4

I use HttpContext to retrieve current user name of the coming HTTP request, however when running coverity analysis, it reports a resource leak.

    public class UsersController:ApiController
    {
      private string userName;
      public UsersController()
      {
        if (HttpContext.Current != null)
        {
            userName = HttpContext.Current.User.Identity.Name;
        }
    }
    //I defined customized identity
    public class MyIdentity : IIdentity
    {
        private string name;
        public string AuthenticationType
        {
            get { return "Custom"; }
        }

        public bool IsAuthenticated
        {
            get { return true; }

        }

        public string Name { get; set; }

 }

In Coverity report, it says 2. alloc_fn: A new resource is returned from allocation method Identity.get. (The virtual call resolves to System.Security.Claims.ClaimsPrincipal.Identity.get.) 3. noescape: Resource System.Web.HttpContext.Current.User.Identity is not closed or saved in Name.get. (The virtual call resolves to Org.Abc.HttpModules.MyIdentity.Name.get.)

CID 51307: Resource leak (RESOURCE_LEAK) 4. leaked_resource: Failing to save or close resource created by System.Web.HttpContext.Current.User.Identity leaks it.

Bargitta
  • 2,266
  • 4
  • 22
  • 35

1 Answers1

0

IIdentity is implemented by WindowsIdentity. WindowsIdentity also implements IDisposable, and so needs to be disposed of after it is created. You can do this by calling the Dispose method.

However, since you are using your own implementation of IIdentity, I think the issue here is that Coverity isn't sure if that identity is disposable or not and so is erring on the side of caution.

Bishop
  • 296
  • 8
  • 19