Eduardo Aguinaga created KARAF-4210:
---------------------------------------
Summary: Unreleased Resource: Streams
Key: KARAF-4210
URL: https://issues.apache.org/jira/browse/KARAF-4210
Project: Karaf
Issue Type: Bug
Affects Versions: 4.0.3
Reporter: Eduardo Aguinaga
HP Fortify SCA and SciTools Understand were used to perform an application
security analysis on the karaf source code.
The function getLocalRepoFromConfig() in MavenConfigService.java sometimes
fails to release a system resource allocated by FileInputStream() on line 74.
File:
bundle/core/src/main/java/org/apache/karaf/bundle/core/internal/MavenConfigService.java
Line: 74
MavenConfigService.java, lines 66-76:
66 static String getLocalRepoFromConfig(Dictionary<String, Object> dict) throws
XMLStreamException, FileNotFoundException {
67 String path = null;
68 if (dict != null) {
69 path = (String) dict.get("org.ops4j.pax.url.mvn.localRepository");
70 if (path == null) {
71 String settings = (String)
dict.get("org.ops4j.pax.url.mvn.settings");
72 if (settings != null) {
73 File file = new File(settings);
74 XMLStreamReader reader =
XMLInputFactory.newFactory().createXMLStreamReader(new FileInputStream(file));
75 try {
76 int event;
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)
