From 110c97bc152a59ea3ec5e41bebb9b6e71cd9563f Mon Sep 17 00:00:00 2001 From: Jeremy Long Date: Sat, 8 Oct 2016 18:02:53 -0400 Subject: [PATCH] ensuring no input stream is left open --- .../analyzer/ArchiveAnalyzer.java | 32 +++++++++++++++---- 1 file changed, 26 insertions(+), 6 deletions(-) diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java index e8110eede..5d834bee6 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/ArchiveAnalyzer.java @@ -237,6 +237,7 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer { //make a copy final Set dependencySet = findMoreDependencies(engine, tmpDir); + if (!dependencySet.isEmpty()) { for (Dependency d : dependencySet) { //fix the dependency's display name and path @@ -363,31 +364,43 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer { } archiveExt = archiveExt.toLowerCase(); - FileInputStream fis; + final FileInputStream fis; try { fis = new FileInputStream(archive); } catch (FileNotFoundException ex) { LOGGER.debug("", ex); throw new AnalysisException("Archive file was not found.", ex); } + BufferedInputStream in = null; + ZipArchiveInputStream zin = null; + TarArchiveInputStream tin = null; + GzipCompressorInputStream gin = null; + BZip2CompressorInputStream bzin = null; try { if (ZIPPABLES.contains(archiveExt)) { - final BufferedInputStream in = new BufferedInputStream(fis); + in = new BufferedInputStream(fis); ensureReadableJar(archiveExt, in); - extractArchive(new ZipArchiveInputStream(in), destination, engine); + zin = new ZipArchiveInputStream(in); + extractArchive(zin, destination, engine); } else if ("tar".equals(archiveExt)) { - extractArchive(new TarArchiveInputStream(new BufferedInputStream(fis)), destination, engine); + in = new BufferedInputStream(fis); + tin = new TarArchiveInputStream(in); + extractArchive(tin, destination, engine); } else if ("gz".equals(archiveExt) || "tgz".equals(archiveExt)) { final String uncompressedName = GzipUtils.getUncompressedFilename(archive.getName()); final File f = new File(destination, uncompressedName); if (engine.accept(f)) { - decompressFile(new GzipCompressorInputStream(new BufferedInputStream(fis)), f); + in = new BufferedInputStream(fis); + gin = new GzipCompressorInputStream(in); + decompressFile(gin, f); } } else if ("bz2".equals(archiveExt) || "tbz2".equals(archiveExt)) { final String uncompressedName = BZip2Utils.getUncompressedFilename(archive.getName()); final File f = new File(destination, uncompressedName); if (engine.accept(f)) { - decompressFile(new BZip2CompressorInputStream(new BufferedInputStream(fis)), f); + in = new BufferedInputStream(fis); + bzin = new BZip2CompressorInputStream(in); + decompressFile(bzin, f); } } } catch (ArchiveExtractionException ex) { @@ -397,7 +410,14 @@ public class ArchiveAnalyzer extends AbstractFileTypeAnalyzer { LOGGER.warn("Exception reading archive '{}'.", archive.getName()); LOGGER.debug("", ex); } finally { + //overly verbose and not needed... but keeping it anyway due to + //having issue with file handles being left open close(fis); + close(in); + close(zin); + close(tin); + close(gin); + close(bzin); } } }