Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Handle Leak of ReadableJsonConfigurationProvider in FromStdInStrategy class #59260

Open
Anchels opened this issue Dec 2, 2024 · 0 comments · May be fixed by #59959
Open

Handle Leak of ReadableJsonConfigurationProvider in FromStdInStrategy class #59260

Anchels opened this issue Dec 2, 2024 · 0 comments · May be fixed by #59959
Labels
area-commandlinetools Includes: Command line tools, dotnet-dev-certs, dotnet-user-jwts, and OpenAPI

Comments

@Anchels
Copy link

Anchels commented Dec 2, 2024
edited
Loading

I analyzed the ASP .NET Core code using the Svace static analyzer. It has found a HANDLE_LEAK category error with the following message:

new ReadableJsonConfigurationProvider() is not disposed at the end of the function

in method Execute(CommandContext context). Here's a source code:

aspnetcore/src/Tools/dotnet-user-secrets/src/Internal/SetCommand.cs

Lines 61 to 84 in d088530

public void Execute(CommandContext context)
{
// parses stdin with the same parser that Microsoft.Extensions.Configuration.Json would use
var provider = new ReadableJsonConfigurationProvider();
using (var stream = new MemoryStream())
{
using (var writer = new StreamWriter(stream, Encoding.Unicode, 1024, true))
{
writer.Write(context.Console.In.ReadToEnd()); // TODO buffer?
}
stream.Seek(0, SeekOrigin.Begin);
provider.Load(stream);
}
foreach (var k in provider.CurrentData)
{
context.SecretStore.Set(k.Key, k.Value);
}
context.Reporter.Output(Resources.FormatMessage_Saved_Secrets(provider.CurrentData.Count));
context.SecretStore.Save();
}

An instance of the ReadableJsonConfigurationProvider class is created and can be disposed of.

What about adjusting this method to ensure proper disposal with a using statement?
Like this:

            using var provider = new ReadableJsonConfigurationProvider();

Found by Linux Verification Center (linuxtesting.org) with SVACE.
Reporter: Aleksey Kolosov ([email protected]).
Organization: [email protected]
@dotnet-issue-labeler dotnet-issue-labeler bot added the needs-area-label Used by the dotnet-issue-labeler to label those issues which couldn't be triaged automatically label Dec 2, 2024
@martincostello martincostello added area-commandlinetools Includes: Command line tools, dotnet-dev-certs, dotnet-user-jwts, and OpenAPI and removed needs-area-label Used by the dotnet-issue-labeler to label those issues which couldn't be triaged automatically labels Dec 2, 2024
@Anchels Anchels linked a pull request Jan 20, 2025 that will close this issue
Open
4 tasks
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
area-commandlinetools Includes: Command line tools, dotnet-dev-certs, dotnet-user-jwts, and OpenAPI
Projects
None yet
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

Fix Handle Leak of ReadableJsonConfigurationProvider in FromStdInStrategy class Anchels/aspnetcore
2 participants
@martincostello @Anchels