Merge pull request #171 from Kamidu/master

Preventing Infromation leakage
wso2 · Jan 28, 2016 · 2776577 · 2776577
2 parents 4a3b146 + 512bf6c
commit 2776577
Showing 1 changed file with 14 additions and 10 deletions.
diff --git a/...e.impl/src/main/java/org/wso2/carbon/device/mgt/mobile/dao/impl/MobileFeatureDAOImpl.java b/...e.impl/src/main/java/org/wso2/carbon/device/mgt/mobile/dao/impl/MobileFeatureDAOImpl.java
@@ -63,10 +63,10 @@ public boolean addFeature(MobileFeature mobileFeature)
 			stmt.setString(4, mobileFeature.getDeviceType());
 			int rows = stmt.executeUpdate();
 			if (rows > 0) {
-                if (log.isDebugEnabled()) {
+				if (log.isDebugEnabled()) {
 					log.debug("Added a new MobileFeature " + mobileFeature.getCode() + " to the MDM database.");
 				}
-                status = true;
+				status = true;
 			}
 		} catch (SQLException e) {
 			String msg = "Error occurred while adding feature code - '" +
@@ -183,14 +183,15 @@ public MobileFeature getFeatureByCode(String mblFeatureCode)
 		Connection conn = null;
 		PreparedStatement stmt = null;
 		MobileFeature mobileFeature = null;
+		ResultSet resultSet = null;
 		try {
 			conn = this.getConnection();
 			String selectDBQuery =
 					"SELECT ID, CODE, NAME, DESCRIPTION, DEVICE_TYPE FROM AD_FEATURE " +
 					"WHERE CODE = ?";
 			stmt = conn.prepareStatement(selectDBQuery);
 			stmt.setString(1, mblFeatureCode);
-			ResultSet resultSet = stmt.executeQuery();
+			resultSet = stmt.executeQuery();
 			if (resultSet.next()) {
 				mobileFeature = new MobileFeature();
 				mobileFeature.setId(resultSet.getInt(1));
@@ -207,7 +208,7 @@ public MobileFeature getFeatureByCode(String mblFeatureCode)
 			log.error(msg, e);
 			throw new MobileDeviceManagementDAOException(msg, e);
 		} finally {
-			MobileDeviceManagementDAOUtil.cleanupResources(conn, stmt, null);
+			MobileDeviceManagementDAOUtil.cleanupResources(conn, stmt, resultSet);
 		}
 		return mobileFeature;
 	}
@@ -218,14 +219,15 @@ public MobileFeature getFeatureById(int mblFeatureId)
 		Connection conn = null;
 		PreparedStatement stmt = null;
 		MobileFeature mobileFeature = null;
+		ResultSet resultSet = null;
 		try {
 			conn = this.getConnection();
 			String selectDBQuery =
 					"SELECT ID, CODE, NAME, DESCRIPTION, DEVICE_TYPE FROM AD_FEATURE" +
 					" WHERE ID = ?";
 			stmt = conn.prepareStatement(selectDBQuery);
 			stmt.setInt(1, mblFeatureId);
-			ResultSet resultSet = stmt.executeQuery();
+			resultSet = stmt.executeQuery();
 			if (resultSet.next()) {
 				mobileFeature = new MobileFeature();
 				mobileFeature.setId(resultSet.getInt(1));
@@ -242,7 +244,7 @@ public MobileFeature getFeatureById(int mblFeatureId)
 			log.error(msg, e);
 			throw new MobileDeviceManagementDAOException(msg, e);
 		} finally {
-			MobileDeviceManagementDAOUtil.cleanupResources(conn, stmt, null);
+			MobileDeviceManagementDAOUtil.cleanupResources(conn, stmt, resultSet);
 		}
 		return mobileFeature;
 	}
@@ -253,12 +255,13 @@ public List<MobileFeature> getAllFeatures() throws MobileDeviceManagementDAOExce
 		PreparedStatement stmt = null;
 		MobileFeature mobileFeature;
 		List<MobileFeature> mobileFeatures = new ArrayList<MobileFeature>();
+		ResultSet resultSet = null;
 		try {
 			conn = this.getConnection();
 			String selectDBQuery =
 					"SELECT ID, CODE, NAME, DESCRIPTION, DEVICE_TYPE FROM AD_FEATURE";
 			stmt = conn.prepareStatement(selectDBQuery);
-			ResultSet resultSet = stmt.executeQuery();
+			resultSet = stmt.executeQuery();
 			while (resultSet.next()) {
 				mobileFeature = new MobileFeature();
 				mobileFeature.setId(resultSet.getInt(1));
@@ -277,7 +280,7 @@ public List<MobileFeature> getAllFeatures() throws MobileDeviceManagementDAOExce
 			log.error(msg, e);
 			throw new MobileDeviceManagementDAOException(msg, e);
 		} finally {
-			MobileDeviceManagementDAOUtil.cleanupResources(conn, stmt, null);
+			MobileDeviceManagementDAOUtil.cleanupResources(conn, stmt, resultSet);
 		}
 	}
 
@@ -287,14 +290,15 @@ public List<MobileFeature> getFeatureByDeviceType(String deviceType) throws Mobi
 		PreparedStatement stmt = null;
 		MobileFeature mobileFeature;
 		List<MobileFeature> mobileFeatures = new ArrayList<>();
+		ResultSet resultSet = null;
 		try {
 			conn = this.getConnection();
 			String selectDBQuery =
 					"SELECT ID, CODE, NAME, DESCRIPTION, DEVICE_TYPE FROM AD_FEATURE" +
 					" WHERE DEVICE_TYPE = ?";
 			stmt = conn.prepareStatement(selectDBQuery);
 			stmt.setString(1, deviceType);
-			ResultSet resultSet = stmt.executeQuery();
+			resultSet = stmt.executeQuery();
 			while (resultSet.next()) {
 				mobileFeature = new MobileFeature();
 				mobileFeature.setId(resultSet.getInt(1));
@@ -314,7 +318,7 @@ public List<MobileFeature> getFeatureByDeviceType(String deviceType) throws Mobi
 			log.error(msg, e);
 			throw new MobileDeviceManagementDAOException(msg, e);
 		} finally {
-			MobileDeviceManagementDAOUtil.cleanupResources(conn, stmt, null);
+			MobileDeviceManagementDAOUtil.cleanupResources(conn, stmt, resultSet);
 		}
 	}