[ https://issues.apache.org/jira/browse/CB-13190?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Joe Bowser updated CB-13190: ---------------------------- Security: (was: Non-Public) Not all HP Fortify scans are Security errors, some are just bugs. Removing the private bit from this issue. > Potential unreleased resources (HP Fortify SCA: Unreleased Resource: Streams) > ----------------------------------------------------------------------------- > > Key: CB-13190 > URL: https://issues.apache.org/jira/browse/CB-13190 > Project: Apache Cordova > Issue Type: Bug > Components: cordova-android, cordova-plugin-file, > cordova-plugin-file-transfer (DEPRECATED) > Reporter: GSS FED > Assignee: Joe Bowser > Priority: Major > > Similar issue: [https://issues.apache.org/jira/browse/CB-8253] > There are several places in the File plugin, File Transfer plugin and > cordova-android where streams do not use try { fis.closed } catch > (IOException e) {} in a finally block allowing for the possibility they will > never be closed if an exception occurs at the wrong place. > Affected files: > cordova-android/~CordovaResourceApi.java: line: 166, 377 > cordova-plugin-file/~Filesystem.java: line: 253, 286 > cordova-plugin-file-transfer/~FileTransfer.java: line: 665 > cordova-plugin-file/~LocalFilesystem.java: line: 403, 461, 507 > Recommendations of Fortify: > {code:java} > public void processFile(String fName) throws FileNotFoundException, > IOException { > FileInputStream fis; > try { > fis = new FileInputStream(fName); > int sz; > byte[] byteArray = new byte[BLOCK_SIZE]; > while ((sz = fis.read(byteArray)) != -1) { processBytes(byteArray, sz); } > } finally { > if (fis != null) { > safeClose(fis); > } > } > } > public static void safeClose(FileInputStream fis) { > if (fis != null) { > try { > fis.close(); > } catch (IOException e) { > log(e); > } > } > } > {code} -- This message was sent by Atlassian JIRA (v7.6.3#76005) --------------------------------------------------------------------- To unsubscribe, e-mail: issues-unsubscr...@cordova.apache.org For additional commands, e-mail: issues-h...@cordova.apache.org