Titanium SDK/CLI (TIMOB)

[TIMOB-27947] Android: Close InputStream and BufferedStream in TiLocation

GitHub Issue	n/a
Type	Story
Priority	None
Status	Open
Resolution	Unresolved
Affected Version/s	Release 8.3.1, Release 9.0.2, Release 9.1.0
Fix Version/s	n/a
Components	Android
Labels	n/a
Reporter	Ewan Harris
Assignee	Gary Mathews
Created	2020-06-08T17:15:54.000+0000
Updated	2020-06-09T00:47:14.000+0000

Description

Description

In [TiLocation.java](https://github.com/appcelerator/titanium_mobile/blob/master/android/modules/geolocation/src/java/ti/modules/titanium/geolocation/TiLocation.java#L231-L232) we need to close the InputStream and BufferedReader. Some security scans flag this as an issue 8_3_X: code reference https://github.com/appcelerator/titanium_mobile/blob/8_3_X/android/modules/geolocation/src/java/ti/modules/titanium/geolocation/TiLocation.java#L232

Comments

Joshua Quick 2020-06-09

I would consider this a false-positive. We call the HTTP "connection" object's disconnect() method in the finally block. The disconnect() method will close the input/output streams for us... or put the connection back into the "pool" to be re-used for the next HTTP connection to the same end-point. https://developer.android.com/reference/kotlin/java/net/HttpURLConnection