[
https://issues.apache.org/jira/browse/KARAF-4210?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=15854247#comment-15854247
]
ASF subversion and git services commented on KARAF-4210:
--------------------------------------------------------
Commit 868c6852424a80e07d2f925791c28ac498581145 in karaf's branch
refs/heads/master from [[email protected]]
[ https://git-wip-us.apache.org/repos/asf?p=karaf.git;h=868c685 ]
[KARAF-4210] Make sure resource is released
> Unreleased Resource: Streams
> ----------------------------
>
> Key: KARAF-4210
> URL: https://issues.apache.org/jira/browse/KARAF-4210
> Project: Karaf
> Issue Type: Bug
> Affects Versions: 4.0.3
> Reporter: Eduardo Aguinaga
> Fix For: 4.1.1
>
>
> HP Fortify SCA and SciTools Understand were used to perform an application
> security analysis on the karaf source code.
> The function getLocalRepoFromConfig() in MavenConfigService.java sometimes
> fails to release a system resource allocated by FileInputStream() on line 74.
> File:
> bundle/core/src/main/java/org/apache/karaf/bundle/core/internal/MavenConfigService.java
> Line: 74
> MavenConfigService.java, lines 66-76:
> 66 static String getLocalRepoFromConfig(Dictionary<String, Object> dict)
> throws XMLStreamException, FileNotFoundException {
> 67 String path = null;
> 68 if (dict != null) {
> 69 path = (String) dict.get("org.ops4j.pax.url.mvn.localRepository");
> 70 if (path == null) {
> 71 String settings = (String)
> dict.get("org.ops4j.pax.url.mvn.settings");
> 72 if (settings != null) {
> 73 File file = new File(settings);
> 74 XMLStreamReader reader =
> XMLInputFactory.newFactory().createXMLStreamReader(new FileInputStream(file));
> 75 try {
> 76 int event;
--
This message was sent by Atlassian JIRA
(v6.3.15#6346)
