Skip to content

Java: Ignore char array based closeables for CloseReader.ql and CloseWriter.ql#5868

Merged
aschackmull merged 5 commits intogithub:mainfrom
Marcono1234:marcono1234/ignore-not-closing-char-array-closeable
Jun 2, 2021
Merged

Java: Ignore char array based closeables for CloseReader.ql and CloseWriter.ql#5868
aschackmull merged 5 commits intogithub:mainfrom
Marcono1234:marcono1234/ignore-not-closing-char-array-closeable

Conversation

@Marcono1234
Copy link
Copy Markdown
Contributor

@Marcono1234 Marcono1234 commented May 10, 2021

Adds CharArrayReader and CharArrayWriter as safe closeables to reduce false positives.

@Marcono1234 Marcono1234 requested a review from a team as a code owner May 10, 2021 16:35
Marcono1234
Marcono1234 commented May 10, 2021
View reviewed changes
Comment thread java/ql/src/Likely Bugs/Resource Leaks/CloseReader.ql
@Marcono1234 Marcono1234 force-pushed the marcono1234/ignore-not-closing-char-array-closeable branch from 3d1969f to 8969da7 Compare May 11, 2021 17:32
@smowton
Copy link
Copy Markdown
Contributor

smowton commented May 13, 2021

Should note in the PR and/or a commit message: guessing you removed StringInputStream because that likely intended to refer to https://docs.aws.amazon.com/AWSJavaSDK/latest/javadoc/com/amazonaws/util/StringInputStream.html which is a subclass of ByteArrayInputStream in any case?

@Marcono1234
Copy link
Copy Markdown
Contributor Author

Marcono1234 commented May 14, 2021
edited
Loading

Ah, sorry I have mentioned it in #5868 (comment), but have already resolved that.
Neither the Git history indicates what that class is supposed to match nor did the qhelp file mention it. And doing a quick web search did not yield any results; though it looks like I missed the AWS class.

If you want I can split the removal into a separate commit, or edit the commit message. Which one do you prefer?

@smowton
Copy link
Copy Markdown
Contributor

smowton commented May 14, 2021

The safe option would be to leave it alone, if we're unsure what it was supposed to do.

@intrigus-lgtm
Copy link
Copy Markdown
Contributor

intrigus-lgtm commented May 14, 2021

This still needs a change-note.
Something like

lgtm,codescanning
* The 'Potential input resource leak' (java/input-resource-leak) and
'Potential output resource leak' (java/output-resource-leak) queries have been improved to produce fewer false positives.

@Marcono1234
Copy link
Copy Markdown
Contributor Author

Marcono1234 commented May 14, 2021
edited
Loading

The safe option would be to leave it alone, if we're unsure what it was supposed to do.

Added it back, but left a comment to explain why an unqualified name is used.

This still needs a change-note.
Something like

Thanks! I have used a slightly different wording, but I hope it is fine nonetheless.

smowton
smowton reviewed May 17, 2021
View reviewed changes
Copy link
Copy Markdown
Contributor

@smowton smowton left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Over to @aschackmull for final review

Comment thread java/change-notes/2021-05-14-close-resource-leaks-improvements.md Outdated
@smowton
Copy link
Copy Markdown
Contributor

smowton commented May 17, 2021

Oops, indeed US spelling is standard for this codebase

@aschackmull aschackmull merged commit 8e6dd51 into github:main Jun 2, 2021
@Marcono1234 Marcono1234 deleted the marcono1234/ignore-not-closing-char-array-closeable branch June 2, 2021 14:13
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

@smowton smowton smowton left review comments

@aschackmull aschackmull aschackmull approved these changes

Assignees

No one assigned

Labels

documentation Java

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

4 participants

@Marcono1234 @smowton @intrigus-lgtm @aschackmull