2016/01/05

[Fortify] Fix Unreleased Resource: Streams

Problem
The following code snippet had been complain unreleased resource problem by Fortify : 
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
 @RequestMapping(value = "/importFile", method = RequestMethod.POST)
    public @ResponseBody
    void importFile(@RequestParam("file") MultipartFile multipartFile, Dbm002eFormBean formBean,
            Alerter alerter) throws IOException {

        ImportTypeEnum importType = ImportTypeEnum.IT0; // 匯入維度 (固定帶年度)
        String importId = formBean.getImpType(); // 匯入代號
        UpdTypeEnum updType = null; // 更新類別
        if ("0".equals(formBean.getUpdType())) {
            updType = UpdTypeEnum.UT0;
        } else if ("1".equals(formBean.getUpdType())) {
            updType = UpdTypeEnum.UT1;
        }
        Integer subtractYears = 5; // 減去X年
        String userId = UserHolder.getUser().getId(); // log in user id
        InputStream inputStream = null;
        try {
            inputStream = multipartFile.getInputStream();
            // file input stream
            String fileName = multipartFile.getOriginalFilename(); // file name
            
            if(!StringUtils.endsWith(fileName, ".xls") || !StringUtils.endsWith(fileName, ".XLS")) {
                throw new RuntimeException("只接受副檔名為 xls 的檔案, fileName = " + fileName);
            }

            importFileProcessService.saveImportFile(importType, importId, updType, subtractYears,
                    userId, inputStream, fileName);

            alerter.info("檔案上傳成功 (檔名:" + fileName + ")");
        } catch (IOException e) {
            throw new RuntimeException(e);
        }
    }


How-To
It results from inputStream does not been close properly. Here has the updated code snippet:
 1
 2
 3
 4
 5
 6
 7
 8
 9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
@RequestMapping(value = "/importFile", method = RequestMethod.POST)
    public @ResponseBody
    void importFile(@RequestParam("file") MultipartFile multipartFile, Dbm002eFormBean formBean,
            Alerter alerter) throws IOException {

        ImportTypeEnum importType = ImportTypeEnum.IT0; // 匯入維度 (固定帶年度)
        String importId = formBean.getImpType(); // 匯入代號
        UpdTypeEnum updType = null; // 更新類別
        if ("0".equals(formBean.getUpdType())) {
            updType = UpdTypeEnum.UT0;
        } else if ("1".equals(formBean.getUpdType())) {
            updType = UpdTypeEnum.UT1;
        }
        Integer subtractYears = 5; // 減去X年
        String userId = UserHolder.getUser().getId(); // log in user id
        InputStream inputStream = null;
        try {
            inputStream = multipartFile.getInputStream();
            // file input stream
            String fileName = multipartFile.getOriginalFilename(); // file name
            
            if(!StringUtils.endsWith(fileName, ".xls") || !StringUtils.endsWith(fileName, ".XLS")) {
                throw new RuntimeException("只接受副檔名為 xls 的檔案, fileName = " + fileName);
            }

            importFileProcessService.saveImportFile(importType, importId, updType, subtractYears,
                    userId, inputStream, fileName);

            alerter.info("檔案上傳成功 (檔名:" + fileName + ")");
        } catch (IOException e) {
            throw new RuntimeException(e);
        } finally {
            if (inputStream != null) {
                inputStream.close();
            }
        }
    }





No comments:

Post a Comment