[
https://issues.apache.org/jira/browse/CXF-9107?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel
]
Thomas Cunningham updated CXF-9107:
-----------------------------------
Description:
Coverity is return a bunch of errors which can be easily cleaned up. The
first one in RMTxStore is a close of a ResultSet, the second in cxf-utils.js is
a typo in a method call (sring vs. string), and the third is a close of
realStream within JSONProvider.java, and the fourth is a close of an
inputstream (in) in PlugInClassLoader.java
{noformat}
Error: RESOURCE_LEAK (CWE-404):
rt/ws/rm/src/main/java/org/apache/cxf/ws/rm/persistence/jdbc/RMTxStore.java:883:13:
alloc_fn: A new resource is returned from allocation method "getColumns".
rt/ws/rm/src/main/java/org/apache/cxf/ws/rm/persistence/jdbc/RMTxStore.java:883:13:
var_assign: Assigning: "rs" = resource returned from
"metadata.getColumns(null, null, tableName, "%")".
rt/ws/rm/src/main/java/org/apache/cxf/ws/rm/persistence/jdbc/RMTxStore.java:886:13:
noescape: Resource "rs" is not closed or saved in "next". (The virtual call
resolves to
"org.apache.activemq.artemis.jdbc.store.logging.LoggingResultSet.next".)
rt/ws/rm/src/main/java/org/apache/cxf/ws/rm/persistence/jdbc/RMTxStore.java:887:17:
noescape: Resource "rs" is not closed or saved in "getString".
rt/ws/rm/src/main/java/org/apache/cxf/ws/rm/persistence/jdbc/RMTxStore.java:886:13:
noescape: Resource "rs" is not closed or saved in "next". (The virtual call
resolves to
"org.apache.activemq.artemis.jdbc.store.logging.LoggingResultSet.next".)
rt/ws/rm/src/main/java/org/apache/cxf/ws/rm/persistence/jdbc/RMTxStore.java:911:9:
leaked_resource: Variable "rs" going out of scope leaks the resource it refers
to.
909| } 910| } 911|-> } catch
(SQLException ex) { # 912| LOG.log(Level.WARNING, "Table " +
tableName + " cannot be altered.", ex); # 913| } {noformat}
{noformat}
Error: IDENTIFIER_TYPO (CWE-688):
rt/javascript/javascript-rt/src/main/resources/org/apache/cxf/javascript/cxf-utils.js:543:12:
identifier_typo: Using "org_apache_cxf_pad_sring" appears to be a typo:
* Identifier "org_apache_cxf_pad_sring" is only known to be referenced here, or
in copies of this code.
* Identifier "org_apache_cxf_pad_string" is referenced elsewhere at least 4
times.
rt/javascript/javascript-rt/src/main/resources/org/apache/cxf/javascript/cxf-utils.js:543:12:
remediation: Should identifier "org_apache_cxf_pad_sring" be replaced by
"org_apache_cxf_pad_string"?
rt/javascript/javascript-rt/src/main/resources/org/apache/cxf/javascript/cxf-utils.js:536:10:
identifier_use: Example 1: Using identifier "org_apache_cxf_pad_string" (2
total uses in this function).
rt/javascript/javascript-rt/src/main/resources/org/apache/cxf/javascript/cxf-utils.js:545:11:
identifier_use: Example 2: Using identifier "org_apache_cxf_pad_string".
rt/javascript/javascript-rt/src/main/resources/org/apache/cxf/javascript/cxf-utils.js:573:9:
identifier_use: Example 3: Using identifier "org_apache_cxf_pad_string".
# 541|
# 542| if (type == org_apache_cxf_pad_string_PAD_BOTH) {
# 543|-> string = org_apache_cxf_pad_sring(Math.floor(len / 2) +
string.length,
# 544| pad, org_apache_cxf_pad_string_PAD_LEFT);
# 545| return (org_apache_cxf_pad_string(Math.ceil(len / 2) +
string.length,
Error: RESOURCE_LEAK (CWE-404):
integration/jca/src/main/java/org/apache/cxf/jca/core/classloader/PlugInClassLoader.java:79:9:
alloc_fn: A new resource is returned from allocation method
"getResourceAsStream".
integration/jca/src/main/java/org/apache/cxf/jca/core/classloader/PlugInClassLoader.java:79:9:
var_assign: Assigning: "in" = resource returned from
"parent.getResourceAsStream(propsFileName)".
integration/jca/src/main/java/org/apache/cxf/jca/core/classloader/PlugInClassLoader.java:96:9:
noescape: Resource "in" is not closed or saved in "load".
integration/jca/src/main/java/org/apache/cxf/jca/core/classloader/PlugInClassLoader.java:99:9:
leaked_resource: Variable "in" going out of scope leaks the resource it refers
to.
97| LOG.fine("Contents: " + propsFileName + props); 98|
99|-> return props; 100| } 101| {noformat}
{noformat}
Error: RESOURCE_LEAK (CWE-404):
rt/rs/extensions/providers/src/main/java/org/apache/cxf/jaxrs/provider/json/JSONProvider.java:210:13:
alloc_fn: A new resource is returned from allocation method "getInputStream".
rt/rs/extensions/providers/src/main/java/org/apache/cxf/jaxrs/provider/json/JSONProvider.java:210:13:
var_assign: Assigning: "realStream" = resource returned from
"getInputStream(type, genericType, is)".
rt/rs/extensions/providers/src/main/java/org/apache/cxf/jaxrs/provider/json/JSONProvider.java:221:13:
leaked_resource: Variable "realStream" going out of scope leaks the resource
it refers to.
# 219| Class<?> theType = getActualType(theGenericType,
genericType, anns);
# 220|
# 221|-> unmarshaller = createUnmarshaller(theType, genericType,
isCollection);
# 222| XMLStreamReader xsr = createReader(type, realStream,
isCollection, enc);
# 223| {noformat}
was:
Coverity is return a bunch of errors which can be easily cleaned up. The
first one in RMTxStore is a close of a ResultSet, the second in cxf-utils.js is
a typo in a method call (sring vs. string), and the third is a close of
realStream within JSONProvider.java, and the fourth is a close of an
inputstream (in) in PlugInClassLoader.java
Error: RESOURCE_LEAK (CWE-404):
rt/ws/rm/src/main/java/org/apache/cxf/ws/rm/persistence/jdbc/RMTxStore.java:883:13:
alloc_fn: A new resource is returned from allocation method "getColumns".
rt/ws/rm/src/main/java/org/apache/cxf/ws/rm/persistence/jdbc/RMTxStore.java:883:13:
var_assign: Assigning: "rs" = resource returned from
"metadata.getColumns(null, null, tableName, "%")".
rt/ws/rm/src/main/java/org/apache/cxf/ws/rm/persistence/jdbc/RMTxStore.java:886:13:
noescape: Resource "rs" is not closed or saved in "next". (The virtual call
resolves to
"org.apache.activemq.artemis.jdbc.store.logging.LoggingResultSet.next".)
rt/ws/rm/src/main/java/org/apache/cxf/ws/rm/persistence/jdbc/RMTxStore.java:887:17:
noescape: Resource "rs" is not closed or saved in "getString".
rt/ws/rm/src/main/java/org/apache/cxf/ws/rm/persistence/jdbc/RMTxStore.java:886:13:
noescape: Resource "rs" is not closed or saved in "next". (The virtual call
resolves to
"org.apache.activemq.artemis.jdbc.store.logging.LoggingResultSet.next".)
rt/ws/rm/src/main/java/org/apache/cxf/ws/rm/persistence/jdbc/RMTxStore.java:911:9:
leaked_resource: Variable "rs" going out of scope leaks the resource it refers
to.
# 909| }
# 910| }
# 911|-> } catch (SQLException ex) \{ # 912|
LOG.log(Level.WARNING, "Table " + tableName + " cannot be altered.", ex); #
913| }
{noformat}
Error: IDENTIFIER_TYPO (CWE-688):
rt/javascript/javascript-rt/src/main/resources/org/apache/cxf/javascript/cxf-utils.js:543:12:
identifier_typo: Using "org_apache_cxf_pad_sring" appears to be a typo:
* Identifier "org_apache_cxf_pad_sring" is only known to be referenced here, or
in copies of this code.
* Identifier "org_apache_cxf_pad_string" is referenced elsewhere at least 4
times.
rt/javascript/javascript-rt/src/main/resources/org/apache/cxf/javascript/cxf-utils.js:543:12:
remediation: Should identifier "org_apache_cxf_pad_sring" be replaced by
"org_apache_cxf_pad_string"?
rt/javascript/javascript-rt/src/main/resources/org/apache/cxf/javascript/cxf-utils.js:536:10:
identifier_use: Example 1: Using identifier "org_apache_cxf_pad_string" (2
total uses in this function).
rt/javascript/javascript-rt/src/main/resources/org/apache/cxf/javascript/cxf-utils.js:545:11:
identifier_use: Example 2: Using identifier "org_apache_cxf_pad_string".
rt/javascript/javascript-rt/src/main/resources/org/apache/cxf/javascript/cxf-utils.js:573:9:
identifier_use: Example 3: Using identifier "org_apache_cxf_pad_string".
# 541|
# 542| if (type == org_apache_cxf_pad_string_PAD_BOTH) {
# 543|-> string = org_apache_cxf_pad_sring(Math.floor(len / 2) +
string.length,
# 544| pad, org_apache_cxf_pad_string_PAD_LEFT);
# 545| return (org_apache_cxf_pad_string(Math.ceil(len / 2) +
string.length,
Error: RESOURCE_LEAK (CWE-404):
integration/jca/src/main/java/org/apache/cxf/jca/core/classloader/PlugInClassLoader.java:79:9:
alloc_fn: A new resource is returned from allocation method
"getResourceAsStream".
integration/jca/src/main/java/org/apache/cxf/jca/core/classloader/PlugInClassLoader.java:79:9:
var_assign: Assigning: "in" = resource returned from
"parent.getResourceAsStream(propsFileName)".
integration/jca/src/main/java/org/apache/cxf/jca/core/classloader/PlugInClassLoader.java:96:9:
noescape: Resource "in" is not closed or saved in "load".
integration/jca/src/main/java/org/apache/cxf/jca/core/classloader/PlugInClassLoader.java:99:9:
leaked_resource: Variable "in" going out of scope leaks the resource it refers
to.
97| LOG.fine("Contents: " + propsFileName + props); 98|
99|-> return props; 100| } 101| {noformat}
#
> Clean up stream resource leaks
> ------------------------------
>
> Key: CXF-9107
> URL: https://issues.apache.org/jira/browse/CXF-9107
> Project: CXF
> Issue Type: Task
> Reporter: Thomas Cunningham
> Priority: Major
>
> Coverity is return a bunch of errors which can be easily cleaned up. The
> first one in RMTxStore is a close of a ResultSet, the second in cxf-utils.js
> is a typo in a method call (sring vs. string), and the third is a close of
> realStream within JSONProvider.java, and the fourth is a close of an
> inputstream (in) in PlugInClassLoader.java
>
> {noformat}
> Error: RESOURCE_LEAK (CWE-404):
> rt/ws/rm/src/main/java/org/apache/cxf/ws/rm/persistence/jdbc/RMTxStore.java:883:13:
> alloc_fn: A new resource is returned from allocation method "getColumns".
> rt/ws/rm/src/main/java/org/apache/cxf/ws/rm/persistence/jdbc/RMTxStore.java:883:13:
> var_assign: Assigning: "rs" = resource returned from
> "metadata.getColumns(null, null, tableName, "%")".
> rt/ws/rm/src/main/java/org/apache/cxf/ws/rm/persistence/jdbc/RMTxStore.java:886:13:
> noescape: Resource "rs" is not closed or saved in "next". (The virtual call
> resolves to
> "org.apache.activemq.artemis.jdbc.store.logging.LoggingResultSet.next".)
> rt/ws/rm/src/main/java/org/apache/cxf/ws/rm/persistence/jdbc/RMTxStore.java:887:17:
> noescape: Resource "rs" is not closed or saved in "getString".
> rt/ws/rm/src/main/java/org/apache/cxf/ws/rm/persistence/jdbc/RMTxStore.java:886:13:
> noescape: Resource "rs" is not closed or saved in "next". (The virtual call
> resolves to
> "org.apache.activemq.artemis.jdbc.store.logging.LoggingResultSet.next".)
> rt/ws/rm/src/main/java/org/apache/cxf/ws/rm/persistence/jdbc/RMTxStore.java:911:9:
> leaked_resource: Variable "rs" going out of scope leaks the resource it
> refers to.
> 909| } 910| } 911|-> } catch
> (SQLException ex) { # 912| LOG.log(Level.WARNING, "Table " +
> tableName + " cannot be altered.", ex); # 913| } {noformat}
>
> {noformat}
> Error: IDENTIFIER_TYPO (CWE-688):
> rt/javascript/javascript-rt/src/main/resources/org/apache/cxf/javascript/cxf-utils.js:543:12:
> identifier_typo: Using "org_apache_cxf_pad_sring" appears to be a typo:
> * Identifier "org_apache_cxf_pad_sring" is only known to be referenced here,
> or in copies of this code.
> * Identifier "org_apache_cxf_pad_string" is referenced elsewhere at least 4
> times.
> rt/javascript/javascript-rt/src/main/resources/org/apache/cxf/javascript/cxf-utils.js:543:12:
> remediation: Should identifier "org_apache_cxf_pad_sring" be replaced by
> "org_apache_cxf_pad_string"?
> rt/javascript/javascript-rt/src/main/resources/org/apache/cxf/javascript/cxf-utils.js:536:10:
> identifier_use: Example 1: Using identifier "org_apache_cxf_pad_string" (2
> total uses in this function).
> rt/javascript/javascript-rt/src/main/resources/org/apache/cxf/javascript/cxf-utils.js:545:11:
> identifier_use: Example 2: Using identifier "org_apache_cxf_pad_string".
> rt/javascript/javascript-rt/src/main/resources/org/apache/cxf/javascript/cxf-utils.js:573:9:
> identifier_use: Example 3: Using identifier "org_apache_cxf_pad_string".
> # 541|
> # 542| if (type == org_apache_cxf_pad_string_PAD_BOTH) {
> # 543|-> string = org_apache_cxf_pad_sring(Math.floor(len / 2) +
> string.length,
> # 544| pad, org_apache_cxf_pad_string_PAD_LEFT);
> # 545| return (org_apache_cxf_pad_string(Math.ceil(len / 2) +
> string.length,
>
> Error: RESOURCE_LEAK (CWE-404):
> integration/jca/src/main/java/org/apache/cxf/jca/core/classloader/PlugInClassLoader.java:79:9:
> alloc_fn: A new resource is returned from allocation method
> "getResourceAsStream".
> integration/jca/src/main/java/org/apache/cxf/jca/core/classloader/PlugInClassLoader.java:79:9:
> var_assign: Assigning: "in" = resource returned from
> "parent.getResourceAsStream(propsFileName)".
> integration/jca/src/main/java/org/apache/cxf/jca/core/classloader/PlugInClassLoader.java:96:9:
> noescape: Resource "in" is not closed or saved in "load".
> integration/jca/src/main/java/org/apache/cxf/jca/core/classloader/PlugInClassLoader.java:99:9:
> leaked_resource: Variable "in" going out of scope leaks the resource it
> refers to.
> 97| LOG.fine("Contents: " + propsFileName + props); 98|
> 99|-> return props; 100| } 101| {noformat}
> {noformat}
> Error: RESOURCE_LEAK (CWE-404):
> rt/rs/extensions/providers/src/main/java/org/apache/cxf/jaxrs/provider/json/JSONProvider.java:210:13:
> alloc_fn: A new resource is returned from allocation method "getInputStream".
> rt/rs/extensions/providers/src/main/java/org/apache/cxf/jaxrs/provider/json/JSONProvider.java:210:13:
> var_assign: Assigning: "realStream" = resource returned from
> "getInputStream(type, genericType, is)".
> rt/rs/extensions/providers/src/main/java/org/apache/cxf/jaxrs/provider/json/JSONProvider.java:221:13:
> leaked_resource: Variable "realStream" going out of scope leaks the resource
> it refers to.
> # 219| Class<?> theType = getActualType(theGenericType,
> genericType, anns);
> # 220|
> # 221|-> unmarshaller = createUnmarshaller(theType, genericType,
> isCollection);
> # 222| XMLStreamReader xsr = createReader(type, realStream,
> isCollection, enc);
> # 223| {noformat}
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
