Resource leak: FileInputStream is not closed on method exit

[GoogleCodeExporter]

I have V2.1 sources.

2 places in ESAPIWebApplicationFirewallFilter.java do not close file streams.

The corrected 2 methods are:

public void setConfiguration( String policyFilePath, String webRootDir ) throws 
FileNotFoundException {



                                FileInputStream inputStream = null;

                                try {

                                                inputStream = new FileInputStream(new File(policyFilePath));

                                                appGuardConfig = ConfigurationParser.readConfigurationFile(inputStream, webRootDir);

                                                lastConfigReadTime = System.currentTimeMillis();

                                                configurationFilename = policyFilePath;

                                } catch (ConfigurationException e ) {

            // TODO: It would be ideal if this method through the ConfigurationException rather than catching it and

            // writing the error to the console.

                                                e.printStackTrace();

                                } finally {

                                                if (inputStream != null) {

                                                                try {

                                                                                inputStream.close();

                                                                } catch (IOException e) {

                                                                                e.printStackTrace();

                                                                }

                                                }

                                }

                }

/* and the block ... */

  FileInputStream inputStream = null;

                                try {



                                                String webRootDir = fc.getServletContext().getRealPath("/");

                                                inputStream = new FileInputStream(configurationFilename);

                                                appGuardConfig = ConfigurationParser.readConfigurationFile(inputStream, webRootDir);



                                                DOMConfigurator.configure(realLogSettingsFilename);



                                                lastConfigReadTime = System.currentTimeMillis();



                                } catch (FileNotFoundException e) {

                                                throw new ServletException(e);

                                } catch (ConfigurationException e) {

                                                throw new ServletException(e);

                                } finally {

                                                if (inputStream != null) {

                                                                try {

                                                                                inputStream.close();

                                                                } catch (IOException e) {

                                                                                e.printStackTrace();

                                                                }

                                                }

                                }

Original issue reported on code.google.com by [email protected] on 26 Nov 2013 at 7:48

[GoogleCodeExporter]

Eamonn,
Would you like this work to be considered for the ESAPI hackathon contest? If 
so, please email me ASAP. Thanks.
-kevin wall <[email protected]>

Original comment by [email protected] on 23 Jan 2014 at 6:56