To avoid future flagging (we've temporarily disabled the report) it would be interesting to see if it's possible to perform any of these changes:
Remove the method altogether (as it is not used apparently)
Change the MD5 to use another algorithm for deterministic number generation
I'd be happy to create a PR with the preferred changes if any.
I know it's very low priority but in our pipeline we're forced to use static code analysis, and anything that gets flagged has to be reviewed in depth.
Hi,
The LamarCompiler has been flagged in our Pipeline by static code analysis.
We know that this is a false positive because this extension method is just used to generate an integer (and not to actually protect any data).
After cloning the repository, we've seen that the ToHash extension isn't actually used anywhere on Lamar's codebase.
The extension method in question is: https://github.com/JasperFx/lamar/blob/3a4a744db889b582ae57f6e01c5fa5bdec765e30/src/LamarCodeGeneration/Util/StringExtensions.cs#L222
To avoid future flagging (we've temporarily disabled the report) it would be interesting to see if it's possible to perform any of these changes:
I'd be happy to create a PR with the preferred changes if any.
I know it's very low priority but in our pipeline we're forced to use static code analysis, and anything that gets flagged has to be reviewed in depth.