First wave of security fixes

Issue: 102725

Author: tomas-sexenian

common/src/main/java/com/genexus/GXParameterUnpacker.java

@@ -477,10 +477,8 @@ public final String readBlobfile()
 		for (int i = data.length - 1; i >=0 ; i--)
 			data[i] = readByte();
 
-		try
-		{
-			File file = new File(fileName);
-			OutputStream destination = new BufferedOutputStream(new FileOutputStream(file));
+		try (FileOutputStream fos = new FileOutputStream(new File(fileName))){
+			OutputStream destination = new BufferedOutputStream(fos);
 			destination.write(data, 0, data.length);
 			destination.close();
 		}

common/src/main/java/com/genexus/Messages.java

@@ -109,10 +109,8 @@ protected static final String getTab()
 	private void load(String resourceName)
 	{
 		String line;
-		InputStream is = null;
-		try
+		try (InputStream is = SpecificImplementation.Messages.getInputStream(resourceName);)
 		{
-			is = SpecificImplementation.Messages.getInputStream(resourceName);
 
             if (is != null)
             {

common/src/main/java/com/genexus/util/PropertiesManager.java

@@ -44,11 +44,9 @@ public void flushProperties()
    		for (Enumeration e = propertyFiles.keys(); e.hasMoreElements() ;) 
    		{
 			String fileName = (String) e.nextElement();
-			try
+			try (FileOutputStream outputStream = new FileOutputStream(fileName);)
 			{
-			  	FileOutputStream outputStream = new FileOutputStream(fileName);
 				((Properties) propertyFiles.get(fileName)).store(outputStream, "");
-				outputStream.close();
 			}
 			catch (IOException ex)
 			{

common/src/main/java/com/genexus/util/Template.java

@@ -18,9 +18,9 @@ public static void main(String arg[])
 		t.addPattern("ENABLE_CAB_IE"	, "true");
 		t.addPattern("IE_PLUGIN_URL"	, "http://algo");
 
-		try
+		try (FileReader fileReader = new FileReader("deployment.htm"); FileWriter fileWriter = new FileWriter("out.htm"))
 		{
-			t.applyTemplate(new BufferedReader(new FileReader("deployment.htm")), new BufferedWriter(new FileWriter("out.htm")));
+			t.applyTemplate(new BufferedReader(fileReader), new BufferedWriter(fileWriter));
 		}
 		catch (IOException e)
 		{

java/src/main/java/com/genexus/webpanels/GXObjectUploadServices.java

@@ -9,6 +9,8 @@
 import com.genexus.ws.rs.core.*;
 import org.apache.commons.io.FilenameUtils;
 
+import java.io.InputStream;
+
 
 public class GXObjectUploadServices extends GXWebObjectStub
 {   
@@ -87,24 +89,26 @@ protected void doExecute(HttpContext context) throws Exception
 				fileName = com.genexus.PrivateUtilities.getTempFileName("", fName, "tmp");
 				String filePath = fileDirPath + fileName;
 				fileName = fileName.replaceAll(".tmp", "." + ext);
-				FileItem fileItem = new FileItem(filePath, false, "", context.getRequest().getInputStream().getInputStream());
-				savedFileName = fileItem.getPath();
-				JSONObject jObj = new JSONObject();
-				jObj.put("object_id", HttpUtils.getUploadFileId(keyId));
-				if (!isRestCall) {
-					context.getResponse().setContentType("application/json");
-					context.getResponse().setStatus(201);
-					context.getResponse().setHeader("GeneXus-Object-Id", keyId);
-					((HttpContextWeb) context).writeText(jObj.toString());
-					context.getResponse().flushBuffer();
-				}
-				else {
-					String jsonResponse = jObj.toString();
-					builder = Response.statusWrapped(201).entityWrapped(jsonResponse);
-					builder.header("GeneXus-Object-Id", keyId);
-				}
-				if (!savedFileName.isEmpty()) {
-					HttpUtils.CacheUploadFile(keyId, savedFileName, fileName, ext);
+				try (InputStream is = context.getRequest().getInputStream().getInputStream()) {
+					FileItem fileItem = new FileItem(filePath, false, "", is);
+					savedFileName = fileItem.getPath();
+					JSONObject jObj = new JSONObject();
+					jObj.put("object_id", HttpUtils.getUploadFileId(keyId));
+					if (!isRestCall) {
+						context.getResponse().setContentType("application/json");
+						context.getResponse().setStatus(201);
+						context.getResponse().setHeader("GeneXus-Object-Id", keyId);
+						((HttpContextWeb) context).writeText(jObj.toString());
+						context.getResponse().flushBuffer();
+					}
+					else {
+						String jsonResponse = jObj.toString();
+						builder = Response.statusWrapped(201).entityWrapped(jsonResponse);
+						builder.header("GeneXus-Object-Id", keyId);
+					}
+					if (!savedFileName.isEmpty()) {
+						HttpUtils.CacheUploadFile(keyId, savedFileName, fileName, ext);
+					}
 				}
 			}
 		}

wrapperjakarta/src/main/java/com/genexus/ws/RestReaderInterceptor.java

@@ -13,11 +13,11 @@ public class RestReaderInterceptor implements ReaderInterceptor {
 
 	@Override
 	public Object aroundReadFrom(ReaderInterceptorContext context) throws IOException, WebApplicationException {
-		InputStream is = context.getInputStream();
+		try (InputStream is = context.getInputStream();){
+			InputStream isBody = com.genexus.WrapperUtils.storeRestRequestBody(is);
 
-		InputStream isBody = com.genexus.WrapperUtils.storeRestRequestBody(is);
-
-		context.setInputStream(isBody);
-		return context.proceed();
+			context.setInputStream(isBody);
+			return context.proceed();
+		}
 	}
 }