Second wave of security fixes

Alerts 236, 235, 234, 233, 231, 230, 229, 228, 227 and 226

Author: tomas-sexenian

android/src/main/java/com/genexus/PrivateUtilities.java

@@ -1004,11 +1004,9 @@ class ReadProperties implements Runnable
 
 		public void run()
 		{
-			try
+			try (FileInputStream in = new FileInputStream(fileName);)
 			{
-	    		FileInputStream in = new FileInputStream(fileName);
     			props.load(new BufferedInputStream(in));
-    			in.close();
 			}
 			catch (IOException e)
 			{

common/src/main/java/com/genexus/diagnostics/GXDebugManager.java

@@ -565,8 +565,9 @@ class ESCAPE
 
         static GXDebugStream getStream(String fileName) throws IOException
         {
-            FileOutputStream stream = new FileOutputStream(fileName, true);
-            return new GXDebugStream(new BufferedOutputStream(stream), stream.getChannel());
+            try (FileOutputStream stream = new FileOutputStream(fileName, true)){
+				return new GXDebugStream(new BufferedOutputStream(stream), stream.getChannel());
+			}
         }
 
         private GXDebugStream(OutputStream stream, FileChannel channel) throws IOException

gxoffice/src/main/java/com/genexus/gxoffice/ExcelDoc.java

@@ -86,9 +86,7 @@ public void checkExcelDocument() {
 	}
 
 	private boolean isXlsx(String fileName) throws Throwable {
-		try {
-			GXFile file = new GXFile(fileName);
-			java.io.InputStream is = new BufferedInputStream(file.getStream());
+		try (java.io.InputStream is = new BufferedInputStream(new GXFile(fileName).getStream());) {
 			boolean isXlsx = FileMagic.valueOf(is) == FileMagic.OOXML;
 			is.close();
 			return isXlsx;

gxoffice/src/main/java/com/genexus/msoffice/excel/poi/xssf/ExcelSpreadsheet.java

@@ -3,6 +3,7 @@
 import java.io.ByteArrayInputStream;
 import java.io.ByteArrayOutputStream;
 import java.io.IOException;
+import java.io.InputStream;
 import java.util.ArrayList;
 import java.util.List;
 
@@ -44,21 +45,25 @@ public ExcelSpreadsheet(IGXError errHandler, String fileName, String template) t
             fileName += ".xlsx";
         }
 
-        if (!template.equals("")) {
-            GXFile templateFile = new GXFile(template);
-            if (templateFile.exists()) {
-                _workbook = new XSSFWorkbook(templateFile.getStream());
-            } else {
-                throw new ExcelTemplateNotFoundException();
-            }
-        } else {
-			GXFile file = new GXFile(fileName, Constants.EXTERNAL_PRIVATE_UPLOAD);
-			if (file.exists()) {
-				_workbook = new XSSFWorkbook(file.getStream());
+		InputStream is = null;
+        try {
+			if (!template.equals("")) {
+				GXFile templateFile = new GXFile(template);
+				if (templateFile.exists()) {
+					is = templateFile.getStream();
+					_workbook = new XSSFWorkbook();
+				} else {
+					throw new ExcelTemplateNotFoundException();
+				}
 			} else {
-				_workbook = new XSSFWorkbook();
+				GXFile file = new GXFile(fileName, Constants.EXTERNAL_PRIVATE_UPLOAD);
+				if (file.exists()) {
+					_workbook = new XSSFWorkbook(file.getStream());
+				} else {
+					_workbook = new XSSFWorkbook();
+				}
 			}
-        }
+		} finally { if (is != null) is.close(); }
 
         _documentFileName = fileName;
 

java/src/main/java/com/genexus/PrivateUtilities.java

@@ -1216,11 +1216,9 @@ class ReadProperties implements Runnable
 
 		public void run()
 		{
-			try
+			try (FileInputStream in = new FileInputStream(fileName);)
 			{
-	    		FileInputStream in = new FileInputStream(fileName);
     			props.load(new BufferedInputStream(in));
-    			in.close();
 			}
 			catch (IOException e)
 			{

java/src/main/java/com/genexus/Version.java

@@ -1,6 +1,8 @@
 package com.genexus;
 
 import org.apache.logging.log4j.Logger;
+
+import java.io.IOException;
 import java.util.jar.*;
 
 public class Version
@@ -10,16 +12,19 @@ public class Version
 	public static final String getFullVersion()
 	{
 		String version = "";
+		JarInputStream jarStream = null;
 		try {
 			String path = com.genexus.Application.class.getProtectionDomain().getCodeSource().getLocation().getPath();
 			String decodedPath = java.net.URLDecoder.decode(path, "UTF-8");
-			JarInputStream jarStream = new JarInputStream(new java.io.FileInputStream(decodedPath));
+			jarStream = new JarInputStream(new java.io.FileInputStream(decodedPath));
 			Manifest mf = jarStream.getManifest();
 			Attributes attributes = mf.getMainAttributes();
 			version = attributes.getValue("Build-Label");
 		}
 		catch (Exception e) {
 			log.debug("Could not get Build-Label information");
+		} finally {
+			try{ if (jarStream != null) jarStream.close(); } catch (IOException ioe) { log.debug("Could not close jar input stream"); }
 		}
 
 		return version;

java/src/main/java/com/genexus/reports/GXReportText.java

@@ -158,10 +158,9 @@ public void close()
 				}
 				else
 				{
-					try
+					try (FileInputStream fInput = new FileInputStream(fileName))
 					{
 						PrintService ps = getDefaultPrinter();
-						FileInputStream fInput = new FileInputStream(fileName);
 						DocFlavor flavor = DocFlavor.INPUT_STREAM.AUTOSENSE;
 						DocPrintJob pj = ps.createPrintJob();
 						Doc doc = new SimpleDoc(fInput, flavor, null);			
@@ -174,7 +173,11 @@ public void close()
 					catch (PrintException e) 
 					{
 						System.out.println("Error printing report " + fileName + " " + e.getMessage());
-					}					
+					}
+					catch (IOException ioe)
+					{
+						System.out.println("Error opening file input stream of file " + fileName + " " + ioe.getMessage());
+					}
 				}
 			}				
 		}

java/src/main/java/com/genexus/specific/java/HttpClient.java

@@ -1,12 +1,14 @@
 package com.genexus.specific.java;
 
+import java.io.InputStream;
 import java.util.Hashtable;
 
 import com.genexus.CommonUtil;
 import com.genexus.common.interfaces.IExtensionHttpClient;
 import com.genexus.common.interfaces.SpecificImplementation;
 import com.genexus.internet.HttpClientJavaLib;
 import com.genexus.internet.HttpClientManual;
+import com.genexus.util.Base64;
 
 import javax.net.ssl.SSLSocket;
 
@@ -48,9 +50,9 @@ private com.genexus.internet.IHttpClient useHttpClientOldImplementation() {
 	@Override
 	public com.genexus.internet.IHttpClient initHttpClientImpl() {
 		com.genexus.internet.IHttpClient client = null;
-		try {
+		try (InputStream is = com.genexus.ResourceReader.getResourceAsStream("useoldhttpclient.txt")){
 
-			if (com.genexus.ResourceReader.getResourceAsStream("useoldhttpclient.txt") == null) {
+			if (is == null) {
 				Class.forName("org.apache.http.impl.conn.PoolingHttpClientConnectionManager");    // httpclient-4.5.14.jar dectected by reflection
 				client = new HttpClientJavaLib();
 			} else

java/src/main/java/com/genexus/webpanels/WebUtils.java

@@ -444,9 +444,8 @@ private static InputStream getInputStreamFile(Class<?> gxAppClass, String fileNa
 
 	public static void getGXApplicationClasses(Class<?> gxAppClass, Set<Class<?>> rrcs) 
 	{
-		try 
+		try (InputStream is = getInputStreamFile(gxAppClass, gxApplicationClassesFileName);)
 		{
-			InputStream is = getInputStreamFile(gxAppClass, gxApplicationClassesFileName);
 			BufferedReader input = new BufferedReader(new InputStreamReader(is, "UTF8"));
 			String restClass = input.readLine();
 			while (restClass != null) 

wrapperjavax/src/main/java/com/genexus/ws/RestReaderInterceptor.java

@@ -13,11 +13,11 @@ public class RestReaderInterceptor implements ReaderInterceptor {
 
 	@Override
 	public Object aroundReadFrom(ReaderInterceptorContext context) throws IOException, WebApplicationException {
-		InputStream is = context.getInputStream();
+		try (InputStream is = context.getInputStream()){
+			InputStream isBody = com.genexus.WrapperUtils.storeRestRequestBody(is);
 
-		InputStream isBody = com.genexus.WrapperUtils.storeRestRequestBody(is);
-
-		context.setInputStream(isBody);
-		return context.proceed();
+			context.setInputStream(isBody);
+			return context.proceed();
+		}
 	}
 }