Skip to main content

Prevent resource leaks (CodeQL)

codeql:java/input-resource-leak

ImportanceReview GuidanceRequires Scanning Tool
MEDIUMMerge Without ReviewYes (CodeQL)

This change adds try-with-resources to code to prevent resources from being leaked, which could lead to denial-of-service conditions like connection pool or file handle exhaustion.

Our changes look something like this:

- BufferedReader br = new BufferedReader(new FileReader("C:\\test.txt"));
- System.out.println(br.readLine());
+ try(FileReader input = new FileReader("C:\\test.txt"); BufferedReader br = new BufferedReader(input)){
+ System.out.println(br.readLine());
+ }

F.A.Q.

Why is this codemod marked as Merge Without Review?

This codemod causes resources to be cleaned up immediately after use instead of at garbage collection time, and we don't believe this change entails any risk.

References