Uploaded image for project: 'Camel'
  1. Camel
  2. CAMEL-7093

Veracode compliance. Improper Resource Shutdown or Release (CWE ID 404) in QuartzComponent

    XMLWordPrintableJSON

    Details

    • Patch Info:
      Patch Available
    • Estimated Complexity:
      Unknown

      Description

      Pull request https://github.com/apache/camel/pull/77

      During Veracode scan of our application we discover issue with security in Camel. Please review our fix and apply it in future versions.
      Quote from Veracode report below:

      Improper Resource Shutdown or Release (CWE ID 404)(1 flaw)
      Description
      The application fails to release (or incorrectly releases) a system resource before it is made available for re-use. This
      condition often occurs with resources such as database connections or file handles. Most unreleased resource issues
      result in general software reliability problems, but if an attacker can intentionally trigger a resource leak, it may be
      possible to launch a denial of service attack by depleting the resource pool.
      Effort to Fix: 2 - Implementation error. Fix is approx. 6-50 lines of code. 1 day to fix.
      Recommendations
      When a resource is created or allocated, the developer is responsible for properly releasing the resource as well as
      accounting for all potential paths of expiration or invalidation. Ensure that all code paths properly release resources.
      Instances found via Static Scan
      .../QuartzComponent.java line 436

        Attachments

          Activity

            People

            • Assignee:
              davsclaus Claus Ibsen
              Reporter:
              leonart Leonid Marushevskiy
            • Votes:
              0 Vote for this issue
              Watchers:
              2 Start watching this issue

              Dates

              • Created:
                Updated:
                Resolved: