You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@cordova.apache.org by "Joe Bowser (JIRA)" <ji...@apache.org> on 2018/01/15 23:28:03 UTC

[jira] [Updated] (CB-13190) Potential unreleased resources (HP Fortify SCA: Unreleased Resource: Streams)

     [ https://issues.apache.org/jira/browse/CB-13190?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Joe Bowser updated CB-13190:
----------------------------
    Security:     (was: Non-Public)

Not all HP Fortify scans are Security errors, some are just bugs.  Removing the private bit from this issue.

> Potential unreleased resources (HP Fortify SCA: Unreleased Resource: Streams)
> -----------------------------------------------------------------------------
>
>                 Key: CB-13190
>                 URL: https://issues.apache.org/jira/browse/CB-13190
>             Project: Apache Cordova
>          Issue Type: Bug
>          Components: cordova-android, cordova-plugin-file, cordova-plugin-file-transfer (DEPRECATED)
>            Reporter: GSS FED
>            Assignee: Joe Bowser
>            Priority: Major
>
> Similar issue: [https://issues.apache.org/jira/browse/CB-8253]
> There are several places in the File plugin, File Transfer plugin and cordova-android  where streams do not use try { fis.closed } catch (IOException e) {} in a finally block allowing for the possibility they will never be closed if an exception occurs at the wrong place.
> Affected files:
> cordova-android/~CordovaResourceApi.java: line: 166, 377
> cordova-plugin-file/~Filesystem.java: line: 253, 286
> cordova-plugin-file-transfer/~FileTransfer.java: line: 665
> cordova-plugin-file/~LocalFilesystem.java: line: 403, 461, 507
> Recommendations of Fortify:
> {code:java}
> public void processFile(String fName) throws FileNotFoundException, IOException {
>   FileInputStream fis;
>   try {
>     fis = new FileInputStream(fName);
>     int sz;
>     byte[] byteArray = new byte[BLOCK_SIZE];
>     while ((sz = fis.read(byteArray)) != -1) { processBytes(byteArray, sz); }
>   } finally {
>     if (fis != null) {
>       safeClose(fis);
>     }
>   }
> }
> public static void safeClose(FileInputStream fis) {
>   if (fis != null) {
>     try {
>       fis.close();
>     } catch (IOException e) {
>       log(e);
>     }
>   }
> }
> {code}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@cordova.apache.org
For additional commands, e-mail: issues-help@cordova.apache.org