You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@camel.apache.org by "Leonid Marushevskiy (JIRA)" <ji...@apache.org> on 2013/12/17 11:36:06 UTC
[jira] [Updated] (CAMEL-7075) Veracode compliance. Improper
Resource Shutdown or Release (CWE ID 404) in FileInputStreamCache
[ https://issues.apache.org/jira/browse/CAMEL-7075?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Leonid Marushevskiy updated CAMEL-7075:
---------------------------------------
Description:
Pull request https://github.com/apache/camel/pull/71
During Veracode scan of our application we discover issue in Camel. Please review our fix and apply it in future versions.
Improper Resource Shutdown or Release (CWE ID 404)(1 flaw)
Description
The application fails to release (or incorrectly releases) a system resource before it is made available for re-use. This
condition often occurs with resources such as database connections or file handles. Most unreleased resource issues
result in general software reliability problems, but if an attacker can intentionally trigger a resource leak, it may be
possible to launch a denial of service attack by depleting the resource pool.
Effort to Fix: 2 - Implementation error. Fix is approx. 6-50 lines of code. 1 day to fix.
Recommendations
When a resource is created or allocated, the developer is responsible for properly releasing the resource as well as
accounting for all potential paths of expiration or invalidation. Ensure that all code paths properly release resources.
.../FileInputStreamCache.java line 86
was:
During Veracode scan of our application we discover issue in Camel. Please review our fix and apply it in future versions.
Improper Resource Shutdown or Release (CWE ID 404)(1 flaw)
Description
The application fails to release (or incorrectly releases) a system resource before it is made available for re-use. This
condition often occurs with resources such as database connections or file handles. Most unreleased resource issues
result in general software reliability problems, but if an attacker can intentionally trigger a resource leak, it may be
possible to launch a denial of service attack by depleting the resource pool.
Effort to Fix: 2 - Implementation error. Fix is approx. 6-50 lines of code. 1 day to fix.
Recommendations
When a resource is created or allocated, the developer is responsible for properly releasing the resource as well as
accounting for all potential paths of expiration or invalidation. Ensure that all code paths properly release resources.
.../FileInputStreamCache.java line 86
> Veracode compliance. Improper Resource Shutdown or Release (CWE ID 404) in FileInputStreamCache
> -----------------------------------------------------------------------------------------------
>
> Key: CAMEL-7075
> URL: https://issues.apache.org/jira/browse/CAMEL-7075
> Project: Camel
> Issue Type: Improvement
> Affects Versions: 2.12.2
> Reporter: Leonid Marushevskiy
> Labels: Security, Veracode
>
> Pull request https://github.com/apache/camel/pull/71
> During Veracode scan of our application we discover issue in Camel. Please review our fix and apply it in future versions.
> Improper Resource Shutdown or Release (CWE ID 404)(1 flaw)
> Description
> The application fails to release (or incorrectly releases) a system resource before it is made available for re-use. This
> condition often occurs with resources such as database connections or file handles. Most unreleased resource issues
> result in general software reliability problems, but if an attacker can intentionally trigger a resource leak, it may be
> possible to launch a denial of service attack by depleting the resource pool.
> Effort to Fix: 2 - Implementation error. Fix is approx. 6-50 lines of code. 1 day to fix.
> Recommendations
> When a resource is created or allocated, the developer is responsible for properly releasing the resource as well as
> accounting for all potential paths of expiration or invalidation. Ensure that all code paths properly release resources.
> .../FileInputStreamCache.java line 86
--
This message was sent by Atlassian JIRA
(v6.1.4#6159)