From c503935d6ab033f2beebecdfd4bdc8592e3ad64a Mon Sep 17 00:00:00 2001 From: Jeremy Long Date: Fri, 12 Sep 2014 06:36:00 -0400 Subject: [PATCH] updated to correctly close the ObjectOutputStream based on guidance from the CERT Java Secure Coding Standard Former-commit-id: 1c7b929055f273d49b1203c117d7bb12162cfdb2 --- .../owasp/dependencycheck/maven/DependencyCheckMojo.java | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/DependencyCheckMojo.java b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/DependencyCheckMojo.java index ea7b175a3..26b9ef4c5 100644 --- a/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/DependencyCheckMojo.java +++ b/dependency-check-maven/src/main/java/org/owasp/dependencycheck/maven/DependencyCheckMojo.java @@ -25,7 +25,6 @@ import java.io.FileOutputStream; import java.io.IOException; import java.io.InputStream; import java.io.ObjectInputStream; -import java.io.ObjectOutput; import java.io.ObjectOutputStream; import java.io.OutputStream; import java.util.List; @@ -829,13 +828,18 @@ public class DependencyCheckMojo extends ReportAggregationMojo { file = new File(getProject().getBuild().getDirectory(), getDataFileName()); OutputStream os = null; OutputStream bos = null; - ObjectOutput out = null; + ObjectOutputStream out = null; try { os = new FileOutputStream(file); bos = new BufferedOutputStream(os); out = new ObjectOutputStream(bos); out.writeObject(engine.getDependencies()); out.flush(); + + //call reset to prevent resource leaks per + //https://www.securecoding.cert.org/confluence/display/java/SER10-J.+Avoid+memory+and+resource+leaks+during+serialization + out.reset(); + } catch (IOException ex) { LOGGER.log(Level.WARNING, "Unable to create data file used for report aggregation; " + "if report aggregation is being used the results may be incomplete.");