...
Failure to explicitly release nonmemory system resources when they are no longer needed can result in resource exhaustion.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
FIO04-J | Low | Probable | Medium | P4 | L3 |
Automated Detection
Although sound automated detection of this vulnerability is not feasible in the general case, many interesting cases can be soundly detected.
Some static analysis tools can detect cases in which there is leak of a socket resource or leak of a stream representing a file or other system resources.
Tool | Version | Checker | Description | |||||
---|---|---|---|---|---|---|---|---|
Coverity | 7.5 | ITERATOR | Implemented | |||||
Parasoft Jtest |
| BD.RES.LEAKS |
OPT.CIO |
OPT.CCR |
Ensure resources are deallocated | |||||||||
SonarQube |
| S2095 | Implemented |
Related Guidelines
CWE-404, Improper Resource Shutdown or Release |
Android Implementation Details
The compliant solution (try
-with-resources) is not yet supported at API level 18 (Android 4.3).
Bibliography
...
...