java删除文件后如何释放资源?
我编写代码来删除文件,就像:
File logFile = new File(fileName);
deleteSuccess = logFile.delete();
但是 Veracode:给我一些有关资源未释放的警告。我想知道删除文件后如何释放资源。
Veracode 错误如下
Veracode:
描述
应用程序在系统资源可供重用之前无法释放(或错误地释放)系统资源。这种情况通常发生在数据库连接或文件句柄等资源上。大多数未释放的资源问题会导致一般的软件可靠性问题,但如果攻击者能够故意触发资源泄漏,则有可能通过耗尽资源池来发起拒绝服务攻击。
建议 创建或分配资源时,开发人员负责正确释放资源并考虑所有潜在的过期或失效路径。确保所有代码路径正确释放资源。
I write code to delete a file, just like:
File logFile = new File(fileName);
deleteSuccess = logFile.delete();
But the Veracode: give me some warning about the resource is not released. I want to know how to release the resource after delete a file.
The Veracode error is like follows
Veracode:
Description
The application fails to release (or incorrectly releases) a system resource before it is made available for re-use. This condition often occurs with resources such as database connections or file handles. Most unreleased resource issues result in general software reliability problems, but if an attacker can intentionally trigger a resource leak, it may be possible to launch a denial of service attack by depleting the resource pool.
Recommendations
When a resource is created or allocated, the developer is responsible for properly releasing the resource as well as accounting for all potential paths of expiration or invalidation. Ensure that all code paths properly release resources.
如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。
绑定邮箱获取回复消息
由于您还没有绑定你的真实邮箱,如果其他用户或者作者回复了您的评论,将不能在第一时间通知您!
发布评论
评论(2)
你确定这是你的全部代码吗?因为它没有任何问题。 File 对象只是文件名的包装,没有为其分配资源。删除方法也只调用适当的操作系统函数,之后不需要任何清理。
您需要关闭的是从文件派生的流(但您似乎没有任何流)。
Are you sure that is your whole code? Because there is nothing wrong with it. The File object is just a wrapper around the file name, there are no resources allocated for it. The delete method also just calls the appropriate OS function and does not require any cleanup afterwards.
What you need to close are streams derived from the File (but you do not seem to have any).
一旦删除操作成功,您可以尝试显式地使
File对象无效(如果需要,请检查返回的布尔值,但如果删除操作失败,我不知道您的意图)。至少这样,您可以确信对File对象的引用会丢失,因此所有相关对象也有资格进行垃圾回收。如果 VercaCode 继续将此标记为警告,我认为您有理由忽略此问题。
虽然建议的更改不会增加任何价值,特别是如果 File 对象超出范围后有资格进行垃圾回收,但如果您热衷于摆脱此警告,则可以采用这种做法。
You could attempt to explicitly nullify the
Fileobject once the delete operation has succeeded (check the boolean value returned, if necessary, but then I don't know about your intentions if the delete operation fails). Atleast that way, you could be assured of the fact that the reference to theFileobject is lost, and hence all related objects are also eligible for garbage collection.If VercaCode continues to flag this as a warning, I presume you could be justified in ignoring this issue.
While the suggested change does not add any value, especially if the File object is eligible for garbage collection once it is out of scope, you could adopt this practice if you are keen on getting rid of this warning.