[CB-13190] Potential unreleased resources (HP Fortify SCA: Unreleased Resource: Streams) - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Won't Fix
Affects Version/s: None
Fix Version/s: None
Component/s: cordova-android, cordova-plugin-file, cordova-plugin-file-transfer (DEPRECATED)
Labels:
None

Description

Similar issue: https://issues.apache.org/jira/browse/CB-8253

There are several places in the File plugin, File Transfer plugin and cordova-android where streams do not use try

{ fis.closed }

catch (IOException e) {} in a finally block allowing for the possibility they will never be closed if an exception occurs at the wrong place.

Affected files:
cordova-android/~CordovaResourceApi.java: line: 166, 377
cordova-plugin-file/~Filesystem.java: line: 253, 286
cordova-plugin-file-transfer/~FileTransfer.java: line: 665
cordova-plugin-file/~LocalFilesystem.java: line: 403, 461, 507

Recommendations of Fortify:

public void processFile(String fName) throws FileNotFoundException, IOException {
  FileInputStream fis;
  try {
    fis = new FileInputStream(fName);
    int sz;
    byte[] byteArray = new byte[BLOCK_SIZE];
    while ((sz = fis.read(byteArray)) != -1) { processBytes(byteArray, sz); }
  } finally {
    if (fis != null) {
      safeClose(fis);
    }
  }
}

public static void safeClose(FileInputStream fis) {
  if (fis != null) {
    try {
      fis.close();
    } catch (IOException e) {
      log(e);
    }
  }
}

Attachments

Activity

People

Assignee:: Joey Robert Bowser

Reporter:: GSS FED

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 18/Aug/17 03:52

Updated:: 23/Aug/18 07:51

Resolved:: 07/Feb/18 06:50