find-resource-leaks
Resource Leak Detection
Analyze PHP code for resource leak issues.
Detection Patterns
1. Unclosed File Handles
// BUG: File handle not closed
$file = fopen('data.txt', 'r');
$content = fread($file, filesize('data.txt'));
// Missing: fclose($file);
// BUG: Early return without close
$file = fopen($path, 'w');
if (!$valid) {
return false; // File handle leaked
}
fwrite($file, $data);
fclose($file);
2. Database Connections Not Released
// BUG: Connection not closed
$pdo = new PDO($dsn, $user, $pass);
$stmt = $pdo->query($sql);
// PDO not unset, may hold connection
// BUG: In connection pool context
$connection = $pool->acquire();
$result = $connection->query($sql);
if ($error) {
throw new Exception(); // Connection leaked
}
$pool->release($connection);
3. Streams Not Freed
// BUG: Stream not closed
$stream = fopen('php://temp', 'r+');
fwrite($stream, $data);
// Missing: fclose($stream);
// BUG: cURL handle not closed
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
$response = curl_exec($ch);
// Missing: curl_close($ch);
4. Missing Finally Blocks
// BUG: No finally for cleanup
$lock = $this->acquireLock();
try {
$this->process();
} catch (Exception $e) {
$this->log($e);
throw $e; // Lock not released on exception
}
$this->releaseLock($lock);
// FIXED:
$lock = $this->acquireLock();
try {
$this->process();
} finally {
$this->releaseLock($lock);
}
5. Temporary Files Not Cleaned
// BUG: Temp file not deleted
$tempFile = tempnam(sys_get_temp_dir(), 'prefix_');
file_put_contents($tempFile, $data);
$result = $this->processFile($tempFile);
// Missing: unlink($tempFile);
// BUG: Early return leaves temp file
$temp = tmpfile();
if (!$valid) {
return null; // Temp file not cleaned
}
6. Socket/Network Resources
// BUG: Socket not closed
$socket = socket_create(AF_INET, SOCK_STREAM, SOL_TCP);
socket_connect($socket, $host, $port);
$data = socket_read($socket, 1024);
// Missing: socket_close($socket);
// BUG: SSH connection not closed
$connection = ssh2_connect($host);
ssh2_auth_password($connection, $user, $pass);
$stream = ssh2_exec($connection, $command);
// Resources not freed
7. Image/GD Resources
// BUG: Image resource not destroyed
$image = imagecreatefromjpeg($path);
$resized = imagescale($image, 100, 100);
imagejpeg($resized, $output);
// Missing: imagedestroy($image); imagedestroy($resized);
8. Doctrine/ORM Resources
// BUG: Large result set in memory
$query = $em->createQuery('SELECT u FROM User u');
$users = $query->getResult(); // All in memory
// BUG: Detached entities not cleared
foreach ($largeDataset as $data) {
$entity = new Entity($data);
$em->persist($entity);
$em->flush();
// Missing: $em->clear(); for large batches
}
Grep Patterns
# fopen without fclose
Grep: "fopen\([^)]+\)" --glob "**/*.php"
Grep: "fclose\(" --glob "**/*.php"
# curl_init without curl_close
Grep: "curl_init\(" --glob "**/*.php"
Grep: "curl_close\(" --glob "**/*.php"
# try without finally
Grep: "try\s*\{[^}]+\}\s*catch" --glob "**/*.php"
# tempnam/tmpfile usage
Grep: "(tempnam|tmpfile)\(" --glob "**/*.php"
Severity Classification
| Pattern | Severity |
|---|---|
| Database connection leak | 🔴 Critical |
| File handle in loop | 🔴 Critical |
| Lock not released | 🔴 Critical |
| Single file handle | 🟠 Major |
| Temp file not cleaned | 🟠 Major |
| Image resource | 🟡 Minor |
Best Practices
Use try-finally
$resource = acquire();
try {
process($resource);
} finally {
release($resource);
}
Use Context Managers (PHP 8.1+)
// Custom destructor-based cleanup
$file = new FileHandler($path);
// Automatically closed on unset/scope exit
Use Transactions Properly
$connection->beginTransaction();
try {
$this->process();
$connection->commit();
} catch (Throwable $e) {
$connection->rollBack();
throw $e;
}
Output Format
### Resource Leak: [Description]
**Severity:** 🔴/🟠/🟡
**Location:** `file.php:line`
**Type:** [File Handle|Connection|Stream|Lock|Temp File|...]
**Issue:**
Resource acquired but not properly released.
**Code:**
```php
// Problematic code
Fix:
// With proper cleanup
More from dykyi-roman/awesome-claude-code
psr-overview-knowledge
PHP Standards Recommendations (PSR) overview knowledge base. Provides comprehensive reference for all accepted PSRs including PSR-1,3,4,6,7,11,12,13,14,15,16,17,18,20. Use for PSR selection decisions and compliance audits.
22detect-code-smells
Detects code smells in PHP codebases. Identifies God Class, Feature Envy, Data Clumps, Long Parameter List, Long Method, Primitive Obsession, Message Chains, Inappropriate Intimacy. Generates actionable reports with refactoring recommendations.
15clean-arch-knowledge
Clean Architecture knowledge base. Provides patterns, antipatterns, and PHP-specific guidelines for Clean Architecture and Hexagonal Architecture audits.
15ddd-knowledge
DDD architecture knowledge base. Provides patterns, antipatterns, and PHP-specific guidelines for Domain-Driven Design audits.
14testing-knowledge
Testing knowledge base for PHP 8.4 projects. Provides testing pyramid, AAA pattern, naming conventions, isolation principles, DDD testing guidelines, and PHPUnit patterns.
12bug-root-cause-finder
Root cause analysis methods for PHP bugs. Provides 5 Whys technique, fault tree analysis, git bisect guidance, and stack trace parsing.
12