Resource leak: FileInputStream is not closed on method exit

Description

From eamonn.w...@gmail.com on November 26, 2013 14:48:44

I have V2.1 sources.

2 places in ESAPIWebApplicationFirewallFilter.java do not close file streams.

The corrected 2 methods are:

public void setConfiguration( String policyFilePath, String webRootDir ) throws FileNotFoundException {

FileInputStream inputStream = null;

try {

inputStream = new FileInputStream(new File(policyFilePath));

appGuardConfig = ConfigurationParser.readConfigurationFile(inputStream, webRootDir);

lastConfigReadTime = System.currentTimeMillis();

configurationFilename = policyFilePath;

} catch (ConfigurationException e ) {

// TODO: It would be ideal if this method through the ConfigurationException rather than catching it and

// writing the error to the console.

e.printStackTrace();

} finally {

if (inputStream != null) {

try {

inputStream.close();

} catch (IOException e) {

e.printStackTrace();

}

}

}

}

/_ and the block ... _/

FileInputStream inputStream = null;

try {

String webRootDir = fc.getServletContext().getRealPath("/");

inputStream = new FileInputStream(configurationFilename);

appGuardConfig = ConfigurationParser.readConfigurationFile(inputStream, webRootDir);

DOMConfigurator.configure(realLogSettingsFilename);

lastConfigReadTime = System.currentTimeMillis();

} catch (FileNotFoundException e) {

throw new ServletException(e);

} catch (ConfigurationException e) {

throw new ServletException(e);

} finally {

if (inputStream != null) {

try {

inputStream.close();

} catch (IOException e) {

e.printStackTrace();

}

}

}

Original issue: http://code.google.com/p/owasp-esapi-java/issues/detail?id=314

Environment

None

Status

Assignee

Unassigned

Reporter

Max Gelman

Priority

Configure