Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Task]: Fix Improper Resource Shutdown or Release in Ballerina 1.2.x #41261

Closed
malinthar opened this issue Aug 21, 2023 · 2 comments
Closed

[Task]: Fix Improper Resource Shutdown or Release in Ballerina 1.2.x #41261

malinthar opened this issue Aug 21, 2023 · 2 comments
Assignees
@gabilang
Labels
Team/jBallerina All the issues related to BIR, JVM backend code generation and runtime Type/Task

Comments

@malinthar
Copy link
Contributor

Description

Need to fix the $subject vulnerability reported in https://docs.google.com/spreadsheets/d/1MAabEyyYwg8PzziDR4XbPJyeCUhKEgFrDrMDYFX9RVM/edit#gid=407096550

Steps to Reproduce

No response

Affected Version(s)

No response

OS, DB, other environment details and versions

No response

Related area

-> Runtime

Related issue(s) (optional)

No response

Suggested label(s) (optional)

No response

Suggested assignee(s) (optional)

No response
@ballerina-bot ballerina-bot added the Team/jBallerina All the issues related to BIR, JVM backend code generation and runtime label Aug 21, 2023
@malinthar malinthar changed the title [Bug]: Fix Improper Resource Shutdown or Release in Ballerina 1.2.x [Task]: Fix Improper Resource Shutdown or Release in Ballerina 1.2.x Aug 21, 2023
@gabilang gabilang self-assigned this Aug 21, 2023
@gabilang gabilang mentioned this issue Aug 22, 2023
Closed
13 tasks
@gabilang
Copy link
Contributor

gabilang commented Aug 22, 2023
edited
Loading

It seems we have already added a fix (with the PR #40330) for this issue. With that fix we made JSONGenerator auto-closeable and users are expected to close the streams if there are any JSONGenerator constructor calls made by them.
Try-with resources can be used for this purpose.
e.g:

try (JSONGenerator gen = new JSONGenerator(outputStream)) {
     // Use Json generator
} catch (IOException e) {
    // Handle exception
}

@gabilang
Copy link
Contributor

The above issue can be mitigated by try-with-resources (or manually call close) if there any constructor call made to JSONGenerator or it can be a false positive. Hence closing the issue.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@gabilang gabilang

Labels
Team/jBallerina All the issues related to BIR, JVM backend code generation and runtime Type/Task
Projects
Ballerina Team Main Board
Archived in project
Milestone
No milestone
Development

No branches or pull requests
3 participants
@ballerina-bot @malinthar @gabilang