Ignore SHA1 codeQL warnings (#1143)

Author: sfoslund

src/Microsoft.Sbom.Contracts/Contracts/Enums/AlgorithmName.cs

@@ -114,5 +114,5 @@ public static AlgorithmName FromString(string name)
     /// Gets equivalent to <see cref="HashAlgorithmName.MD5"/>.
     /// </summary>
     [SuppressMessage("Security", "CA5351:Do Not Use Broken Cryptographic Algorithms", Justification = "Used by conda package manager.")]
-    public static AlgorithmName MD5 => new AlgorithmName(nameof(MD5), stream => System.Security.Cryptography.MD5.Create().ComputeHash(stream));
+    public static AlgorithmName MD5 => new AlgorithmName(nameof(MD5), stream => System.Security.Cryptography.MD5.Create().ComputeHash(stream)); // CodeQL [SM02196] Used by conda package manager.
 }

src/Microsoft.Sbom.Parsers.Spdx22SbomParser/Utils/SPDXExtensions.cs

@@ -94,7 +94,7 @@ public static string AddSpdxId(this SPDXFile spdxFile, string fileName, IEnumera
 
         if (checksums is null || !checksums.Any(c => c.Algorithm == AlgorithmName.SHA1))
         {
-            throw new MissingHashValueException($"The file {fileName} is missing the {HashAlgorithmName.SHA1} hash value.");
+            throw new MissingHashValueException($"The file {fileName} is missing the {HashAlgorithmName.SHA1} hash value."); // CodeQL [SM02196] Sha1 is required per the SPDX spec.
         }
 
         // Get the SHA1 for this file.

src/Microsoft.Sbom.Parsers.Spdx30SbomParser/Utils/SPDXExtensions.cs

@@ -42,7 +42,7 @@ public static string AddSpdxId(this File element, InternalSbomFileInfo fileInfo)
 
         if (fileInfo.Checksum is null || !fileInfo.Checksum.Any(c => c.Algorithm == AlgorithmName.SHA1))
         {
-            throw new MissingHashValueException($"The file {fileInfo.Path} is missing the {HashAlgorithmName.SHA1} hash value.");
+            throw new MissingHashValueException($"The file {fileInfo.Path} is missing the {HashAlgorithmName.SHA1} hash value."); // CodeQL [SM02196] Sha1 is required per the SPDX spec.
         }
 
         // Get the SHA1 for this file.