我已经使用 fortify 工具扫描了我的项目,在生成的 fortify 报告中,我通过以下方法得到了未发布的资源:数据库问题。
public String handleInput( HttpServletRequest request, HtmlGenerator htmlGenObj ) {
HashMap old_child_list = new HashMap();
HashMap old_parent_list = new HashMap();
HashMap new_child_list = new HashMap();
HashMap new_parent_list = new HashMap();
logger.debug( "Start of handle Input" );
String dataSource = request.getParameter( "datasource" ) == null ? "" : request.getParameter( "datasource" );
String sortBy = request.getParameter( "sortby" ) == null ? "" : request.getParameter( "sortby" );
long sqlConsStartTime = System.currentTimeMillis();
//
// Get the sql query based on data source
//
String sqlQuery = this.getSql( dataSource, request );
// If any error then return
if( sqlQuery.startsWith( "ERROR" ) ) {
return sqlQuery;
}
if( sortBy.trim().length() > 0 ) {
logger.debug( "Sort by value = " + sortBy );
int orderByIndex = sqlQuery.indexOf( "order by" );
// If order by already exists then remove that value.
if( orderByIndex > 0 ) {
sqlQuery = sqlQuery.substring( 0, orderByIndex );
}
sqlQuery = sqlQuery + " order by " + sortBy;
}
plog.debug( getUniqueId( request ) + "SQL Construction Time = " + ( ( System.currentTimeMillis()- sqlConsStartTime )/1000.0 ) );
logger.info( "Final SQL = " + sqlQuery );
String results = "NONE";
Connection conn = null;
try {
Context initCtx = new InitialContext();
Context envCtx = ( Context ) initCtx.lookup( "java:comp/env" );
// Look up for the data source
DataSource ds = ( DataSource ) envCtx.lookup( "NavigatorCon" );
conn = ds.getConnection();
htmlGenObj.setSql( sqlQuery );
if( dataSource.equals( "compass" ) ) {
results = doCompassSearch( sqlQuery, conn, request, old_parent_list, old_child_list );
String matchType = request.getParameter( "coname_st" ) == null ? "" : request.getParameter( "coname_st" );
if( "fuzzy".equals( matchType ) ) {
long rollupSqlConsStartTime = System.currentTimeMillis();
String rollupSql = build_rollup_sql( conn, old_parent_list, old_child_list, new_parent_list, new_child_list ); //System.out.println( "Rollup SQL: " + rollupSql );
plog.debug(getUniqueId(request)+"Rollup SQL Construction Time = "+ ((System.currentTimeMillis()- rollupSqlConsStartTime)/1000.0) );
if( rollupSql.length() > 0 ) {
String rollupResult = doCompassSearch( rollupSql, conn, request, old_parent_list, old_child_list );
results = results + rollupResult;
// Build the new sql which returns both parent and child records.This is used in Excel download
sqlQuery = sqlQuery + " UNION " + rollupSql;
} //System.out.println( "Navigator Query is: \n" + sqlQuery + "\n" );
htmlGenObj.setSql( sqlQuery );
}
}
else if( dataSource.equals( "psar" ) ) {
results = getAMSearchResults( sqlQuery, conn, request, htmlGenObj );
}
else if( dataSource.equals( "knac" ) ) {
results = do_knac_search( sqlQuery, conn, request );
}
else if( dataSource.equals( "auth_user" ) ) {
results = do_auth_user_search( sqlQuery, conn, request );
}
else if( "docstore".equalsIgnoreCase( dataSource ) ) {
results = this.doDocStoreSearch( sqlQuery, conn, request );
}
}
catch( Exception sqle ) {
logger.fatal( "Error : " + sqle.toString(), sqle );
}
finally {
try {
conn.close();
}
catch( Exception e ) {
// giveup
}
}
old_child_list.clear();
old_parent_list.clear();
new_child_list.clear();
new_parent_list.clear();
logger.debug( "End of handle Input");
return results;
}
据我所知,如果连接未正确关闭,但此连接在finally block 内关闭,则会出现此问题。
有人可以建议我如何解决这个问题吗? xxxxxx
最佳答案
可能会抛出 NullPointerException,因此可能会将第二个异常更改为 Throwable因为 NullPointerException 是从检查的 Exception 类派生的。 也许这里的代码分析有问题。
然后,从 Java 7 开始,您可以使用 try-with-resources 自动关闭:
try (Connection con = getDbConnection()) {
没有finally 。也适用于PreparedStatement 和ResultSet。
正如您所说的质量:它被认为是更好的使用风格 SQLException e ,或类似 SQLException | NullPointerException e 。
关于java - "Unreleased Resource: Database"确认问题,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/24799572/