From 370badf9d327a1977199fddc274d89c7f22b2a4d Mon Sep 17 00:00:00 2001 From: Kamidu Sachith Date: Thu, 28 Jan 2016 18:58:24 +0530 Subject: [PATCH] Preventing infromation leakage --- .../mgt/core/dao/impl/AbstractDeviceDAOImpl.java | 15 +++++++++------ .../mgt/core/dao/impl/ApplicationDAOImpl.java | 5 +++-- 2 files changed, 12 insertions(+), 8 deletions(-) diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/dao/impl/AbstractDeviceDAOImpl.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/dao/impl/AbstractDeviceDAOImpl.java index a41b2c8054..5b9fe78f4b 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/dao/impl/AbstractDeviceDAOImpl.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/dao/impl/AbstractDeviceDAOImpl.java @@ -299,6 +299,7 @@ public abstract class AbstractDeviceDAOImpl implements DeviceDAO { public List getDevicesOfUser(String username, int tenantId) throws DeviceManagementDAOException { Connection conn; PreparedStatement stmt = null; + ResultSet rs = null; List devices = new ArrayList<>(); try { conn = this.getConnection(); @@ -311,7 +312,7 @@ public abstract class AbstractDeviceDAOImpl implements DeviceDAO { stmt = conn.prepareStatement(sql); stmt.setInt(1, tenantId); stmt.setString(2, username); - ResultSet rs = stmt.executeQuery(); + rs = stmt.executeQuery(); while (rs.next()) { Device device = DeviceManagementDAOUtil.loadDevice(rs); @@ -321,7 +322,7 @@ public abstract class AbstractDeviceDAOImpl implements DeviceDAO { throw new DeviceManagementDAOException("Error occurred while fetching the list of devices belongs to '" + username + "'", e); } finally { - DeviceManagementDAOUtil.cleanupResources(stmt, null); + DeviceManagementDAOUtil.cleanupResources(stmt, rs); } return devices; } @@ -594,6 +595,7 @@ public abstract class AbstractDeviceDAOImpl implements DeviceDAO { Connection conn; PreparedStatement stmt = null; List devices = new ArrayList<>(); + ResultSet rs = null; try { conn = this.getConnection(); String sql = "SELECT d1.ID AS DEVICE_ID, d1.DESCRIPTION, d1.NAME AS DEVICE_NAME, d1.DEVICE_TYPE, " + @@ -606,7 +608,7 @@ public abstract class AbstractDeviceDAOImpl implements DeviceDAO { stmt.setString(1, deviceName + "%"); stmt.setInt(2, tenantId); stmt.setInt(3, tenantId); - ResultSet rs = stmt.executeQuery(); + rs = stmt.executeQuery(); while (rs.next()) { Device device = DeviceManagementDAOUtil.loadDevice(rs); @@ -616,7 +618,7 @@ public abstract class AbstractDeviceDAOImpl implements DeviceDAO { throw new DeviceManagementDAOException("Error occurred while fetching the list of devices that matches " + "'" + deviceName + "'", e); } finally { - DeviceManagementDAOUtil.cleanupResources(stmt, null); + DeviceManagementDAOUtil.cleanupResources(stmt, rs); } return devices; } @@ -823,6 +825,7 @@ public abstract class AbstractDeviceDAOImpl implements DeviceDAO { throws DeviceManagementDAOException { Connection conn; PreparedStatement stmt = null; + ResultSet rs = null; List devices = new ArrayList<>(); try { conn = this.getConnection(); @@ -836,7 +839,7 @@ public abstract class AbstractDeviceDAOImpl implements DeviceDAO { stmt.setInt(1, tenantId); stmt.setString(2, status.toString()); stmt.setInt(3, tenantId); - ResultSet rs = stmt.executeQuery(); + rs = stmt.executeQuery(); while (rs.next()) { Device device = DeviceManagementDAOUtil.loadDevice(rs); @@ -846,7 +849,7 @@ public abstract class AbstractDeviceDAOImpl implements DeviceDAO { throw new DeviceManagementDAOException("Error occurred while fetching the list of devices that matches to status " + "'" + status + "'", e); } finally { - DeviceManagementDAOUtil.cleanupResources(stmt, null); + DeviceManagementDAOUtil.cleanupResources(stmt, rs); } return devices; } diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/dao/impl/ApplicationDAOImpl.java b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/dao/impl/ApplicationDAOImpl.java index 290ddacf1f..e20f152933 100644 --- a/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/dao/impl/ApplicationDAOImpl.java +++ b/components/device-mgt/org.wso2.carbon.device.mgt.core/src/main/java/org/wso2/carbon/device/mgt/core/dao/impl/ApplicationDAOImpl.java @@ -234,6 +234,7 @@ public class ApplicationDAOImpl implements ApplicationDAO { PreparedStatement stmt = null; List applications = new ArrayList<>(); Application application; + ResultSet rs = null; try { conn = this.getConnection(); stmt = conn.prepareStatement("Select ID, NAME, APP_IDENTIFIER, PLATFORM, CATEGORY, VERSION, TYPE, " + @@ -244,7 +245,7 @@ public class ApplicationDAOImpl implements ApplicationDAO { "app.ID = APPMAP.APPLICATION_ID "); stmt.setInt(1, deviceId); - ResultSet rs = stmt.executeQuery(); + rs = stmt.executeQuery(); while (rs.next()) { application = loadApplication(rs); @@ -254,7 +255,7 @@ public class ApplicationDAOImpl implements ApplicationDAO { throw new DeviceManagementDAOException("SQL Error occurred while retrieving the list of Applications " + "installed in device id '" + deviceId, e); } finally { - DeviceManagementDAOUtil.cleanupResources(stmt, null); + DeviceManagementDAOUtil.cleanupResources(stmt, rs); } return applications; }