How to resolve VeraCode Improper Resource Shutdown or Release

Description

The application fails to release (or incorrectly releases) a system resource before it is made available for re-use. This condition often occurs with resources such as database connections or file handles. Most unreleased resource issues result in general software reliability problems, but if an attacker can intentionally trigger a resource leak, it may be possible to launch a denial of service attack by depleting the resource pool.

Recommendations

When a resource is created or allocated, the developer is responsible for properly releasing the resource as well as accounting for all potential paths of expiration or invalidation. Ensure that all code paths properly release resources.

For More detail - Improper Resource Shutdown or Release

Sample issue Code

import java.io.FileInputStream; import java.io.IOException; public class ResourceRelease { public static void main(String[] args) throws IOException { FileInputStream fin = null; try{ fin = new FileInputStream("c:\\appv-instlog.txt"); }catch(IOException e){ e.printStackTrace(); } } }

Sample solution Code

import java.io.FileInputStream; import java.io.IOException; public class ResourceRelease { public static void main(String[] args) throws IOException { FileInputStream fin = null; try{ fin = new FileInputStream("c:\\appv-instlog.txt"); }catch(IOException e){ e.printStackTrace(); }finally{ if(fin != null){ fin.close(); } } } }

Related Topics

• How to fix Improper Neutralization of CRLF Sequences Injection
• How to fix Improper Neutralization of CRLF Sequences in HTTP Headers
• How to fix Improper Output Neutralization for Logs
• How to fix URL Redirection to Untrusted Site Open Redirect