Fortify:无法释放数据库资源
Fortify: fails to release a database resource
我正在尝试使用 fortify 查看我的代码的漏洞。报告说我有一个问题 "the function sometimes fails to release a database resource allocated by"。这是代码以及问题所在的行。我试图关闭 finally 块中的连接,但它没有解决问题。如何解决这个问题?
private AnotherService anotherService;
private void create() {
Connection conn = null;
try {
conn = getCon(); // With fortify, there's an issue which said "the function sometimes fails to release a database resource allocated by", and it refers to this line
conn.setAutoCommit(false);
anotherService.myFunction(conn);
// the conn.commit() is inside anotherService, because I have to make one connection
// rest of code
} catch (Exception e) {
e.printStackTrace;
if (null != conn) {
conn.rollback();
}
} finally {
if (null != conn) {
conn.close();
}
}
}
private static Connection getCon() {
Connection connection = null;
try {
Class.forName("org.postgresql.Driver");
connection = DriverManager.getConnection(
"jdbc:postgresql://localhost:5432/dbname",
"username",
"password");
} catch (ClassNotFoundException e) {
e.printStackTrace();
} catch (SQLException e) {
e.printStackTrace();
}
return connection;
}
补充:
如果我使用 try-with-resource(如 try (Connection conn = getCon())来自动关闭事物,如果发生任何异常,我如何在 catch 块中调用 conn.rollback()?由于在 try-with-resources.
中声明了 conn 变量
好吧,我解决了我的问题,close方法应该在finally块中调用try-catch,如link。
万一 link 坏了,这里是我用来解决问题的代码:
Statement stmt = null;
ResultSet rs = null;
Connection conn = getConnection();
try {
stmt = conn.createStatement();
rs = stmt.executeQuery(sqlQuery);
processResults(rs);
} catch (SQLException e) {
// Forward to handler
} finally {
try {
if (rs != null) {rs.close();}
} catch (SQLException e) {
// Forward to handler
} finally {
try {
if (stmt != null) {stmt.close();}
} catch (SQLException e) {
// Forward to handler
} finally {
try {
if (conn != null) {conn.close();}
} catch (SQLException e) {
// Forward to handler
}
}
}
}
我正在尝试使用 fortify 查看我的代码的漏洞。报告说我有一个问题 "the function sometimes fails to release a database resource allocated by"。这是代码以及问题所在的行。我试图关闭 finally 块中的连接,但它没有解决问题。如何解决这个问题?
private AnotherService anotherService;
private void create() {
Connection conn = null;
try {
conn = getCon(); // With fortify, there's an issue which said "the function sometimes fails to release a database resource allocated by", and it refers to this line
conn.setAutoCommit(false);
anotherService.myFunction(conn);
// the conn.commit() is inside anotherService, because I have to make one connection
// rest of code
} catch (Exception e) {
e.printStackTrace;
if (null != conn) {
conn.rollback();
}
} finally {
if (null != conn) {
conn.close();
}
}
}
private static Connection getCon() {
Connection connection = null;
try {
Class.forName("org.postgresql.Driver");
connection = DriverManager.getConnection(
"jdbc:postgresql://localhost:5432/dbname",
"username",
"password");
} catch (ClassNotFoundException e) {
e.printStackTrace();
} catch (SQLException e) {
e.printStackTrace();
}
return connection;
}
补充:
如果我使用 try-with-resource(如 try (Connection conn = getCon())来自动关闭事物,如果发生任何异常,我如何在 catch 块中调用 conn.rollback()?由于在 try-with-resources.
好吧,我解决了我的问题,close方法应该在finally块中调用try-catch,如link。
万一 link 坏了,这里是我用来解决问题的代码:
Statement stmt = null;
ResultSet rs = null;
Connection conn = getConnection();
try {
stmt = conn.createStatement();
rs = stmt.executeQuery(sqlQuery);
processResults(rs);
} catch (SQLException e) {
// Forward to handler
} finally {
try {
if (rs != null) {rs.close();}
} catch (SQLException e) {
// Forward to handler
} finally {
try {
if (stmt != null) {stmt.close();}
} catch (SQLException e) {
// Forward to handler
} finally {
try {
if (conn != null) {conn.close();}
} catch (SQLException e) {
// Forward to handler
}
}
}
}