The following code snippet had been complain unreleased resource problem by Fortify :
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 | @RequestMapping(value = "/importFile", method = RequestMethod.POST) public @ResponseBody void importFile(@RequestParam("file") MultipartFile multipartFile, Dbm002eFormBean formBean, Alerter alerter) throws IOException { ImportTypeEnum importType = ImportTypeEnum.IT0; // 匯入維度 (固定帶年度) String importId = formBean.getImpType(); // 匯入代號 UpdTypeEnum updType = null; // 更新類別 if ("0".equals(formBean.getUpdType())) { updType = UpdTypeEnum.UT0; } else if ("1".equals(formBean.getUpdType())) { updType = UpdTypeEnum.UT1; } Integer subtractYears = 5; // 減去X年 String userId = UserHolder.getUser().getId(); // log in user id InputStream inputStream = null; try { inputStream = multipartFile.getInputStream(); // file input stream String fileName = multipartFile.getOriginalFilename(); // file name if(!StringUtils.endsWith(fileName, ".xls") || !StringUtils.endsWith(fileName, ".XLS")) { throw new RuntimeException("只接受副檔名為 xls 的檔案, fileName = " + fileName); } importFileProcessService.saveImportFile(importType, importId, updType, subtractYears, userId, inputStream, fileName); alerter.info("檔案上傳成功 (檔名:" + fileName + ")"); } catch (IOException e) { throw new RuntimeException(e); } } |
How-To
It results from inputStream does not been close properly. Here has the updated code snippet:
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 | @RequestMapping(value = "/importFile", method = RequestMethod.POST) public @ResponseBody void importFile(@RequestParam("file") MultipartFile multipartFile, Dbm002eFormBean formBean, Alerter alerter) throws IOException { ImportTypeEnum importType = ImportTypeEnum.IT0; // 匯入維度 (固定帶年度) String importId = formBean.getImpType(); // 匯入代號 UpdTypeEnum updType = null; // 更新類別 if ("0".equals(formBean.getUpdType())) { updType = UpdTypeEnum.UT0; } else if ("1".equals(formBean.getUpdType())) { updType = UpdTypeEnum.UT1; } Integer subtractYears = 5; // 減去X年 String userId = UserHolder.getUser().getId(); // log in user id InputStream inputStream = null; try { inputStream = multipartFile.getInputStream(); // file input stream String fileName = multipartFile.getOriginalFilename(); // file name if(!StringUtils.endsWith(fileName, ".xls") || !StringUtils.endsWith(fileName, ".XLS")) { throw new RuntimeException("只接受副檔名為 xls 的檔案, fileName = " + fileName); } importFileProcessService.saveImportFile(importType, importId, updType, subtractYears, userId, inputStream, fileName); alerter.info("檔案上傳成功 (檔名:" + fileName + ")"); } catch (IOException e) { throw new RuntimeException(e); } finally { if (inputStream != null) { inputStream.close(); } } } |