Skip to content

Handle Leak of ReadableJsonConfigurationProvider in FromStdInStrategy class #59260

New issue
New issue
Closed
#59959
Closed
Handle Leak of ReadableJsonConfigurationProvider in FromStdInStrategy class#59260
#59959
Labels
area-commandlinetoolsIncludes: Command line tools, dotnet-dev-certs, dotnet-user-jwts, and OpenAPI
Milestone
11.0-preview1
@Anchels

Description

@Anchels
Anchels
opened on Dec 2, 2024

I analyzed the ASP .NET Core code using the Svace static analyzer. It has found a HANDLE_LEAK category error with the following message:

new ReadableJsonConfigurationProvider() is not disposed at the end of the function

in method Execute(CommandContext context). Here's a source code:

aspnetcore/src/Tools/dotnet-user-secrets/src/Internal/SetCommand.cs

Lines 61 to 84 in d088530

public void Execute(CommandContext context)
{
// parses stdin with the same parser that Microsoft.Extensions.Configuration.Json would use
var provider = new ReadableJsonConfigurationProvider();
using (var stream = new MemoryStream())
{
using (var writer = new StreamWriter(stream, Encoding.Unicode, 1024, true))
{
writer.Write(context.Console.In.ReadToEnd()); // TODO buffer?
}
stream.Seek(0, SeekOrigin.Begin);
provider.Load(stream);
}
foreach (var k in provider.CurrentData)
{
context.SecretStore.Set(k.Key, k.Value);
}
context.Reporter.Output(Resources.FormatMessage_Saved_Secrets(provider.CurrentData.Count));
context.SecretStore.Save();
}

An instance of the ReadableJsonConfigurationProvider class is created and can be disposed of.

What about adjusting this method to ensure proper disposal with a using statement?
Like this:

            using var provider = new ReadableJsonConfigurationProvider();

Found by Linux Verification Center (linuxtesting.org) with SVACE.
Reporter: Aleksey Kolosov ([email protected]).
Organization: [email protected]

Metadata

Metadata

Assignees

No one assigned

    Labels

    area-commandlinetoolsIncludes: Command line tools, dotnet-dev-certs, dotnet-user-jwts, and OpenAPI

    Type

    No type

    Projects

    No projects

    Milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions