Use try-with-resources or close this "BufferedWriter" in a "finally" clause. Open
BufferedWriter output = new BufferedWriter(new FileWriter(file));- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Connections, streams, files, and other classes that implement the Closeable interface or its super-interface,
AutoCloseable, needs to be closed after use. Further, that close call must be made in a finally block otherwise
an exception could keep the call from being made. Preferably, when class implements AutoCloseable, resource should be created using
"try-with-resources" pattern and will be closed automatically.
Failure to properly close resources will result in a resource leak which could bring first the application and then perhaps the box the application is on to their knees.
Noncompliant Code Example
private void readTheFile() throws IOException {
Path path = Paths.get(this.fileName);
BufferedReader reader = Files.newBufferedReader(path, this.charset);
// ...
reader.close(); // Noncompliant
// ...
Files.lines("input.txt").forEach(System.out::println); // Noncompliant: The stream needs to be closed
}
private void doSomething() {
OutputStream stream = null;
try {
for (String property : propertyList) {
stream = new FileOutputStream("myfile.txt"); // Noncompliant
// ...
}
} catch (Exception e) {
// ...
} finally {
stream.close(); // Multiple streams were opened. Only the last is closed.
}
}
Compliant Solution
private void readTheFile(String fileName) throws IOException {
Path path = Paths.get(fileName);
try (BufferedReader reader = Files.newBufferedReader(path, StandardCharsets.UTF_8)) {
reader.readLine();
// ...
}
// ..
try (Stream<String> input = Files.lines("input.txt")) {
input.forEach(System.out::println);
}
}
private void doSomething() {
OutputStream stream = null;
try {
stream = new FileOutputStream("myfile.txt");
for (String property : propertyList) {
// ...
}
} catch (Exception e) {
// ...
} finally {
stream.close();
}
}
Exceptions
Instances of the following classes are ignored by this rule because close has no effect:
-
java.io.ByteArrayOutputStream -
java.io.ByteArrayInputStream -
java.io.CharArrayReader -
java.io.CharArrayWriter -
java.io.StringReader -
java.io.StringWriter
Java 7 introduced the try-with-resources statement, which implicitly closes Closeables. All resources opened in a try-with-resources
statement are ignored by this rule.
try (BufferedReader br = new BufferedReader(new FileReader(fileName))) {
//...
}
catch ( ... ) {
//...
}
See
- MITRE, CWE-459 - Incomplete Cleanup
- MITRE, CWE-772 - Missing Release of Resource after Effective Lifetime
- CERT, FIO04-J. - Release resources when they are no longer needed
- CERT, FIO42-C. - Close files when they are no longer needed
- Try With Resources
Change this "try" to a try-with-resources. Open
try {- Read upRead up
- Create a ticketCreate a ticket
- Exclude checks
Java 7 introduced the try-with-resources statement, which guarantees that the resource in question will be closed. Since the new syntax is closer
to bullet-proof, it should be preferred over the older try/catch/finally version.
This rule checks that close-able resources are opened in a try-with-resources statement.
Note that this rule is automatically disabled when the project's sonar.java.source is lower than 7.
Noncompliant Code Example
FileReader fr = null;
BufferedReader br = null;
try {
fr = new FileReader(fileName);
br = new BufferedReader(fr);
return br.readLine();
} catch (...) {
} finally {
if (br != null) {
try {
br.close();
} catch(IOException e){...}
}
if (fr != null ) {
try {
br.close();
} catch(IOException e){...}
}
}
Compliant Solution
try (
FileReader fr = new FileReader(fileName);
BufferedReader br = new BufferedReader(fr)
) {
return br.readLine();
}
catch (...) {}
or
try (BufferedReader br =
new BufferedReader(new FileReader(fileName))) { // no need to name intermediate resources if you don't want to
return br.readLine();
}
catch (...) {}
See
- CERT, ERR54-J. - Use a try-with-resources statement to safely handle closeable resources