我正在尝试使用fortify来查看代码的漏洞。该报告说,我有一个问题,说“该函数有时无法释放由分配的数据库资源”。这是代码,以及问题所在的行。我试图在finally块中关闭连接,但无法解决问题。该如何解决?
private AnotherService anotherService;
private void create() {
Connection conn = null;
try {
conn = getCon(); // With fortify, there's an issue which said "the function sometimes fails to release a database resource allocated by", and it refers to this line
conn.setAutoCommit(false);
anotherService.myFunction(conn);
// the conn.commit() is inside anotherService, because I have to make one connection
// rest of code
} catch (Exception e) {
e.printStackTrace;
if (null != conn) {
conn.rollback();
}
} finally {
if (null != conn) {
conn.close();
}
}
}
private static Connection getCon() {
Connection connection = null;
try {
Class.forName("org.postgresql.Driver");
connection = DriverManager.getConnection(
"jdbc:postgresql://localhost:5432/dbname",
"username",
"password");
} catch (ClassNotFoundException e) {
e.printStackTrace();
} catch (SQLException e) {
e.printStackTrace();
}
return connection;
}
添加:
如果我使用try-with-resource(例如try (Connection conn = getCon())来自动关闭内容,如果发生任何异常,如何在catch块中调用conn.rollback()?由于conn变量在try-with-resources内部声明。
答案 0 :(得分:0)
好吧,我解决了我的问题,如本link所述,close方法应该在finally块的try-catch内部调用。
万一链接断开,这是我用来解决问题的代码:
<VirtualHost 172.10.10.150:8080>
ServerName booking.example.com
DocumentRoot /var/www/booking.example.com/public_html
<Directory /var/www/booking.example.com/public_html>
Options -Indexes +FollowSymLinks
AllowOverride All
</Directory>
ErrorLog /var/log/httpd/booking.example.com-error.log
CustomLog /var/log/httpd/booking.example.com-access.log combined