Sonar consider some strings are hash and report an unsafe comparison of hash that are susceptible to timing attack whereas it is some randomly generated strings (uuid) (exemple of code generating the issue.)
//if no share match shareId return exception
if (foundFile.getShares().stream().noneMatch(a -> a.getShareId().equals(shareId))) {
throw new ShareUnknownException(String.format("Unknown share identifier: %s", shareId));
}
I can’t explain why the shareId string is considered as a hash.
Any idea ?
Regards
I understand better why I didn’t recognize the rule, in fact, it is coming from the findsecbugs plugin.
Since we are not the maintainers of this plugin, I can not help you further. I would suggest reporting this issue directly to them.