How to avoid errors ?

[Gemorroj]

I tried to submit module to magento store, but I get some errors in technical review report, for example:

/eqp-automation/temp/calcurates/module-magento/calcurates-module-magento-1.10.0/Model/Carrier/Cache.php
{
    "message": "The use of function md5() is forbidden; use improved hash functions (SHA-256, SHA-512 etc.)() instead",
    "source": "Magento2.Security.InsecureFunction.FoundWithAlternative",
    "severity": 10,
    "fixable": false,
    "type": "ERROR",
    "line": 87,
    "column": 21
}

but in fact, it should be ignored (as I think): https://github.com/calcurates/module-magento/blob/v1.10.0/Model/Carrier/Cache.php#L86 In local machine with magento 2.3.5 these errors are really ignored.

Please, can you tell me, how to avoid these errors in order to pass a technical review?

[DmitryFurs]

It looks like marketplace is running code sniffer with --ignore-annotations that ignore all phpcs: annotations in code comments.

Try to replace it with hash() function $cacheKey = hash('md5', $serializedRequest); Since you use md5 to build cache key you can change hashing algo to sha256 $cacheKey = hash('sha256', $serializedRequest);

[Gemorroj]

@DmitryFurs thanks for answer. But it's only one example. Look to another one - https://github.com/calcurates/module-magento/blob/e1c7739c25eea49b022f119b9dfd6ce253c98bfb/view/adminhtml/templates/order/packaging/popup.phtml#L211 I can't avoid this error.

[lenaorobei]

xml layout configuration should be used instead of include.

For any marketplace related issues please create support ticket. This repository is dedicated to issues related to coding standard itself.

[sakiss]

Though the generation of an error from the md5 function, seems invalid without being able to determine it's context. Also used by the Magento's core modules, see: vendor/magento/module-tax/Model/System/Message/Notifications.php