RLK.JNDI

RLK (Resource Leak) issues are reported when resources are allocated but not properly disposed after use. Failing to properly dispose a resource can lead to such problems as:

too many files being open
an application not being able to access a temporary file when it is needed

An RLK.JNDI warning indicates that a JNDI context is not closed on exit.

Vulnerability and risk

Resources such as streams, connections and graphic objects must be explicitly closed. The close operation can unblock transactions or flush file changes in the file system. While a resource will eventually be closed by the garbage collector, resource exhaustion can occur before garbage collection starts. Depending on the nature of the resource, various exceptions will be thrown on a failed attempt to allocate another resource, for example: java.io.FileNotFoundException: Too many open files or too many database connections.

Mitigation and prevention

Explicitly close all resources that have the close method, even those that you think are not doing anything significant. Future code changes will then be safe from such errors.

Example 1

Copy

25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
     public NamingEnumeration<SearchResult> search(final String providerURL,
                                                   final String name,
                                                   final String filter,
                                                   final SearchControls cons) {
         try {
             Hashtable environment = new Hashtable();
             environment.put(INITIAL_CONTEXT_FACTORY, INITIAL_CONTEXT_FACTORY);
             environment.put(Context.PROVIDER_URL, providerURL);
             environment.put(Context.SECURITY_AUTHENTICATION, SECURITY_AUTHENTICATION);
             InitialLdapContext context = new InitialLdapContext(environment, null);
 
             NamingEnumeration<SearchResult> result = context.search(name, filter, cons);  // Resource allocated
             return result;
         } catch (NamingException e) {
             System.err.println("LDAP search failed: " + e.getMessage());
         }
         return null;
     }

RLK.JNDI is reported for the snippet on line 34: JNDI context 'context' is not closed on exit.

Example 2

Copy

25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
     public NamingEnumeration<SearchResult> search(final String providerURL,
                                                   final String name,
                                                   final String filter,
                                                   final SearchControls cons) {
         try {
             Hashtable environment = new Hashtable();
             environment.put(INITIAL_CONTEXT_FACTORY, INITIAL_CONTEXT_FACTORY);
             environment.put(Context.PROVIDER_URL, providerURL);
             environment.put(Context.SECURITY_AUTHENTICATION, SECURITY_AUTHENTICATION);
 
             InitialLdapContext context = new InitialLdapContext(environment, null); // Resource allocated
 
             try {
                 NamingEnumeration<SearchResult> result = context.search(name, filter, cons);
                 return result;
             } finally {
                 context.close(); // Resource released
             }
         } catch (NamingException e) {
             System.err.println("LDAP search failed: " + e.getMessage());
         }
 
         return null;
     }

The snippet from the previous section is fixed; RLK.JNDI is not reported here.

External guidance

Extension

This checker can be extended through the Klocwork knowledge base. See Tuning Java analysis for more information.