cordova-issues mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Shazron Abdullah (JIRA)" <j...@apache.org>
Subject [jira] [Resolved] (CB-13190) Potential unreleased resources (HP Fortify SCA: Unreleased Resource: Streams)
Date Wed, 07 Feb 2018 06:51:00 GMT

     [ https://issues.apache.org/jira/browse/CB-13190?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]

Shazron Abdullah resolved CB-13190.
-----------------------------------
    Resolution: Won't Fix

We've reject this security report via email that was reported to security@a.o. Further communication
should be via email, thanks.

> Potential unreleased resources (HP Fortify SCA: Unreleased Resource: Streams)
> -----------------------------------------------------------------------------
>
>                 Key: CB-13190
>                 URL: https://issues.apache.org/jira/browse/CB-13190
>             Project: Apache Cordova
>          Issue Type: Bug
>          Components: cordova-android, cordova-plugin-file, cordova-plugin-file-transfer
(DEPRECATED)
>            Reporter: GSS FED
>            Assignee: Joe Bowser
>            Priority: Major
>
> Similar issue: [https://issues.apache.org/jira/browse/CB-8253]
> There are several places in the File plugin, File Transfer plugin and cordova-android
 where streams do not use try { fis.closed } catch (IOException e) {} in a finally block allowing
for the possibility they will never be closed if an exception occurs at the wrong place.
> Affected files:
> cordova-android/~CordovaResourceApi.java: line: 166, 377
> cordova-plugin-file/~Filesystem.java: line: 253, 286
> cordova-plugin-file-transfer/~FileTransfer.java: line: 665
> cordova-plugin-file/~LocalFilesystem.java: line: 403, 461, 507
> Recommendations of Fortify:
> {code:java}
> public void processFile(String fName) throws FileNotFoundException, IOException {
>   FileInputStream fis;
>   try {
>     fis = new FileInputStream(fName);
>     int sz;
>     byte[] byteArray = new byte[BLOCK_SIZE];
>     while ((sz = fis.read(byteArray)) != -1) { processBytes(byteArray, sz); }
>   } finally {
>     if (fis != null) {
>       safeClose(fis);
>     }
>   }
> }
> public static void safeClose(FileInputStream fis) {
>   if (fis != null) {
>     try {
>       fis.close();
>     } catch (IOException e) {
>       log(e);
>     }
>   }
> }
> {code}



--
This message was sent by Atlassian JIRA
(v7.6.3#76005)

---------------------------------------------------------------------
To unsubscribe, e-mail: issues-unsubscribe@cordova.apache.org
For additional commands, e-mail: issues-help@cordova.apache.org


Mime
View raw message