GitHub user MrLion opened a pull request:
https://github.com/apache/camel/pull/71
VERACODE-986: fix of CWE ID 404 improper resource shutdown or release in
FileInputStreamCache
https://issues.apache.org/jira/browse/CAMEL-7075
During Veracode scan of our application we discover issue in Camel. Please
review our fix and apply it in future versions.
Improper Resource Shutdown or Release (CWE ID 404)(1 flaw)
Description
The application fails to release (or incorrectly releases) a system
resource before it is made available for re-use. This
condition often occurs with resources such as database connections or file
handles. Most unreleased resource issues
result in general software reliability problems, but if an attacker can
intentionally trigger a resource leak, it may be
possible to launch a denial of service attack by depleting the resource
pool.
Effort to Fix: 2 - Implementation error. Fix is approx. 6-50 lines of code.
1 day to fix.
Recommendations
When a resource is created or allocated, the developer is responsible for
properly releasing the resource as well as
accounting for all potential paths of expiration or invalidation. Ensure
that all code paths properly release resources.
.../FileInputStreamCache.java line 86
You can merge this pull request into a Git repository by running:
$ git pull https://github.com/engagepoint/camel feature-ENT-976-12
Alternatively you can review and apply these changes as the patch at:
https://github.com/apache/camel/pull/71.patch
----
commit 8779bbe4e191bcb6071b3bb3a2153f88c7d5be65
Author: leonid.marushevskiy <leonid.marushevs...@engagepoint.com>
Date: 2013-12-17T09:30:44Z
VERACODE-986: fix of CWE ID 404 improper resource shutdown or release in
FileInputStreamCache
----
