();`
`729`	`738`	`}`
`730`	`739`	`else if (srcFormat.Header.algorithmId == guidSHA1)`
`731`	`740`	`{`
`732`		`- _hashAlgorithm = System.Security.Cryptography.SHA1.Create(); // lgtm [cs/weak-crypto] The checksum algorithm is specified by the injected source. This is not controlled by TraceEvent.`
	`741`	`+ // CodeQL [SM02196] The checksum algorithm is specified by the built artifact. This is not controlled by TraceEvent.`
	`742`	`+ // CodeQL [SM03938] The checksum algorithm is specified by the built artifact. This is not controlled by TraceEvent.`
	`743`	`+ // CodeQL [SM03939] The checksum algorithm is specified by the built artifact. This is not controlled by TraceEvent.`
	`744`	`+ _hashAlgorithm = System.Security.Cryptography.SHA1.Create();`
`733`	`745`	`}`
`734`	`746`	`else if (srcFormat.Header.algorithmId == guidSHA256)`
`735`	`747`	`{`
Original file line number	Diff line number	Diff line change
`@@ -119,7 +119,10 @@ internal PortablePdbSourceFile(DocumentHandle documentHandle, PortableSymbolModu`
`119`	`119`	`Guid hashAlgorithmGuid = metaData.GetGuid(sourceFileDocument.HashAlgorithm);`
`120`	`120`	`if (hashAlgorithmGuid == HashAlgorithmSha1)`
`121`	`121`	`{`
`122`		`- _hashAlgorithm = System.Security.Cryptography.SHA1.Create(); // lgtm [cs/weak-crypto] The PDB specifies the checksum algorithm. This is not controlled by TraceEvent.`
	`122`	`+ // CodeQL [SM02196] The PDB specifies the checksum algorithm. This is not controlled by TraceEvent.`
	`123`	`+ // CodeQL [SM03938] The PDB specifies the checksum algorithm. This is not controlled by TraceEvent.`
	`124`	`+ // CodeQL [SM03939] The PDB specifies the checksum algorithm. This is not controlled by TraceEvent.`
	`125`	`+ _hashAlgorithm = System.Security.Cryptography.SHA1.Create();`
`123`	`126`	`}`
`124`	`127`	`else if (hashAlgorithmGuid == HashAlgorithmSha256)`
`125`	`128`	`{`