Possible security risks flagged by Infer#

[jkuek]

Software versions
MySqlConnector version: 2.1.13
Server type (MySQL, MariaDB, Aurora, etc.) and version: Aurora Mysql 3.02
.NET version: 6.0
(Optional) ORM NuGet packages and versions:

Describe the bug
I run Infer# (https://github.com/microsoft/infersharp) over my solution to try to identify issues. It currently throws a number of errors relating to MySqlConnector

Exception

#0
/_/src/MySqlConnector/Core/SchemaProvider.cs:60: error: Pulse Resource Leak
  Resource dynamically allocated by constructor System.Data.DataColumn() on line 60 is not closed after the last access at line 60, column 3.

#1
/_/src/MySqlConnector/Core/SchemaProvider.cs:125: error: Pulse Resource Leak
  Resource dynamically allocated by constructor System.Data.DataColumn() on line 125 is not closed after the last access at line 125, column 3.

#2
/_/src/MySqlConnector/Core/SchemaProvider.cs:138: error: Pulse Resource Leak
  Resource dynamically allocated by constructor System.Data.DataColumn() on line 138 is not closed after the last access at line 138, column 3.

#3
/_/src/MySqlConnector/Core/SchemaProvider.cs:153: error: Pulse Resource Leak
  Resource dynamically allocated by constructor System.Data.DataColumn() on line 153 is not closed after the last access at line 153, column 3.

#4
/_/src/MySqlConnector/Core/SchemaProvider.cs:204: error: Pulse Resource Leak
  Resource dynamically allocated by constructor System.Data.DataColumn() on line 204 is not closed after the last access at line 204, column 3.

#5
/_/src/MySqlConnector/Core/SchemaProvider.cs:302: error: Pulse Resource Leak
  Resource dynamically allocated by constructor System.Data.DataColumn() on line 302 is not closed after the last access at line 302, column 3.

#6
/_/src/MySqlConnector/Core/SchemaProvider.cs:317: error: Pulse Resource Leak
  Resource dynamically allocated by constructor System.Data.DataColumn() on line 317 is not closed after the last access at line 317, column 3.

#7
/_/src/MySqlConnector/Core/SchemaProvider.cs:338: error: Pulse Resource Leak
  Resource dynamically allocated by constructor System.Data.DataColumn() on line 338 is not closed after the last access at line 338, column 3.

#8
/_/src/MySqlConnector/Core/SchemaProvider.cs:349: error: Pulse Resource Leak
  Resource dynamically allocated by constructor System.Data.DataColumn() on line 349 is not closed after the last access at line 349, column 3.

#9
/_/src/MySqlConnector/Core/SchemaProvider.cs:374: error: Pulse Resource Leak
  Resource dynamically allocated by constructor System.Data.DataColumn() on line 374 is not closed after the last access at line 374, column 3.

#10
/_/src/MySqlConnector/Core/SchemaProvider.cs:408: error: Pulse Resource Leak
  Resource dynamically allocated by constructor System.Data.DataColumn() on line 408 is not closed after the last access at line 408, column 3.

#11
/_/src/MySqlConnector/Core/SchemaProvider.cs:428: error: Pulse Resource Leak
  Resource dynamically allocated by constructor System.Data.DataColumn() on line 428 is not closed after the last access at line 428, column 3.

#12
/_/src/MySqlConnector/Core/SchemaProvider.cs:457: error: Pulse Resource Leak
  Resource dynamically allocated by constructor System.Data.DataColumn() on line 457 is not closed after the last access at line 457, column 3.

#13
/_/src/MySqlConnector/Core/SchemaProvider.cs:474: error: Pulse Resource Leak
  Resource dynamically allocated by constructor System.Data.DataColumn() on line 474 is not closed after the last access at line 474, column 3.

#14
/_/src/MySqlConnector/Core/SchemaProvider.cs:501: error: Pulse Resource Leak
  Resource dynamically allocated by constructor System.Data.DataColumn() on line 501 is not closed after the last access at line 501, column 3.

#15
/_/src/MySqlConnector/Core/SchemaProvider.cs:811: error: Pulse Resource Leak
  Resource dynamically allocated by constructor System.Data.DataColumn() on line 811 is not closed after the last access at line 811, column 3.

#16
/_/src/MySqlConnector/Core/SchemaProvider.cs:825: error: Pulse Resource Leak
  Resource dynamically allocated by constructor System.Data.DataColumn() on line 825 is not closed after the last access at line 825, column 3.

#17
/_/src/MySqlConnector/Core/SchemaProvider.cs:839: error: Pulse Resource Leak
  Resource dynamically allocated by constructor System.Data.DataColumn() on line 839 is not closed after the last access at line 839, column 3.

#18
/_/src/MySqlConnector/Core/SchemaProvider.cs:869: error: Pulse Resource Leak
  Resource dynamically allocated by constructor System.Data.DataColumn() on line 869 is not closed after the last access at line 869, column 3.

#19
/_/src/MySqlConnector/Core/SchemaProvider.cs:884: error: Pulse Resource Leak
  Resource dynamically allocated by constructor System.Data.DataColumn() on line 884 is not closed after the last access at line 884, column 3.

#20
/_/src/MySqlConnector/Core/SchemaProvider.cs:899: error: Pulse Resource Leak
  Resource dynamically allocated by constructor System.Data.DataColumn() on line 899 is not closed after the last access at line 899, column 3.

#21
/_/src/MySqlConnector/Core/SchemaProvider.cs:917: error: Pulse Resource Leak
  Resource dynamically allocated by constructor System.Data.DataColumn() on line 917 is not closed after the last access at line 917, column 3.

#22
/_/src/MySqlConnector/Core/SchemaProvider.cs:948: error: Pulse Resource Leak
  Resource dynamically allocated by constructor System.Data.DataColumn() on line 948 is not closed after the last access at line 948, column 3.

#23
/_/src/MySqlConnector/Core/SchemaProvider.cs:961: error: Pulse Resource Leak
  Resource dynamically allocated by constructor System.Data.DataColumn() on line 961 is not closed after the last access at line 961, column 3.

#24
/_/src/MySqlConnector/Core/ServerSession.cs:52: warning: Thread Safety Violation
  Read/Write race. Non-private method `ServerSession.get_ActiveCommandId()` reads without synchronization from `this.MySqlConnector.Core.ServerSession.<ActiveCommandId>k__BackingField`. Potentially races with write in method `ServerSession.FinishQuerying()`.
 Reporting because another access to the same memory occurs on a background thread, although this access may not.

#25
/_/src/MySqlConnector/Core/ServerSession.cs:79: warning: Thread Safety Violation
  Unprotected write. Non-private method `ServerSession.ReturnToPoolAsync(...)` writes to field `this.MySqlConnector.Core.ServerSession.m_logArguments.[_]` outside of synchronization.
 Reporting because another access to the same memory occurs on a background thread, although this access may not.

#26
/_/src/MySqlConnector/Core/ServerSession.cs:101: warning: Thread Safety Violation
  Read/Write race. Non-private method `ServerSession.TryStartCancel(...)` indirectly reads with synchronization from `this.MySqlConnector.Core.ServerSession.m_logArguments.[_]`. Potentially races with unsynchronized write in method `ServerSession.FinishQuerying()`.
 Reporting because this access may occur on a background thread.

#27
/_/src/MySqlConnector/Core/ServerSession.cs:120: warning: Thread Safety Violation
  Read/Write race. Non-private method `ServerSession.DoCancel(...)` reads with synchronization from `this.MySqlConnector.Core.ServerSession.m_logArguments.[_]`. Potentially races with unsynchronized write in method `ServerSession.FinishQuerying()`.
 Reporting because this access may occur on a background thread.

#28
/_/src/MySqlConnector/Core/ServerSession.cs:144: warning: Thread Safety Violation
  Read/Write race. Non-private method `ServerSession.get_IsCancelingQuery()` reads without synchronization from `this.MySqlConnector.Core.ServerSession.m_state`. Potentially races with write in method `ServerSession.TryStartCancel(...)`.
 Reporting because another access to the same memory occurs on a background thread, although this access may not.

#29
/_/src/MySqlConnector/Core/ServerSession.cs:293: warning: Thread Safety Violation
  Read/Write race. Non-private method `ServerSession.StartQuerying(...)` indirectly reads with synchronization from `this.MySqlConnector.Core.ServerSession.m_logArguments.[_]`. Potentially races with unsynchronized write in method `ServerSession.FinishQuerying()`.
 Reporting because this access may occur on a background thread.

#30
/_/src/MySqlConnector/Core/ServerSession.cs:303: warning: Thread Safety Violation
  Unprotected write. Non-private method `ServerSession.FinishQuerying()` writes to field `this.MySqlConnector.Core.ServerSession.m_logArguments.[_]` outside of synchronization.
 Reporting because this access may occur on a background thread.

#31
/_/src/MySqlConnector/Core/ServerSession.cs:324: warning: Thread Safety Violation
  Read/Write race. Non-private method `ServerSession.FinishQuerying()` indirectly reads with synchronization from `this.MySqlConnector.Core.ServerSession.m_logArguments.[_]`. Potentially races with unsynchronized write in method `ServerSession.FinishQuerying()`.
 Reporting because this access may occur on a background thread.

#32
/_/src/MySqlConnector/Core/ServerSession.cs:909: warning: Thread Safety Violation
  Read/Write race. Non-private method `ServerSession.ReceiveAsync(...)` indirectly reads with synchronization from `this.MySqlConnector.Core.ServerSession.m_logArguments.[_]`. Potentially races with unsynchronized write in method `ServerSession.FinishQuerying()`.
 Reporting because another access to the same memory occurs on a background thread, although this access may not.

#33
/_/src/MySqlConnector/Core/ServerSession.cs:935: warning: Thread Safety Violation
  Read/Write race. Non-private method `ServerSession.ReceiveReplyAsync(...)` indirectly reads with synchronization from `this.MySqlConnector.Core.ServerSession.m_logArguments.[_]`. Potentially races with unsynchronized write in method `ServerSession.FinishQuerying()`.
 Reporting because another access to the same memory occurs on a background thread, although this access may not.

#34
/_/src/MySqlConnector/Core/ServerSession.cs:935: error: Pulse Resource Leak
  Resource dynamically allocated by constructor MySqlConnector.Protocol.PayloadData() on line 931 is not closed after the last access at line 935, column 4.

#35
/_/src/MySqlConnector/Core/TypeMapper.cs:122: error: Null Dereference
  null (last assigned on line 122) is dereferenced.

#36
/_/src/MySqlConnector/MySqlConnection.cs:189: warning: Thread Safety Violation
  Read/Write race. Non-private method `MySqlConnection.EnlistTransaction(...)` indirectly reads without synchronization from `this.MySqlConnector.MySqlConnection.<CurrentTransaction>k__BackingField`. Potentially races with write in method `MySqlConnection.set_CurrentTransaction(...)`.
 Reporting because this access may occur on a background thread.

#37
/_/src/MySqlConnector/MySqlConnection.cs:199: warning: Thread Safety Violation
  Unprotected write. Non-private method `MySqlConnection.EnlistTransaction(...)` indirectly writes to field `this.MySqlConnector.MySqlConnection.m_cachedProcedures` outside of synchronization.
 Reporting because this access may occur on a background thread.

#38
/_/src/MySqlConnector/MySqlConnection.cs:204: warning: Thread Safety Violation
  Read/Write race. Non-private method `MySqlConnection.EnlistTransaction(...)` indirectly reads without synchronization from `this.MySqlConnector.MySqlConnection.m_connectionSettings`. Potentially races with write in method `MySqlConnection.BeginTransactionAsync(...)`.
 Reporting because this access may occur on a background thread.

#39
/_/src/MySqlConnector/MySqlConnection.cs:213: warning: Thread Safety Violation
  Read/Write race. Non-private method `MySqlConnection.EnlistTransaction(...)` reads with synchronization from `this.MySqlConnector.MySqlConnection.m_enlistedTransaction`. Potentially races with unsynchronized write in method `MySqlConnection.UnenlistTransaction()`.
 Reporting because this access may occur on a background thread.

#40
/_/src/MySqlConnector/MySqlConnection.cs:221: warning: Thread Safety Violation
  Read/Write race. Non-private method `MySqlConnection.UnenlistTransaction()` reads without synchronization from `this.MySqlConnector.MySqlConnection.m_enlistedTransaction`. Potentially races with write in method `MySqlConnection.UnenlistTransaction()`.
 Reporting because this access may occur on a background thread.

#41
/_/src/MySqlConnector/MySqlConnection.cs:222: warning: Thread Safety Violation
  Unprotected write. Non-private method `MySqlConnection.UnenlistTransaction()` writes to field `this.MySqlConnector.MySqlConnection.m_enlistedTransaction` outside of synchronization.
 Reporting because this access may occur on a background thread.

#42
/_/src/MySqlConnector/MySqlConnection.cs:229: error: Null Dereference
  `enlistedTransactions` could be null (last assigned on line 228) and is dereferenced.

#43
/_/src/MySqlConnector/MySqlConnection.cs:498: warning: Thread Safety Violation
  Read/Write race. Non-private method `MySqlConnection.get_Database()` reads without synchronization from `this.MySqlConnector.MySqlConnection.m_session`. Potentially races with write in method `MySqlConnection.EnlistTransaction(...)`.
 Reporting because another access to the same memory occurs on a background thread, although this access may not.

#44
/_/src/MySqlConnector/MySqlConnection.cs:504: warning: Thread Safety Violation
  Read/Write race. Non-private method `MySqlConnection.get_ServerVersion()` indirectly reads without synchronization from `this.MySqlConnector.MySqlConnection.m_session`. Potentially races with write in method `MySqlConnection.EnlistTransaction(...)`.
 Reporting because another access to the same memory occurs on a background thread, although this access may not.

#45
/_/src/MySqlConnector/MySqlConnection.cs:509: warning: Thread Safety Violation
  Read/Write race. Non-private method `MySqlConnection.get_ServerThread()` indirectly reads without synchronization from `this.MySqlConnector.MySqlConnection.m_session`. Potentially races with write in method `MySqlConnection.EnlistTransaction(...)`.
 Reporting because another access to the same memory occurs on a background thread, although this access may not.

#46
/_/src/MySqlConnector/MySqlConnection.cs:739: warning: Thread Safety Violation
  Read/Write race. Non-private method `MySqlConnection.get_Session()` reads without synchronization from `this.MySqlConnector.MySqlConnection.m_session`. Potentially races with write in method `MySqlConnection.EnlistTransaction(...)`.
 Reporting because another access to the same memory occurs on a background thread, although this access may not.

#47
/_/src/MySqlConnector/MySqlConnection.cs:745: warning: Thread Safety Violation
  Read/Write race. Non-private method `MySqlConnection.SetSessionFailed(...)` reads without synchronization from `this.MySqlConnector.MySqlConnection.m_session`. Potentially races with write in method `MySqlConnection.EnlistTransaction(...)`.
 Reporting because another access to the same memory occurs on a background thread, although this access may not.

#48
/_/src/MySqlConnector/MySqlConnection.cs:854: warning: Thread Safety Violation
  Read/Write race. Non-private method `MySqlConnection.get_IgnoreCommandTransaction()` reads without synchronization from `this.MySqlConnector.MySqlConnection.m_enlistedTransaction`. Potentially races with write in method `MySqlConnection.UnenlistTransaction()`.
 Reporting because another access to the same memory occurs on a background thread, although this access may not.

#49
/_/src/MySqlConnector/MySqlConnection.cs:865: warning: Thread Safety Violation
  Read/Write race. Non-private method `MySqlConnection.get_ActiveCommandId()` reads without synchronization from `this.MySqlConnector.MySqlConnection.m_session`. Potentially races with write in method `MySqlConnection.EnlistTransaction(...)`.
 Reporting because another access to the same memory occurs on a background thread, although this access may not.

#50
/_/src/MySqlConnector/MySqlConnection.cs:950: warning: Thread Safety Violation
  Read/Write race. Non-private method `MySqlConnection.get_SslIsEncrypted()` reads without synchronization from `this.MySqlConnector.MySqlConnection.m_session`. Potentially races with write in method `MySqlConnection.EnlistTransaction(...)`.
 Reporting because another access to the same memory occurs on a background thread, although this access may not.

#51
/_/src/MySqlConnector/MySqlConnection.cs:952: warning: Thread Safety Violation
  Read/Write race. Non-private method `MySqlConnection.get_SslIsSigned()` reads without synchronization from `this.MySqlConnector.MySqlConnection.m_session`. Potentially races with write in method `MySqlConnection.EnlistTransaction(...)`.
 Reporting because another access to the same memory occurs on a background thread, although this access may not.

#52
/_/src/MySqlConnector/MySqlConnection.cs:954: warning: Thread Safety Violation
  Read/Write race. Non-private method `MySqlConnection.get_SslIsAuthenticated()` reads without synchronization from `this.MySqlConnector.MySqlConnection.m_session`. Potentially races with write in method `MySqlConnection.EnlistTransaction(...)`.
 Reporting because another access to the same memory occurs on a background thread, although this access may not.

#53
/_/src/MySqlConnector/MySqlConnection.cs:956: warning: Thread Safety Violation
  Read/Write race. Non-private method `MySqlConnection.get_SslIsMutuallyAuthenticated()` reads without synchronization from `this.MySqlConnector.MySqlConnection.m_session`. Potentially races with write in method `MySqlConnection.EnlistTransaction(...)`.
 Reporting because another access to the same memory occurs on a background thread, although this access may not.

#54
/_/src/MySqlConnector/MySqlConnection.cs:958: warning: Thread Safety Violation
  Read/Write race. Non-private method `MySqlConnection.get_SslProtocol()` reads without synchronization from `this.MySqlConnector.MySqlConnection.m_session`. Potentially races with write in method `MySqlConnection.EnlistTransaction(...)`.
 Reporting because another access to the same memory occurs on a background thread, although this access may not.

#55
/_/src/MySqlConnector/MySqlDataAdapter.cs:27: error: Pulse Resource Leak
  Resource dynamically allocated by constructor MySqlConnector.MySqlConnection() on line 27 is not closed after the last access at line 27, column 5.

#56
/_/src/MySqlConnector/MySqlDbColumn.cs:52: error: Null Dereference
  `columnTypeMetadata` could be null (from the call to `TypeMapper.GetColumnTypeMetadata(...)` on line 50) and is dereferenced.

Full exception message and call stack (if applicable)

Code sample
I'm building on Azure Pipelines but it shouldn't make any difference.
Here's the snippet from my build pipeline YAML that runs Infer#:

      curl -o run_infersharp.sh https://raw.githubusercontent.com/microsoft/infersharpaction/v1.4/run_infersharp_ci.sh
      curl -o .inferconfig https://raw.githubusercontent.com/microsoft/infersharp/v1.4/.inferconfig
      chmod +x run_infersharp.sh
      ./run_infersharp.sh $(System.ArtifactsDirectory)

Expected behavior
No issues thrown during static analyis

Additional context

[bgrainger]

I ran Infer# a long time ago and it seemed like most of the findings were false positives. I didn't annotate the source code to suppress the warnings.

You're welcome to open an issue (or a PR to fix it!) for specific items that you've manually reviewed and determined are true problems, but a raw dump of tool output against an older version of the code isn't helpful. (One issue per bug, please.)

If, for some reason, you're running Infer# against MySqlConnector's source code during your solution's build, I suggest just ignoring that particular folder.