github-mirrors/DependencyCheck
1
0
Fork 0
mirror of https://github.com/ysoftdevs/DependencyCheck.git synced 2026-03-19 07:44:23 +01:00
Code Issues Packages Projects Releases Wiki Activity

Addressed possible resource leak.

Browse Source
This commit is contained in:
Anthony Whitford
2015-09-09 23:54:20 -07:00
parent 45658afd89
commit 5702f39181
1 changed files with 5 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
dependency-check-core/src/main/java/org/owasp/dependencycheck/data/nvdcve/CveDB.java
View File

@@ -321,7 +321,6 @@ public class CveDB {
* @throws DatabaseException thrown if there is an exception retrieving data * @throws DatabaseException thrown if there is an exception retrieving data
*/ */
public List<Vulnerability> getVulnerabilities(String cpeStr) throws DatabaseException { public List<Vulnerability> getVulnerabilities(String cpeStr) throws DatabaseException {
ResultSet rs = null;
final VulnerableSoftware cpe = new VulnerableSoftware(); final VulnerableSoftware cpe = new VulnerableSoftware();
try { try {
cpe.parseName(cpeStr); cpe.parseName(cpeStr);
@@ -331,7 +330,8 @@ public class CveDB {
final DependencyVersion detectedVersion = parseDependencyVersion(cpe); final DependencyVersion detectedVersion = parseDependencyVersion(cpe);
final List<Vulnerability> vulnerabilities = new ArrayList<Vulnerability>(); final List<Vulnerability> vulnerabilities = new ArrayList<Vulnerability>();
PreparedStatement ps; PreparedStatement ps = null;
ResultSet rs = null;
try { try {
ps = getConnection().prepareStatement(statementBundle.getString("SELECT_CVE_FROM_SOFTWARE")); ps = getConnection().prepareStatement(statementBundle.getString("SELECT_CVE_FROM_SOFTWARE"));
ps.setString(1, cpe.getVendor()); ps.setString(1, cpe.getVendor());
@@ -365,12 +365,11 @@ public class CveDB {
v.setMatchedCPE(matchedCPE.getKey(), matchedCPE.getValue() ? "Y" : null); v.setMatchedCPE(matchedCPE.getKey(), matchedCPE.getValue() ? "Y" : null);
vulnerabilities.add(v); vulnerabilities.add(v);
} }
DBUtils.closeResultSet(rs);
DBUtils.closeStatement(ps);
} catch (SQLException ex) { } catch (SQLException ex) {
throw new DatabaseException("Exception retrieving vulnerability for " + cpeStr, ex); throw new DatabaseException("Exception retrieving vulnerability for " + cpeStr, ex);
} finally { } finally {
DBUtils.closeResultSet(rs); DBUtils.closeResultSet(rs);
DBUtils.closeStatement(ps);
} }
return vulnerabilities; return vulnerabilities;
} }
@@ -748,9 +747,9 @@ public class CveDB {
* @return a dependency version * @return a dependency version
*/ */
private DependencyVersion parseDependencyVersion(VulnerableSoftware cpe) { private DependencyVersion parseDependencyVersion(VulnerableSoftware cpe) {
DependencyVersion cpeVersion; final DependencyVersion cpeVersion;
if (cpe.getVersion() != null && !cpe.getVersion().isEmpty()) { if (cpe.getVersion() != null && !cpe.getVersion().isEmpty()) {
String versionText; final String versionText;
if (cpe.getUpdate() != null && !cpe.getUpdate().isEmpty()) { if (cpe.getUpdate() != null && !cpe.getUpdate().isEmpty()) {
versionText = String.format("%s.%s", cpe.getVersion(), cpe.getUpdate()); versionText = String.format("%s.%s", cpe.getVersion(), cpe.getUpdate());
} else { } else {