Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Resource leak: FileInputStream is not closed on method exit #319

Closed
meg23 opened this issue Nov 13, 2014 · 3 comments
Closed

Resource leak: FileInputStream is not closed on method exit #319

meg23 opened this issue Nov 13, 2014 · 3 comments
Assignees
@kwwall
Labels
bug imported Priority-Medium

Comments

@meg23
Copy link

meg23 commented Nov 13, 2014

From eamonn.w...@gmail.com on November 26, 2013 14:48:44

I have V2.1 sources.

2 places in ESAPIWebApplicationFirewallFilter.java do not close file streams.

The corrected 2 methods are:

public void setConfiguration( String policyFilePath, String webRootDir ) throws FileNotFoundException {

                            FileInputStream inputStream = null;

                            try {

                                            inputStream = new FileInputStream(new File(policyFilePath));

                                            appGuardConfig = ConfigurationParser.readConfigurationFile(inputStream, webRootDir);

                                            lastConfigReadTime = System.currentTimeMillis();

                                            configurationFilename = policyFilePath;

                            } catch (ConfigurationException e ) {

        // TODO: It would be ideal if this method through the ConfigurationException rather than catching it and

        // writing the error to the console.

                                            e.printStackTrace();

                            } finally {

                                            if (inputStream != null) {

                                                            try {

                                                                            inputStream.close();

                                                            } catch (IOException e) {

                                                                            e.printStackTrace();

                                                            }

                                            }

                            }

            }

/* and the block ... */

FileInputStream inputStream = null;

                            try {



                                            String webRootDir = fc.getServletContext().getRealPath("/");

                                            inputStream = new FileInputStream(configurationFilename);

                                            appGuardConfig = ConfigurationParser.readConfigurationFile(inputStream, webRootDir);



                                            DOMConfigurator.configure(realLogSettingsFilename);



                                            lastConfigReadTime = System.currentTimeMillis();



                            } catch (FileNotFoundException e) {

                                            throw new ServletException(e);

                            } catch (ConfigurationException e) {

                                            throw new ServletException(e);

                            } finally {

                                            if (inputStream != null) {

                                                            try {

                                                                            inputStream.close();

                                                            } catch (IOException e) {

                                                                            e.printStackTrace();

                                                            }

                                            }

                            }

Original issue: http://code.google.com/p/owasp-esapi-java/issues/detail?id=314
@meg23
Copy link
Author

meg23 commented Nov 13, 2014

From kevin.w.wall@gmail.com on January 22, 2014 22:56:59

Eamonn,
Would you like this work to be considered for the ESAPI hackathon contest? If so, please email me ASAP. Thanks.
-kevin wall kevin.w.wall@gmail.com

@xeno6696
Copy link
Collaborator

xeno6696 commented Jan 1, 2016

Converted this to a patch for easy application. @kwwall , recommend closing.

issue319.txt

@kwwall kwwall self-assigned this Jan 17, 2016
kwwall added a commit that referenced this issue Jan 17, 2016
@kwwall
Closes issue #319.
dffaddb
@kwwall
Copy link
Contributor

kwwall commented Jan 17, 2016

Fixed with commit dffaddb.

@kwwall kwwall closed this as completed Jan 17, 2016
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@kwwall kwwall

Labels
bug imported Priority-Medium
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@meg23 @kwwall @xeno6696