Skip to main content


Eclipse Community Forums
Forum Search:

Search      Help    Register    Login    Home
Home » Modeling » EMF "Technology" (Ecore Tools, EMFatic, etc)  » Security scan issues(Security scan for usage of eclipse emf bundles have some deviations)
Security scan issues [message #1396279] Tue, 08 July 2014 04:49 Go to next message
Mahesh Srikrishnan is currently offline Mahesh SrikrishnanFriend
Messages: 1
Registered: July 2014
Junior Member
Hi,

We are using eclipse emf bundles inside our projects as dependencies and we did a security scan internally (Internal Scan process) along with the eclipse bundles and we found the following issues.

ArchiveURLConnection.java

Unreleased Resource: Files (Code Quality, Control Flow)

The function getInputStream() in ArchiveURLConnection.java sometimes fails to release a file handle allocated by ZipFile() on line 233.

ResourceImpl.java

The function saveOnlyIfChangedWithMemoryBuffer() in ResourceImpl.java sometimes fails to release a system resource allocated by getUnderlyingInputStream() on line 1141.

The function load() in ResourceImpl.java sometimes fails to release a system resource allocated by getUnderlyingInputStream() on line 1488.

URIHandlerImpl.java
The function contentDescription() in URIHandlerImpl.java sometimes fails to release a system resource allocated by createInputStream() on line 245.

WSDLReaderImpl.java
The function readWSDL() in WSDLReaderImpl.java sometimes fails to release a system resource allocated by getByteStream() on line 193.


Can anyone please help us here in finding that these are known issues? or is there any mitigation plan" or we have to do something from our application for this?.

Thanks in advance.

Regards,
Mahesh
Re: Security scan issues [message #1396718 is a reply to message #1396279] Tue, 08 July 2014 17:28 Go to previous message
Ed Merks is currently offline Ed MerksFriend
Messages: 31780
Registered: July 2009
Senior Member
These EMF warnings are all bogus, i.e., shortcomings in the flow analysis.

On 08/07/2014 4:09 PM, Mahesh Srikrishnan wrote:
> Hi,
>
> We are using eclipse emf bundles inside our projects as dependencies and we did a security scan internally (Internal Scan process) along with the eclipse bundles and we found the following issues.
>
> ArchiveURLConnection.java
>
> Unreleased Resource: Files (Code Quality, Control Flow)
>
> The function getInputStream() in ArchiveURLConnection.java sometimes fails to release a file handle allocated by ZipFile() on line 233.
>
> ResourceImpl.java
>
> The function saveOnlyIfChangedWithMemoryBuffer() in ResourceImpl.java sometimes fails to release a system resource allocated by getUnderlyingInputStream() on line 1141.
>
> The function load() in ResourceImpl.java sometimes fails to release a system resource allocated by getUnderlyingInputStream() on line 1488.
>
> URIHandlerImpl.java
> The function contentDescription() in URIHandlerImpl.java sometimes fails to release a system resource allocated by createInputStream() on line 245.
>
> WSDLReaderImpl.java
> The function readWSDL() in WSDLReaderImpl.java sometimes fails to release a system resource allocated by getByteStream() on line 193.
>
>
> Can anyone please help us here in finding that these are known issues? or is there any mitigation plan" or we have to do something from our application for this?.
>
> Thanks in advance.
>
> Regards,
> Mahesh


Ed Merks
Professional Support: https://www.macromodeling.com/
Previous Topic:[Ecore] Java 8 default methods for interfaces
Next Topic:[EMFStore] IndexOutOfBoundsException when adding EClass object to EReference feature
Goto Forum:
  


Current Time: Sat Mar 06 12:16:38 GMT 2021

Powered by FUDForum. Page generated in 0.01731 seconds
.:: Contact :: Home ::.

Powered by: FUDforum 3.0.2.
Copyright ©2001-2010 FUDforum Bulletin Board Software

Back to the top