Prevent resource leaks (CodeQL)
codeql:java/input-resource-leak​
Importance | Review Guidance | Requires Scanning Tool |
---|---|---|
MEDIUM | Merge Without Review | Yes (CodeQL) |
This change adds try-with-resources to code to prevent resources from being leaked, which could lead to denial-of-service conditions like connection pool or file handle exhaustion.
Our changes look something like this:
- BufferedReader br = new BufferedReader(new FileReader("C:\\test.txt"));
- System.out.println(br.readLine());
+ try(FileReader input = new FileReader("C:\\test.txt"); BufferedReader br = new BufferedReader(input)){
+ System.out.println(br.readLine());
+ }
F.A.Q.​
Why is this codemod marked as Merge Without Review?​
This codemod causes resources to be cleaned up immediately after use instead of at garbage collection time, and we don't believe this change entails any risk.