pm-preeta-karmarkar / owasp-esapi-java

Automatically exported from code.google.com/p/owasp-esapi-java
Other
0 stars 0 forks source link

Resource leak: FileInputStream is not closed on method exit #314

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago
I have V2.1 sources.

2 places in ESAPIWebApplicationFirewallFilter.java do not close file streams.

The corrected 2 methods are:

public void setConfiguration( String policyFilePath, String webRootDir ) throws 
FileNotFoundException {

                                FileInputStream inputStream = null;

                                try {

                                                inputStream = new FileInputStream(new File(policyFilePath));

                                                appGuardConfig = ConfigurationParser.readConfigurationFile(inputStream, webRootDir);

                                                lastConfigReadTime = System.currentTimeMillis();

                                                configurationFilename = policyFilePath;

                                } catch (ConfigurationException e ) {

            // TODO: It would be ideal if this method through the ConfigurationException rather than catching it and

            // writing the error to the console.

                                                e.printStackTrace();

                                } finally {

                                                if (inputStream != null) {

                                                                try {

                                                                                inputStream.close();

                                                                } catch (IOException e) {

                                                                                e.printStackTrace();

                                                                }

                                                }

                                }

                }

/* and the block ... */

  FileInputStream inputStream = null;

                                try {

                                                String webRootDir = fc.getServletContext().getRealPath("/");

                                                inputStream = new FileInputStream(configurationFilename);

                                                appGuardConfig = ConfigurationParser.readConfigurationFile(inputStream, webRootDir);

                                                DOMConfigurator.configure(realLogSettingsFilename);

                                                lastConfigReadTime = System.currentTimeMillis();

                                } catch (FileNotFoundException e) {

                                                throw new ServletException(e);

                                } catch (ConfigurationException e) {

                                                throw new ServletException(e);

                                } finally {

                                                if (inputStream != null) {

                                                                try {

                                                                                inputStream.close();

                                                                } catch (IOException e) {

                                                                                e.printStackTrace();

                                                                }

                                                }

                                }

Original issue reported on code.google.com by eamonn.w...@gmail.com on 26 Nov 2013 at 7:48

GoogleCodeExporter commented 8 years ago
Eamonn,
Would you like this work to be considered for the ESAPI hackathon contest? If 
so, please email me ASAP. Thanks.
-kevin wall <kevin.w.wall@gmail.com>

Original comment by kevin.w.wall@gmail.com on 23 Jan 2014 at 6:56