Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

The Java Development Kit 1.7 (JDK 1.7) introduced the try-with-resources statement (see the JLS, §14.20.3, "try-with-resources" [JLS 2013]),  which simplifies correct use of resources that implement the java.lang.AutoCloseable interface, including those that implement the java.io.Closeable interface.

...

Use of the try-with-resources statement is also illustrated in ERR05-J. Do not let checked exceptions escape from a finally block, FIO03-J. Remove temporary files before termination, and FIO04-J. Release resources when they are no longer needed.

Noncompliant Code Example

This noncompliant code example uses an ordinary try-catch-finally block in an attempt to close two resources.  

...

However, if an exception is thrown when the BufferedReader br is closed, then the BufferedWriter bw will not be closed.

Compliant Solution (finally block)

This compliant solution uses a second finally block to guarantee that bw is properly closed even when an exception is thrown while closing br.

Code Block
bgColor#ccccff
public void processFile(String inPath, String outPath)
    throws IOException {
  BufferedReader br = null;
  BufferedWriter bw = null;
  try {
    br = new BufferedReader(new FileReader(inPath));
    bw = new BufferedWriter(new FileWriter(outPath));
    // Process the input and produce the output
  } finally {
    if (br != null) {
      try {
        br.close();
      } catch (IOException x) {
        // Handle error
      } finally {
        if (bw != null) {
          try {
            bw.close();
          } catch (IOException x) {
            // Handle error
          }
        }
      }
    }
  }
}

Compliant Solution (try-with-resources)

This compliant solution uses a try-with-resources statement to manage both br and bw.  

...

If only one exception is thrown, either during opening, processing, or closing of the files, the exception will be printed after "thrown exception:". If an exception is thrown during processing, and a second exception is thrown while trying to close either file, the second exception will be printed after "thrown exception:", and the first exception will be printed after "suppressed exception:".

Applicability

Failing to correctly handle all failure cases when working with closeable resources may result in some resources not being closed or in important exceptions being masked, possibly resulting in a denial of service. Note that failure to use a try-with-resources statement cannot be considered a security vulnerability in and of itself because it is possible to write a correctly structured group of nested try-catch-finally blocks guarding the resources that are in use (see ERR05-J. Do not let checked exceptions escape from a finally block). That said, failure to correctly handle such error cases is a common source of vulnerabilities. Use of a try-with-resources statement mitigates this issue by guaranteeing that the resources are managed correctly and that exceptions are never masked.

Bibliography

...