Detecting Connection not closed in java code using PMD maven New ruleset
A source code analyzer
Brought to you by:
adangel,
juansotuyo
I am trying to use maven pmd plugin to detect all the connection leaks across the project.We close the connection using BaseSqlUtl.close, so somehow if we can use PMD to find that whosoever has opened connection has used this method to close, we can detect connection leaks. As we are using customized classes for closing connection , I created a rule set changes highlighted with ** in the following ruleset.xml.
<?xml version="1.0"?>
<ruleset name="Design" xmlns="http://pmd.sourceforge.net/ruleset/2.0.0" xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xsi:schemaLocation="http://pmd.sourceforge.net/ruleset/2.0.0 <a href=" http:="" pmd.sourceforge.net="" ruleset_2_0_0.xsd"="">http://pmd.sourceforge.net/ruleset_2_0_0.xsd">
<description>
The Design ruleset contains rules that flag suboptimal code implementations. Alternate approaches
are suggested.
</description>
<rule name="CloseResource" since="1.2.2" message="Ensure that resources like this {0} object are closed after use" class="net.sourceforge.pmd.lang.java.rule.design.CloseResourceRule" externalInfoUrl="http://pmd.sourceforge.net/pmd-5.0.5/rules/java/design.html#CloseResource">
<description>
Ensure that resources (like Connection, Statement, and ResultSet objects) are always closed after use.
</description>
<priority>3</priority>
<properties>
<property name="types" value="Connection,Statement,ResultSet"/>
<property name="closeTargets" value="closeStatementQuietly,closeResultSetQuietly,commitAndCloseQuietly,rollbackAndCloseQuietly,closeQuietly,sqlUtil.closeQuietly,resetAndCloseQuietly"/>
</properties>
<example>
<![CDATA
public class Bar {
public void foo() {
Connection c = pool.getConnection();
try {
// do stuff
} catch (SQLException ex) {
// handle exception
} finally {
// oops, should close the connection using 'close'!
// c.close();
}
}
}]>
</example>
</rule>
</ruleset>
Now this is still giving me false alarms for methods like sqlUtil.closeQuietly(conn);
The code snippet for which it gave false alarm is:
try{ Connection conn = factory.getDBConnection(); //Some logic } catch{ //Some logic } finally { sqlUtil.closeQuietly(conn); }I tried referring to the similar question asked but could not be of help on this specific scenario:
http://stackoverflow.com/questions/22803409/identifying-connection-not-closed-in-java-code-using-pmd
could anyone please help??
Last edit: Neha Gautam 2017-04-24