From bf5c57a16850ffbbb07aee9197f5b84ba4710f9d Mon Sep 17 00:00:00 2001 From: "google-labs-jules[bot]" <161369871+google-labs-jules[bot]@users.noreply.github.com> Date: Fri, 6 Mar 2026 09:48:44 +0000 Subject: [PATCH] =?UTF-8?q?=F0=9F=9B=A1=EF=B8=8F=20Sentinel:=20[HIGH]=20Fi?= =?UTF-8?q?x=20CWE-400=20resource=20leak=20in=20AtTackCraft-Core?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Co-authored-by: acsoto <59144459+acsoto@users.noreply.github.com> --- .../Bungee/PlayerListLogger.java | 21 ++++++++++--------- .../Bungee/WhiteList/WhiteList.java | 14 +++++-------- 2 files changed, 16 insertions(+), 19 deletions(-) diff --git a/modules/AtTackCraft-Core/src/main/java/cc/mcac/attackcraftcore/Bungee/PlayerListLogger.java b/modules/AtTackCraft-Core/src/main/java/cc/mcac/attackcraftcore/Bungee/PlayerListLogger.java index 4e83e21..a411c6a 100644 --- a/modules/AtTackCraft-Core/src/main/java/cc/mcac/attackcraftcore/Bungee/PlayerListLogger.java +++ b/modules/AtTackCraft-Core/src/main/java/cc/mcac/attackcraftcore/Bungee/PlayerListLogger.java @@ -18,18 +18,19 @@ public void run() { plugin.getProxy().getScheduler().schedule(plugin, () -> { try { Connection connection = plugin.getSqlManager().getConnection(); - PreparedStatement ps = connection.prepareStatement( + try (PreparedStatement ps = connection.prepareStatement( "INSERT INTO `server_player_list` (server_id, player_number, player_list) VALUES (?,?,?) " + "ON DUPLICATE KEY UPDATE player_number = ?, player_list = ?" - ); - int playerNumber = plugin.getProxy().getOnlineCount(); - String playerList = plugin.getProxy().getPlayers().toString(); - ps.setString(1, plugin.getConfiguration().getString("server_id")); - ps.setInt(2, playerNumber); - ps.setString(3, playerList); - ps.setInt(4, playerNumber); - ps.setString(5, playerList); - ps.executeUpdate(); + )) { + int playerNumber = plugin.getProxy().getOnlineCount(); + String playerList = plugin.getProxy().getPlayers().toString(); + ps.setString(1, plugin.getConfiguration().getString("server_id")); + ps.setInt(2, playerNumber); + ps.setString(3, playerList); + ps.setInt(4, playerNumber); + ps.setString(5, playerList); + ps.executeUpdate(); + } } catch (SQLException e) { e.printStackTrace(); } diff --git a/modules/AtTackCraft-Core/src/main/java/cc/mcac/attackcraftcore/Bungee/WhiteList/WhiteList.java b/modules/AtTackCraft-Core/src/main/java/cc/mcac/attackcraftcore/Bungee/WhiteList/WhiteList.java index 35ee335..24510ec 100644 --- a/modules/AtTackCraft-Core/src/main/java/cc/mcac/attackcraftcore/Bungee/WhiteList/WhiteList.java +++ b/modules/AtTackCraft-Core/src/main/java/cc/mcac/attackcraftcore/Bungee/WhiteList/WhiteList.java @@ -41,11 +41,8 @@ public void onPlayerJoin(PreLoginEvent e) { public void on() { Connection connection = plugin.getSqlManager().getConnection(); - try { - PreparedStatement ps = connection.prepareStatement( - "SELECT * FROM `whitelist`" - ); - ResultSet rs = ps.executeQuery(); + try (PreparedStatement ps = connection.prepareStatement("SELECT * FROM `whitelist`"); + ResultSet rs = ps.executeQuery()) { whiteList.clear(); while (rs.next()) { whiteList.add(rs.getString("player_name")); @@ -62,10 +59,9 @@ public void off() { public void addPlayer(String playerName) { whiteList.add(playerName); Connection connection = plugin.getSqlManager().getConnection(); - try { - PreparedStatement ps = connection.prepareStatement( - "INSERT INTO `whitelist` (`player_name`) VALUES (?) ON DUPLICATE KEY UPDATE `player_name` = ?" - ); + try (PreparedStatement ps = connection.prepareStatement( + "INSERT INTO `whitelist` (`player_name`) VALUES (?) ON DUPLICATE KEY UPDATE `player_name` = ?" + )) { ps.setString(1, playerName); ps.setString(2, playerName); ps.executeUpdate();