How to resolve VeraCode Improper Resource Shutdown or Release

Description

The application fails to release (or incorrectly releases) a system resource before it is made available for re-use. This condition often occurs with resources such as database connections or file handles. Most unreleased resource issues result in general software reliability problems, but if an attacker can intentionally trigger a resource leak, it may be possible to launch a denial of service attack by depleting the resource pool.

Recommendations

When a resource is created or allocated, the developer is responsible for properly releasing the resource as well as accounting for all potential paths of expiration or invalidation. Ensure that all code paths properly release resources.

For More detail - Improper Resource Shutdown or Release

Sample issue Code

import java.io.FileInputStream;
import java.io.IOException;
public class ResourceRelease {
  public static void main(String[] args) throws IOException {
   FileInputStream fin = null;
   try{
    fin = new FileInputStream("c:\\appv-instlog.txt");
   }catch(IOException e){
    e.printStackTrace();
   }  
  }
 }

Sample solution Code

import java.io.FileInputStream;
import java.io.IOException;
public class ResourceRelease {
  public static void main(String[] args) throws IOException {
   FileInputStream fin = null;
   try{
    fin = new FileInputStream("c:\\appv-instlog.txt");
   }catch(IOException e){
    e.printStackTrace();
   }finally{
    if(fin != null){
     fin.close();
    }
   }
  }
 }

Eligible Object for Garbage Collection when all the references of that parent object explicitly assigning to null

Overview

JVM will reclaim the unused object from heap memory for future use.Unused Object means no longer referenced by any part of your program pointer to that object. To demonstrate unused object is reclaim by garbage collector by calling System.gc() function.System.gc() method provides just a "hint" to the JVM that garbage collection should run. But It is not guaranteed!!

Parent object set to null

If an object holds reference of another object and when you set container object's reference null, child or contained object automatically becomes eligible for garbage collection.

Below Example - Garbage Collector will call when parent object references set to null

class EligibleParent{ 
  protected void finalize(){
   System.out.println("Parent Unused Object is reclaim by Garbage Collector.");
  }
}
class EligibleChild extends EligibleParent{
  protected void finalize(){
   System.out.println("Child Unused Object is reclaim by Garbage Collector.");
  }
}
public class EligibleParentNull {
  public static void main(String[] args) {
   EligibleParent obj = new EligibleChild();
   obj = null;
   System.gc();
  }
}

Output

Child Unused Object is reclaim by Garbage Collector.

Explanation

Above example System.gc() function is called after obj object set to null.Container object obj is null then contained object automatically becomes eligible for garbage collection.So the child class finalize method is called.

Note : Output Order may change based on System.gc() function calling the finalize method.

What is AngularJS?


Open Source Javascript Framework.

AngularJS is a structural framework for dynamic web application.

Perfect for Single Page Application (SPA).

It was developed in 2009 by Misko Hevery.

It is now officially supported by Google.

It extends HTML with new attributes.

There is no need of any server side Script like jsp,asp etc.

It can run anywhere where javascript can run because angularjs is completely written in javascript framework. Even supports many of the mobile browsers like Android,Chrome,safari etc.

It is entirely client side support framework.

It aims to simplify both the development and the testing of such applications by providing a framework for client-side model–view–controller (MVC) and model–view–viewmodel (MVVM) architectures, along with components commonly used in rich Internet applications.

It lets you to use HTML as a template language and to extend HTML syntax to elaborate your application components clearly and succinctly.

Prerequisite for learning angularjs is HTML,CSS and Javascript.

AngularJS Offical Site

Eligible Object for Garbage Collection when the references of that object or instance lifetime will expire

Overview

JVM will reclaim the unused object from heap memory for future use.Unused Object means no longer referenced by any part of your program pointer to that object. To demonstrate unused object is reclaim by garbage collector by calling System.gc() function.System.gc() method provides just a "hint" to the JVM that garbage collection should run. But It is not guaranteed!!

Instance lifetime or Scope of Object

Object References is vanishes at the end of the scope.No way to access the object, because the only reference to it is out of scope. But still memory which is created by the object will Dangling in heap memory.So after out of scope instance is eligible for garbage collection.

Below Example - Garbage Collector will call when object references goes out of scope

public class EligibleScope {  
  protected void finalize(){
   System.out.println("Unused Object is reclaim by Garbage Collector:"+this);
  }
  public void createObject(){
   EligibleScope obj1 = new EligibleScope();
   System.out.println("obj1 address :"+obj1);
  }
  public static void main(String[] args) {
   EligibleScope obj = new EligibleScope();
   System.out.println("Before called Garbage Collector");
   System.out.println("obj  address :"+obj);
   obj.createObject();   
   System.gc();
   System.out.println("After  called Garbage Collector");
  }
}

Output

Before called Garbage Collector
obj  address :EligibleScope@dc8569
obj1 address :EligibleScope@1bab50a
After  called Garbage Collector
Unused Object is reclaim by Garbage Collector:EligibleScope@1bab50a

Explanation

Above example System.gc() function is called after the createObject method.obj1 object is created inside that function and its lifetime also over once that function gets over. So that obj1 is reclaimed and it is called the finalize method.

Note : Output Order may change based on System.gc() function calling the finalize method.

Eligible Object for Garbage Collection when all the references of that object explicitly assigning to Circular Link

Overview

JVM will reclaim the unused object from heap memory for future use.Unused Object means no longer referenced by any part of your program pointer to that object. To demonstrate unused object is reclaim by garbage collector by calling System.gc() function.System.gc() method provides just a "hint" to the JVM that garbage collection should run. But It is not guaranteed!!

Circular Nature

Object References is Circular Nature means initially Object is created on own memory address on heap memory and later more than one objects pointing to same memory address on heap memory.

Below Example - Garbage Collector will call when object references in circular nature occur

public class EligibleCircular {  
  protected void finalize(){
   System.out.println("Unused Object is reclaim by Garbage Collector:"+this);
  } 
  public static void main(String[] args) {
   EligibleCircular obj1 = new EligibleCircular();
   EligibleCircular obj2 = new EligibleCircular();  
   System.out.println("Before Assinging obj2 to obj1 object");
   System.out.println("obj1 = "+obj1);
   System.out.println("obj2 = "+obj2);
   obj1 = obj2;
   System.gc();
   System.out.println("After  Assinging obj2 to obj1 object");
   System.out.println("obj1 = "+obj1);
   System.out.println("obj2 = "+obj2);
  }
}

Output

Before Assinging obj2 to obj1 object
obj1 = EligibleCircular@1bab50a
obj2 = EligibleCircular@c3c749
After  Assinging obj2 to obj1 object
obj1 = EligibleCircular@c3c749
Unused Object is reclaim by Garbage Collector:EligibleCircular@1bab50a
obj2 = EligibleCircular@c3c749

Explanation

Above example System.gc() function is called after assigned obj2 to obj1.Both object is pointing the same address of obj2.Now obj1 memory address is Dangling pointer. So the obj1 is reclaimed and it is called the finalize method.

Note : Output Order may change based on System.gc() function calling the finalize method.

Eligible Object for Garbage Collection when all the references of that object explicitly assigning to null

Overview

JVM will reclaim the unused object from heap memory for future use.Unused Object means no longer referenced by any part of your program pointer to that object. To demonstrate unused object is reclaim by garbage collector by calling System.gc() function.System.gc() method provides just a "hint" to the JVM that garbage collection should run. But It is not guaranteed!!

Below Example - Garbage Collector is called before object assigning to null value

public class EligibleSetNull { 
  protected void finalize(){
    System.out.println("Unused Object is reclaim by Garbage Collector...");
  }
  public static void main(String[] args) {
    EligibleSetNull obj1 = new EligibleSetNull();  
    System.out.println("Before Setting Null to Object.");
    System.gc();
    obj1 = null;  
    System.out.println("After  Setting Null to Object.");
  }
}

Output

Before Setting Null to Object.
After  Setting Null to Object.

Explanation

Above example System.gc() function is called before setting the null value to object.So the object is not reclaimed and it is not called the finalize method.

Below Example - Garbage Collector is called After object assigning to null value

public class EligibleSetNull { 
  protected void finalize(){
    System.out.println("Unused Object is reclaim by Garbage Collector...");
  } 
  public static void main(String[] args) {
    EligibleSetNull obj1 = new EligibleSetNull();  
    System.out.println("Before Setting Null to Object.");
    obj1 = null;
    System.gc();
    System.out.println("After  Setting Null to Object.");
  }
}

Output

Before Setting Null to Object.
After  Setting Null to Object.
Unused Object is reclaim by Garbage Collector...

Explanation

Above example System.gc() function is called after setting the null value to object.So the object is reclaimed and it is called the finalize method.

Note : Output Order may change based on System.gc() function calling the finalize method.