From e4b973f1253d6ee05a163dd8d0af6b58b1eec2b4 Mon Sep 17 00:00:00 2001 From: Samuel Poirier Date: Tue, 17 Dec 2024 17:00:02 -0500 Subject: [PATCH 1/2] Add missing JarFile close to fix CWE-404 Add missing InputStream close to fix CWE-404 --- .../javaagent/runtimemetrics/java8/JarDetails.java | 6 ++++-- .../javaagent/tooling/ExtensionClassLoader.java | 3 +-- 2 files changed, 5 insertions(+), 4 deletions(-) diff --git a/instrumentation/runtime-telemetry/runtime-telemetry-java8/javaagent/src/main/java/io/opentelemetry/instrumentation/javaagent/runtimemetrics/java8/JarDetails.java b/instrumentation/runtime-telemetry/runtime-telemetry-java8/javaagent/src/main/java/io/opentelemetry/instrumentation/javaagent/runtimemetrics/java8/JarDetails.java index 88afca04c046..58cc2a2667bd 100644 --- a/instrumentation/runtime-telemetry/runtime-telemetry-java8/javaagent/src/main/java/io/opentelemetry/instrumentation/javaagent/runtimemetrics/java8/JarDetails.java +++ b/instrumentation/runtime-telemetry/runtime-telemetry-java8/javaagent/src/main/java/io/opentelemetry/instrumentation/javaagent/runtimemetrics/java8/JarDetails.java @@ -219,8 +219,10 @@ protected Properties getPom() throws IOException { return null; } Properties props = new Properties(); - props.load(jarFile.getInputStream(jarEntry)); - pom = props; + try (InputStream in = jarFile.getInputStream(jarEntry)) { + props.load(in); + pom = props; + } } } return pom; diff --git a/javaagent-tooling/src/main/java/io/opentelemetry/javaagent/tooling/ExtensionClassLoader.java b/javaagent-tooling/src/main/java/io/opentelemetry/javaagent/tooling/ExtensionClassLoader.java index 43a77482838c..70b234aa4f69 100644 --- a/javaagent-tooling/src/main/java/io/opentelemetry/javaagent/tooling/ExtensionClassLoader.java +++ b/javaagent-tooling/src/main/java/io/opentelemetry/javaagent/tooling/ExtensionClassLoader.java @@ -77,8 +77,7 @@ public static ClassLoader getInstance( } private static void includeEmbeddedExtensionsIfFound(List extensions, File javaagentFile) { - try { - JarFile jarFile = new JarFile(javaagentFile, false); + try (JarFile jarFile = new JarFile(javaagentFile, false)) { Enumeration entryEnumeration = jarFile.entries(); String prefix = "extensions/"; File tempDirectory = null; From 977962c896c92fdaa15404d926feb0169b9bddf1 Mon Sep 17 00:00:00 2001 From: Samuel Poirier Date: Tue, 17 Dec 2024 18:34:58 -0500 Subject: [PATCH 2/2] Run spotlessApply --- .../opentelemetry/javaagent/tooling/ExtensionClassLoader.java | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/javaagent-tooling/src/main/java/io/opentelemetry/javaagent/tooling/ExtensionClassLoader.java b/javaagent-tooling/src/main/java/io/opentelemetry/javaagent/tooling/ExtensionClassLoader.java index 70b234aa4f69..7437fa84da69 100644 --- a/javaagent-tooling/src/main/java/io/opentelemetry/javaagent/tooling/ExtensionClassLoader.java +++ b/javaagent-tooling/src/main/java/io/opentelemetry/javaagent/tooling/ExtensionClassLoader.java @@ -77,7 +77,7 @@ public static ClassLoader getInstance( } private static void includeEmbeddedExtensionsIfFound(List extensions, File javaagentFile) { - try (JarFile jarFile = new JarFile(javaagentFile, false)) { + try (JarFile jarFile = new JarFile(javaagentFile, false)) { Enumeration entryEnumeration = jarFile.entries(); String prefix = "extensions/"; File tempDirectory = null;