camel-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Leonid Marushevskiy (JIRA)" <j...@apache.org>
Subject [jira] [Created] (CAMEL-7088) Veracode compliance. Improper Resource Shutdown or Release (CWE ID 404) in FileLockExclusiveReadLockStrategy
Date Fri, 20 Dec 2013 15:46:11 GMT
Leonid Marushevskiy created CAMEL-7088:
------------------------------------------

             Summary: Veracode compliance. Improper Resource Shutdown or Release (CWE ID 404)
in FileLockExclusiveReadLockStrategy
                 Key: CAMEL-7088
                 URL: https://issues.apache.org/jira/browse/CAMEL-7088
             Project: Camel
          Issue Type: Improvement
    Affects Versions: 2.11.3, 2.12.3, 2.13.0
            Reporter: Leonid Marushevskiy


Pull request 

During Veracode scan of our application we discover issue with security in Camel. Please review
our fix and apply it in future versions.

Quote from Veracode report below:
Improper Resource Shutdown or Release (CWE ID 404)(1 flaw)
Description
The application fails to release (or incorrectly releases) a system resource before it is
made available for re-use. This
condition often occurs with resources such as database connections or file handles. Most unreleased
resource issues
result in general software reliability problems, but if an attacker can intentionally trigger
a resource leak, it may be
possible to launch a denial of service attack by depleting the resource pool.
Effort to Fix: 2 - Implementation error. Fix is approx. 6-50 lines of code. 1 day to fix.
Recommendations
When a resource is created or allocated, the developer is responsible for properly releasing
the resource as well as
accounting for all potential paths of expiration or invalidation. Ensure that all code paths
properly release resources.
Instances found via Static Scan
.../FileLockExclusiveReadLockStrategy.java line 68



--
This message was sent by Atlassian JIRA
(v6.1.4#6159)

Mime
View raw message