Leonid Marushevskiy created CAMEL-7093:
------------------------------------------
Summary: Veracode compliance. Improper Resource Shutdown or
Release (CWE ID 404) in QuartzComponent
Key: CAMEL-7093
URL: https://issues.apache.org/jira/browse/CAMEL-7093
Project: Camel
Issue Type: Bug
Components: camel-quartz
Affects Versions: 2.12.2, 2.11.2, 2.10.7
Reporter: Leonid Marushevskiy
Pull request https://github.com/apache/camel/pull/77
During Veracode scan of our application we discover issue with security in
Camel. Please review our fix and apply it in future versions.
Quote from Veracode report below:
Improper Resource Shutdown or Release (CWE ID 404)(1 flaw)
Description
The application fails to release (or incorrectly releases) a system resource
before it is made available for re-use. This
condition often occurs with resources such as database connections or file
handles. Most unreleased resource issues
result in general software reliability problems, but if an attacker can
intentionally trigger a resource leak, it may be
possible to launch a denial of service attack by depleting the resource pool.
Effort to Fix: 2 - Implementation error. Fix is approx. 6-50 lines of code. 1
day to fix.
Recommendations
When a resource is created or allocated, the developer is responsible for
properly releasing the resource as well as
accounting for all potential paths of expiration or invalidation. Ensure that
all code paths properly release resources.
Instances found via Static Scan
.../QuartzComponent.java line 436
--
This message was sent by Atlassian JIRA
(v6.1.5#6160)
