From 316b936326355f487659421a3141ccbdcead7641 Mon Sep 17 00:00:00 2001
From: Jeremy Long <jeremy.long@gmail.com>
Date: Tue, 22 Nov 2016 06:39:50 -0500
Subject: [PATCH] ensured resources are closed

---
 .../dependencycheck/analyzer/JarAnalyzer.java | 50 +++++++++++--------
 1 file changed, 29 insertions(+), 21 deletions(-)

diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java
index 401f507c6..f7da35e7d 100644
--- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java
+++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java
@@ -280,31 +280,39 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer {
             return false;
         }
         if (pomEntries != null && pomEntries.size() <= 1) {
-            String path = null;
-            Properties pomProperties = null;
-            File pomFile = null;
-            if (pomEntries.size() == 1) {
-                path = pomEntries.get(0);
-                pomFile = extractPom(path, jar);
-                pomProperties = retrievePomProperties(path, jar);
-            } else {
-                path = FilenameUtils.removeExtension(dependency.getActualFilePath()) + ".pom";
-                pomFile = new File(path);
-            }
-            if (pomFile.isFile()) {
-                Model pom = PomUtils.readPom(pomFile);
-                if (pom != null && pomProperties != null) {
-                    pom.processProperties(pomProperties);
+            try {
+                String path = null;
+                Properties pomProperties = null;
+                File pomFile = null;
+                if (pomEntries.size() == 1) {
+                    path = pomEntries.get(0);
+                    pomFile = extractPom(path, jar);
+                    pomProperties = retrievePomProperties(path, jar);
+                } else {
+                    path = FilenameUtils.removeExtension(dependency.getActualFilePath()) + ".pom";
+                    pomFile = new File(path);
                 }
-                if (pom != null) {
-                    return setPomEvidence(dependency, pom, classes);
+                if (pomFile.isFile()) {
+                    Model pom = PomUtils.readPom(pomFile);
+                    if (pom != null && pomProperties != null) {
+                        pom.processProperties(pomProperties);
+                    }
+                    if (pom != null) {
+                        return setPomEvidence(dependency, pom, classes);
+                    }
+                    return false;
+                } else {
+                    return false;
+                }
+            } finally {
+                try {
+                    jar.close();
+                } catch (IOException ex) {
+                    LOGGER.trace("", ex);
                 }
-                return false;
-            } else {
-                return false;
             }
         }
-        
+
         //reported possible null dereference on pomEntries is on a non-feasible path
         for (String path : pomEntries) {
             //TODO - one of these is likely the pom for the main JAR we are analyzing