Uploaded image for project: 'Karaf'
  1. Karaf
  2. KARAF-4210

Unreleased Resource: Streams

          Details

          • Type: Bug
          • Status: Resolved
          • Priority: Major
          • Resolution: Fixed
          • Affects Version/s: 4.0.3
          • Fix Version/s: 4.1.1
          • Component/s: None
          • Labels:
            None

            Description

            HP Fortify SCA and SciTools Understand were used to perform an application security analysis on the karaf source code.

            The function getLocalRepoFromConfig() in MavenConfigService.java sometimes fails to release a system resource allocated by FileInputStream() on line 74.

            File: bundle/core/src/main/java/org/apache/karaf/bundle/core/internal/MavenConfigService.java
            Line: 74

            MavenConfigService.java, lines 66-76:
            66 static String getLocalRepoFromConfig(Dictionary<String, Object> dict) throws XMLStreamException, FileNotFoundException {
            67 String path = null;
            68 if (dict != null) {
            69 path = (String) dict.get("org.ops4j.pax.url.mvn.localRepository");
            70 if (path == null) {
            71 String settings = (String) dict.get("org.ops4j.pax.url.mvn.settings");
            72 if (settings != null) {
            73 File file = new File(settings);
            74 XMLStreamReader reader = XMLInputFactory.newFactory().createXMLStreamReader(new FileInputStream(file));
            75 try {
            76 int event;

              Attachments

                Activity

                  People

                  • Assignee:
                    chris@die-schneider.net Christian Schneider
                    Reporter:
                    EdAInWestOC Eduardo Aguinaga
                  • Votes:
                    0 Vote for this issue
                    Watchers:
                    3 Start watching this issue

                    Dates

                    • Created:
                      Updated:
                      Resolved: