From 464d91f45a574f85645bb99855cd3d06fd0bf5b4 Mon Sep 17 00:00:00 2001 From: Jeremy Long Date: Tue, 8 Jul 2014 06:17:36 -0400 Subject: [PATCH] fixed resource leaks found by coverity Former-commit-id: 0e2d3b866853e2b906b9683e27602fd244298e55 --- .../dependencycheck/analyzer/JarAnalyzer.java | 19 ++++++++---- .../owasp/dependencycheck/utils/Settings.java | 30 ++++++++++++++++--- 2 files changed, 40 insertions(+), 9 deletions(-) diff --git a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java index 06d3ac8ae..d96e8f9ce 100644 --- a/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java +++ b/dependency-check-core/src/main/java/org/owasp/dependencycheck/analyzer/JarAnalyzer.java @@ -344,16 +344,25 @@ public class JarAnalyzer extends AbstractFileTypeAnalyzer { * @return a Properties object or null if no pom.properties was found * @throws IOException thrown if there is an exception reading the pom.properties */ - @edu.umd.cs.findbugs.annotations.SuppressWarnings(value = "OS_OPEN_STREAM", - justification = "The reader is closed by closing the zipEntry") private Properties retrievePomProperties(String path, final JarFile jar) throws IOException { Properties pomProperties = null; final String propPath = path.substring(0, path.length() - 7) + "pom.properies"; final ZipEntry propEntry = jar.getEntry(propPath); if (propEntry != null) { - final Reader reader = new InputStreamReader(jar.getInputStream(propEntry), "UTF-8"); - pomProperties = new Properties(); - pomProperties.load(reader); + Reader reader = null; + try { + reader = new InputStreamReader(jar.getInputStream(propEntry), "UTF-8"); + pomProperties = new Properties(); + pomProperties.load(reader); + } finally { + if (reader != null) { + try { + reader.close(); + } catch (IOException ex) { + LOGGER.log(Level.FINEST, "close error", ex); + } + } + } } return pomProperties; } diff --git a/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Settings.java b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Settings.java index 813297a09..0f47db1e3 100644 --- a/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Settings.java +++ b/dependency-check-utils/src/main/java/org/owasp/dependencycheck/utils/Settings.java @@ -382,8 +382,19 @@ public final class Settings { * @throws IOException is thrown when there is an exception loading/merging the properties */ public static void mergeProperties(File filePath) throws FileNotFoundException, IOException { - final FileInputStream fis = new FileInputStream(filePath); - mergeProperties(fis); + FileInputStream fis = null; + try { + fis = new FileInputStream(filePath); + mergeProperties(fis); + } finally { + if (fis != null) { + try { + fis.close(); + } catch (IOException ex) { + LOGGER.log(Level.FINEST, "close error", ex); + } + } + } } /** @@ -396,8 +407,19 @@ public final class Settings { * @throws IOException is thrown when there is an exception loading/merging the properties */ public static void mergeProperties(String filePath) throws FileNotFoundException, IOException { - final FileInputStream fis = new FileInputStream(filePath); - mergeProperties(fis); + FileInputStream fis = null; + try { + fis = new FileInputStream(filePath); + mergeProperties(fis); + } finally { + if (fis != null) { + try { + fis.close(); + } catch (IOException ex) { + LOGGER.log(Level.FINEST, "close error", ex); + } + } + } } /**