| Security scan issues [message #1396279] |
Tue, 08 July 2014 00:49  |
Eclipse User |
|
|
|
Hi,
We are using eclipse emf bundles inside our projects as dependencies and we did a security scan internally (Internal Scan process) along with the eclipse bundles and we found the following issues.
ArchiveURLConnection.java
Unreleased Resource: Files (Code Quality, Control Flow)
The function getInputStream() in ArchiveURLConnection.java sometimes fails to release a file handle allocated by ZipFile() on line 233.
ResourceImpl.java
The function saveOnlyIfChangedWithMemoryBuffer() in ResourceImpl.java sometimes fails to release a system resource allocated by getUnderlyingInputStream() on line 1141.
The function load() in ResourceImpl.java sometimes fails to release a system resource allocated by getUnderlyingInputStream() on line 1488.
URIHandlerImpl.java
The function contentDescription() in URIHandlerImpl.java sometimes fails to release a system resource allocated by createInputStream() on line 245.
WSDLReaderImpl.java
The function readWSDL() in WSDLReaderImpl.java sometimes fails to release a system resource allocated by getByteStream() on line 193.
Can anyone please help us here in finding that these are known issues? or is there any mitigation plan" or we have to do something from our application for this?.
Thanks in advance.
Regards,
Mahesh
|
|
|
| Re: Security scan issues [message #1396718 is a reply to message #1396279] |
Tue, 08 July 2014 13:28  |
| Eclipse User |
|
|
|
These EMF warnings are all bogus, i.e., shortcomings in the flow analysis.
On 08/07/2014 4:09 PM, Mahesh Srikrishnan wrote:
> Hi,
>
> We are using eclipse emf bundles inside our projects as dependencies and we did a security scan internally (Internal Scan process) along with the eclipse bundles and we found the following issues.
>
> ArchiveURLConnection.java
>
> Unreleased Resource: Files (Code Quality, Control Flow)
>
> The function getInputStream() in ArchiveURLConnection.java sometimes fails to release a file handle allocated by ZipFile() on line 233.
>
> ResourceImpl.java
>
> The function saveOnlyIfChangedWithMemoryBuffer() in ResourceImpl.java sometimes fails to release a system resource allocated by getUnderlyingInputStream() on line 1141.
>
> The function load() in ResourceImpl.java sometimes fails to release a system resource allocated by getUnderlyingInputStream() on line 1488.
>
> URIHandlerImpl.java
> The function contentDescription() in URIHandlerImpl.java sometimes fails to release a system resource allocated by createInputStream() on line 245.
>
> WSDLReaderImpl.java
> The function readWSDL() in WSDLReaderImpl.java sometimes fails to release a system resource allocated by getByteStream() on line 193.
>
>
> Can anyone please help us here in finding that these are known issues? or is there any mitigation plan" or we have to do something from our application for this?.
>
> Thanks in advance.
>
> Regards,
> Mahesh
|
|
|
Powered by
FUDForum. Page generated in 0.35016 seconds
Home