=== relates to: S5485

=== is related to: S3546

=== is related to: S2930

=== on 2 Feb 2015, 14:28:37 Sébastien Gioria wrote:
Could be tag 

* OWASP Top10 2013 A5 (Denial Of Service fall mostly in this category because finishing most the time in stacktrace of the JavaVM. )
* CERT Secure Coding FIO04-J


=== on 4 Feb 2015, 13:11:12 Ann Campbell wrote:
Thanks for the CERT reference [~sebastien.gioria], but I don't understand the OWASP tie.

=== on 11 Feb 2015, 23:02:32 Freddy Mallet wrote:
This one can lead to a denial of service.

=== on 24 Apr 2015, 07:55:03 Michael Gumowski wrote:
As for the moment we are not making cross-file or cross-method analysis (it is planned), we are not able to tell if it is the responsibility of the method to close a Closeable/AutoCloseable retrieved using method invocation. There is no existing annotation neither which would provide the information. I changed the non-compliant example and compliant solution to something that we can actually detect.

=== on 11 Jun 2015, 18:57:32 Ann Campbell wrote:
\[~michael.gumowski], would it be appropriate to map this rule to the CodePro rule https://developers.google.com/java-dev-tools/codepro/doc/features/audit/audit_rules_com.instantiations.assist.eclipse.auditGroup.possibleErrors#com.instantiations.assist.eclipse.audit.closeInFinally[Close In Finally]?


I'm asking first for an answer based on the current implementation.

And if that answer's "no" my second question is whether we should go ahead & do the mapping & extend the implementation.


As a followup, there is also this CodePro rule: https://developers.google.com/java-dev-tools/codepro/doc/features/audit/audit_rules_com.instantiations.assist.eclipse.auditGroup.jdbc#com.instantiations.assist.eclipse.audit.closeOrder[Close Order]

=== on 17 Jun 2015, 14:18:04 Ann Campbell wrote:
CodePro: Close In Finally