Handle Leak of ReadableJsonConfigurationProvider in FromStdInStrategy class

I analyzed the **ASP .NET Core** code using the **Svace** static analyzer. It has found a **HANDLE_LEAK** category error with the following message:

``new ReadableJsonConfigurationProvider() is not disposed at the end of the function``

in method `Execute(CommandContext context)`. Here's a source code:

https://github.com/dotnet/aspnetcore/blob/d088530dced8d71ed81f322fecfcf6b03ae3d9de/src/Tools/dotnet-user-secrets/src/Internal/SetCommand.cs#L61-L84

An instance of the `ReadableJsonConfigurationProvider` class is created and can be disposed of.

---

What about adjusting this method to ensure proper disposal with a `using` statement?
Like this:

```c#
            using var provider = new ReadableJsonConfigurationProvider();
```

---

Found by Linux Verification Center (linuxtesting.org) with SVACE.
Reporter: Aleksey Kolosov ([kolosov.ai@npc-ksb.ru](mailto:kolosov.ai@npc-ksb.ru)).
Organization: [info@npc-ksb.ru](mailto:info@npc-ksb.ru)

	public void Execute(CommandContext context)
	{
	// parses stdin with the same parser that Microsoft.Extensions.Configuration.Json would use
	var provider = new ReadableJsonConfigurationProvider();
	using (var stream = new MemoryStream())
	{
	using (var writer = new StreamWriter(stream, Encoding.Unicode, 1024, true))
	{
	writer.Write(context.Console.In.ReadToEnd()); // TODO buffer?
	}

	stream.Seek(0, SeekOrigin.Begin);
	provider.Load(stream);
	}

	foreach (var k in provider.CurrentData)
	{
	context.SecretStore.Set(k.Key, k.Value);
	}

	context.Reporter.Output(Resources.FormatMessage_Saved_Secrets(provider.CurrentData.Count));

	context.SecretStore.Save();
	}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Handle Leak of ReadableJsonConfigurationProvider in FromStdInStrategy class #59260

Metadata

Assignees

Labels

Type

Projects

Milestone

Relationships

Development