in src/main/java/com/amazon/checkerframework/cryptopolicy/CryptoPolicyComplianceVisitor.java [190:211]
private boolean hasSuppresssCryptoAnnotation(final Element elt, final String suppressedString) {
final SuppressCryptoWarning anno = elt.getAnnotation(SuppressCryptoWarning.class);
if (anno != null) {
// Code to validate that the string in the annotation is a valid URL. In theory, we
// would like to enforce that this URL also refers to a issue that gives this package
// an exception to use the relevant algorithm, but this is not feasible to implement.
// Mostly because we won't have network access during fleet builds to perform any sort
// of validation. Instead, we just check if the string is a valid URL to deter users
// from cheating by putting in empty string, etc.
try {
final URL issueUrl = new URL(anno.issue());
System.out.println("Suppressing warning for "
+ suppressedString
+ " is approved by "
+ issueUrl.toString());
} catch (MalformedURLException e) {
checker.report(Result.failure(BAD_URL_KEY, suppressedString, anno.issue()), elt);
}
return true;
}
return false;
}