From 512bf6c514e76f25a992f94c7520ab0f07c221fe Mon Sep 17 00:00:00 2001
From: Kamidu Sachith <sachithp@wso2.com>
Date: Mon, 25 Jan 2016 14:42:59 +0530
Subject: [PATCH] Preventing Infromation leakage

---
 .../mobile/dao/impl/MobileFeatureDAOImpl.java | 24 +++++++++++--------
 1 file changed, 14 insertions(+), 10 deletions(-)

diff --git a/components/device-mgt/org.wso2.carbon.device.mgt.mobile.impl/src/main/java/org/wso2/carbon/device/mgt/mobile/dao/impl/MobileFeatureDAOImpl.java b/components/device-mgt/org.wso2.carbon.device.mgt.mobile.impl/src/main/java/org/wso2/carbon/device/mgt/mobile/dao/impl/MobileFeatureDAOImpl.java
index 6b806d21b..86a940fd6 100644
--- a/components/device-mgt/org.wso2.carbon.device.mgt.mobile.impl/src/main/java/org/wso2/carbon/device/mgt/mobile/dao/impl/MobileFeatureDAOImpl.java
+++ b/components/device-mgt/org.wso2.carbon.device.mgt.mobile.impl/src/main/java/org/wso2/carbon/device/mgt/mobile/dao/impl/MobileFeatureDAOImpl.java
@@ -63,10 +63,10 @@ public boolean addFeature(MobileFeature mobileFeature)
 			stmt.setString(4, mobileFeature.getDeviceType());
 			int rows = stmt.executeUpdate();
 			if (rows > 0) {
-                if (log.isDebugEnabled()) {
+				if (log.isDebugEnabled()) {
 					log.debug("Added a new MobileFeature " + mobileFeature.getCode() + " to the MDM database.");
 				}
-                status = true;
+				status = true;
 			}
 		} catch (SQLException e) {
 			String msg = "Error occurred while adding feature code - '" +
@@ -183,6 +183,7 @@ public MobileFeature getFeatureByCode(String mblFeatureCode)
 		Connection conn = null;
 		PreparedStatement stmt = null;
 		MobileFeature mobileFeature = null;
+		ResultSet resultSet = null;
 		try {
 			conn = this.getConnection();
 			String selectDBQuery =
@@ -190,7 +191,7 @@ public MobileFeature getFeatureByCode(String mblFeatureCode)
 					"WHERE CODE = ?";
 			stmt = conn.prepareStatement(selectDBQuery);
 			stmt.setString(1, mblFeatureCode);
-			ResultSet resultSet = stmt.executeQuery();
+			resultSet = stmt.executeQuery();
 			if (resultSet.next()) {
 				mobileFeature = new MobileFeature();
 				mobileFeature.setId(resultSet.getInt(1));
@@ -207,7 +208,7 @@ public MobileFeature getFeatureByCode(String mblFeatureCode)
 			log.error(msg, e);
 			throw new MobileDeviceManagementDAOException(msg, e);
 		} finally {
-			MobileDeviceManagementDAOUtil.cleanupResources(conn, stmt, null);
+			MobileDeviceManagementDAOUtil.cleanupResources(conn, stmt, resultSet);
 		}
 		return mobileFeature;
 	}
@@ -218,6 +219,7 @@ public MobileFeature getFeatureById(int mblFeatureId)
 		Connection conn = null;
 		PreparedStatement stmt = null;
 		MobileFeature mobileFeature = null;
+		ResultSet resultSet = null;
 		try {
 			conn = this.getConnection();
 			String selectDBQuery =
@@ -225,7 +227,7 @@ public MobileFeature getFeatureById(int mblFeatureId)
 					" WHERE ID = ?";
 			stmt = conn.prepareStatement(selectDBQuery);
 			stmt.setInt(1, mblFeatureId);
-			ResultSet resultSet = stmt.executeQuery();
+			resultSet = stmt.executeQuery();
 			if (resultSet.next()) {
 				mobileFeature = new MobileFeature();
 				mobileFeature.setId(resultSet.getInt(1));
@@ -242,7 +244,7 @@ public MobileFeature getFeatureById(int mblFeatureId)
 			log.error(msg, e);
 			throw new MobileDeviceManagementDAOException(msg, e);
 		} finally {
-			MobileDeviceManagementDAOUtil.cleanupResources(conn, stmt, null);
+			MobileDeviceManagementDAOUtil.cleanupResources(conn, stmt, resultSet);
 		}
 		return mobileFeature;
 	}
@@ -253,12 +255,13 @@ public List<MobileFeature> getAllFeatures() throws MobileDeviceManagementDAOExce
 		PreparedStatement stmt = null;
 		MobileFeature mobileFeature;
 		List<MobileFeature> mobileFeatures = new ArrayList<MobileFeature>();
+		ResultSet resultSet = null;
 		try {
 			conn = this.getConnection();
 			String selectDBQuery =
 					"SELECT ID, CODE, NAME, DESCRIPTION, DEVICE_TYPE FROM AD_FEATURE";
 			stmt = conn.prepareStatement(selectDBQuery);
-			ResultSet resultSet = stmt.executeQuery();
+			resultSet = stmt.executeQuery();
 			while (resultSet.next()) {
 				mobileFeature = new MobileFeature();
 				mobileFeature.setId(resultSet.getInt(1));
@@ -277,7 +280,7 @@ public List<MobileFeature> getAllFeatures() throws MobileDeviceManagementDAOExce
 			log.error(msg, e);
 			throw new MobileDeviceManagementDAOException(msg, e);
 		} finally {
-			MobileDeviceManagementDAOUtil.cleanupResources(conn, stmt, null);
+			MobileDeviceManagementDAOUtil.cleanupResources(conn, stmt, resultSet);
 		}
 	}
 
@@ -287,6 +290,7 @@ public List<MobileFeature> getFeatureByDeviceType(String deviceType) throws Mobi
 		PreparedStatement stmt = null;
 		MobileFeature mobileFeature;
 		List<MobileFeature> mobileFeatures = new ArrayList<>();
+		ResultSet resultSet = null;
 		try {
 			conn = this.getConnection();
 			String selectDBQuery =
@@ -294,7 +298,7 @@ public List<MobileFeature> getFeatureByDeviceType(String deviceType) throws Mobi
 					" WHERE DEVICE_TYPE = ?";
 			stmt = conn.prepareStatement(selectDBQuery);
 			stmt.setString(1, deviceType);
-			ResultSet resultSet = stmt.executeQuery();
+			resultSet = stmt.executeQuery();
 			while (resultSet.next()) {
 				mobileFeature = new MobileFeature();
 				mobileFeature.setId(resultSet.getInt(1));
@@ -314,7 +318,7 @@ public List<MobileFeature> getFeatureByDeviceType(String deviceType) throws Mobi
 			log.error(msg, e);
 			throw new MobileDeviceManagementDAOException(msg, e);
 		} finally {
-			MobileDeviceManagementDAOUtil.cleanupResources(conn, stmt, null);
+			MobileDeviceManagementDAOUtil.cleanupResources(conn, stmt, resultSet);
 		}
 	}