RLK.INRLK (Resource Leak) issues are reported when resources are allocated but not properly disposed after use. Failing to properly dispose a resource can lead to such problems as:
RLK.IN indicates that an input stream that was opened is not explicitly closed. Vulnerability and riskResources such as streams, connections and graphic objects must be explicitly closed. The close operation can unblock transactions or flush file changes in the file system. While a resource will eventually be closed by the garbage collector, resource exhaustion can occur before garbage collection starts. Depending on the nature of the resource, various exceptions will be thrown on a failed attempt to allocate another resource, for example: java.io.FileNotFoundException: Too many open files or too many database connections. Mitigation and preventionExplicitly close all resources that have the close method, even those that you think are not doing anything significant. Future code changes will then be safe from such errors. Example 1
12 static final String propertyFile = "my_config.ini";
13
14 static String getProperyFromConfigFile(String name)
15 throws IOException {
16 Properties prop = new Properties();
17 FileInputStream st = new FileInputStream(propertyFile);
18 prop.load(st);
19 return prop.getProperty(name);
20 }
RLK.IN is reported for the snippet on line 17: input stream 'st' is not closed after creation. Example 2
12 static final String propertyFile = "my_config.ini";
13
14 static String getProperyFromConfigFile(String name)
15 throws IOException {
16 Properties prop = new Properties();
17 FileInputStream st = new FileInputStream(propertyFile);
18 try {
19 prop.load(st);
20 } finally {
21 st.close();
22 }
23 return prop.getProperty(name);
24 }
The snippet from the previous section is fixed; RLK.IN is not reported here. Security guidelinesExtensionThis checker can be extended through the Klocwork knowledge base. See Tuning Java analysis for more information. |