Fortify:无法释放数据库资源

Fortify: fails to release a database resource

我正在尝试使用 fortify 查看我的代码的漏洞。报告说我有一个问题 "the function sometimes fails to release a database resource allocated by"。这是代码以及问题所在的行。我试图关闭 finally 块中的连接,但它没有解决问题。如何解决这个问题?

private AnotherService anotherService;

private void create() {
    Connection conn = null;
    try {
        conn = getCon(); // With fortify, there's an issue which said "the function sometimes fails to release a database resource allocated by", and it refers to this line
        conn.setAutoCommit(false);
        anotherService.myFunction(conn);
        // the conn.commit() is inside anotherService, because I have to make one connection
        // rest of code

    } catch (Exception e) {
        e.printStackTrace;
        if (null != conn) {
            conn.rollback();
        }
    } finally {
        if (null != conn) {
            conn.close();
        }
    }
}

private static Connection getCon() {
    Connection connection = null;
        try {
            Class.forName("org.postgresql.Driver");
            connection = DriverManager.getConnection(
                    "jdbc:postgresql://localhost:5432/dbname",
                    "username",
                    "password");
        } catch (ClassNotFoundException e) {
            e.printStackTrace();
        } catch (SQLException e) {
            e.printStackTrace();
        }
    return connection;
}

补充: 如果我使用 try-with-resource(如 try (Connection conn = getCon())来自动关闭事物,如果发生任何异常,我如何在 catch 块中调用 conn.rollback()?由于在 try-with-resources.

中声明了 conn 变量

好吧,我解决了我的问题,close方法应该在finally块中调用try-catch,如link

万一 link 坏了,这里是我用来解决问题的代码:

Statement stmt = null;
ResultSet rs = null;
Connection conn = getConnection();
try {
  stmt = conn.createStatement();
  rs = stmt.executeQuery(sqlQuery);
  processResults(rs);
} catch (SQLException e) {
  // Forward to handler
} finally {
  try {
    if (rs != null) {rs.close();}
  } catch (SQLException e) {
    // Forward to handler
  } finally {
    try {
      if (stmt != null) {stmt.close();}
    } catch (SQLException e) {
      // Forward to handler
    } finally {
      try {
        if (conn != null) {conn.close();}
      } catch (SQLException e) {
        // Forward to handler
      }
    }
  }
}