AttackFlow Findings Dictionary

Finding A Way To Try AttackFlow Enterprise Edition?

If so, click to download 15 days full version for free!

Unsafe FileSystem Resource Release

Attackers can leave the application in an unresponsive state such as denial of service causing customers to wait for a long time

Severity

High

Fix Cost

Low

Trust Level

Medium

Although getting richer every 18-months or so, computing environments have limited resources. These resources should be release after they are being used with success or failure in order to be used later on. Availability of a system depends on this.

In .NET the garbage collector reclaims the memory used by unmanaged objects, but types such as database APIs, that use unmanaged resources implement the IDisposable interface to allow this unmanaged memory to be reclaimed.

The code below doesn't release any of the resources it takes upon an exception. However, APIs such as StreamReader, Stream, StreamWriter use stream resources and should be release properly.

            
string url = "ftp://example.com/section.pdf";
var  request = (FtpWebRequest)WebRequest.Create(url);
request.Method = WebRequestMethods.Ftp.DownloadFile;
request.Credentials = new NetworkCredential ("anonymous","joe");

var response = (FtpWebResponse)request.GetResponse();

Stream responseStream = response.GetResponseStream();
StreamReader reader = new StreamReader(responseStream);
var text = reader.ReadToEnd();

reader.Close();
response.Close();  
                    
              

Finding A Way To Purchase AttackFlow Enterprise Edition?

If so, click to buy now for yearly subscriptions!