i use httpcontext retrieve current user name of coming http request, when running coverity analysis, reports resource leak.
public class userscontroller:apicontroller { private string username; public userscontroller() { if (httpcontext.current != null) { username = httpcontext.current.user.identity.name; } } //i defined customized identity public class myidentity : iidentity { private string name; public string authenticationtype { { return "custom"; } } public bool isauthenticated { { return true; } } public string name { get; set; } } in coverity report, says 2. alloc_fn: new resource returned allocation method identity.get. (the virtual call resolves system.security.claims.claimsprincipal.identity.get.) 3. noescape: resource system.web.httpcontext.current.user.identity not closed or saved in name.get. (the virtual call resolves org.abc.httpmodules.myidentity.name.get.)
cid 51307: resource leak (resource_leak) 4. leaked_resource: failing save or close resource created system.web.httpcontext.current.user.identity leaks it.
iidentity implemented windowsidentity. windowsidentity implements idisposable, , needs disposed of after created. can calling dispose method.
however, since using own implementation of iidentity, think issue here coverity isn't sure if identity disposable or not , erring on side of caution.
Comments
Post a Comment