Not releasing AmazonDynamoDbClient :: Recipe Details

Recipe Name:

Not releasing AmazonDynamoDbClient

Description:

Call the shutdown() method to release the AmazonDynamoDbClient

Level:

error

Language:

java

Tags:

framework specific
AWS
quality

Documentation

By not releasing the AmazonDynamoDbClient you could run the risk of leaking resources. If an attacker exploits a memory leak, this could possible lead to Denial of Service. AWS recommends to shut down the client to release the resources and render it unusable.

Before

public void method() {
    AmazonDynamoDbClient ddb = AmazonDynamoDbClient.defaultClient();
    // ...
};

After

public void method() {
    AmazonDynamoDbClient ddb = AmazonDynamoDbClient.create();
    // ...
    ddb.shutdown();
}

Resources

Recipe

id: scw:aws:amazondynamodbclient-shutdown
version: 10
metadata:
  name: Not releasing AmazonDynamoDbClient
  shortDescription: Call the shutdown() method to release the AmazonDynamoDbClient
  level: error
  language: java
  enabled: true
  descriptionFile: descriptions/ReleaseAmazonDynamoDbClientShutdown.html
  tags: framework specific;AWS;quality
search:
  methodcall:
    not:
      followedBy:
        methodcall:
          name: shutdown
          declaration:
            type: com.amazonaws.services.dynamodbv2.AmazonDynamoDB
    name: defaultClient
    declaration:
      type: com.amazonaws.services.dynamodbv2.AmazonDynamoDBClientBuilder
availableFixes:
- name: Call the shutdown method
  actions:
  - addMethodCall:
      name: shutdown
      position: end-of-life