Merge pull request #213 from hyperwallet/feature/LI-38226_Resource_leak_causes_vulnerable_code_in_Request_class

akalichety-hw · web-flow · commit d1d5b6d0dc56 · 2024-04-30T10:40:43.000-07:00
closed connection to fix security bug.
diff --git a/src/main/java/com/hyperwallet/clientsdk/util/Request.java b/src/main/java/com/hyperwallet/clientsdk/util/Request.java
@@ -267,7 +267,11 @@ private BinaryResponse readBinaryResponse() throws IOException {
         } catch (IOException e) {
             response.setBinaryBody(getBinaryFromStream(connection.getErrorStream()));
         }
-        return response;
+        finally {
+            connection.getInputStream().close();
+            return response;
+        }
+
     }
 
     private byte[] getBinaryFromStream(final InputStream is) {

Original file line number	Diff line number	Diff line change
`@@ -267,7 +267,11 @@ private BinaryResponse readBinaryResponse() throws IOException {`
`267`	`267`	`} catch (IOException e) {`
`268`	`268`	`response.setBinaryBody(getBinaryFromStream(connection.getErrorStream()));`
`269`	`269`	`}`
`270`		`- return response;`
	`270`	`+ finally {`
	`271`	`+ connection.getInputStream().close();`
	`272`	`+ return response;`
	`273`	`+ }`
	`274`	`+`
`271`	`275`	`}`
`272`	`276`
`273`	`277`	`private byte[] getBinaryFromStream(final InputStream is) {`