From 2fbda6e64ba4b2b2cfd84df92b253d1c8ede7cd5 Mon Sep 17 00:00:00 2001
From: Chad <chad.d.currie@gmail.com>
Date: Thu, 14 Mar 2024 03:59:28 +1300
Subject: [PATCH] Dispose IDisposable instances (#15810)

---
 .../Checks/Security/ExcessiveHeadersCheck.cs             | 2 +-
 .../HealthChecks/Checks/Security/HttpsCheck.cs           | 2 +-
 .../Media/EmbedProviders/OEmbedProviderBase.cs           | 2 +-
 .../Persistence/Repositories/InstallationRepository.cs   | 2 +-
 .../Persistence/Repositories/UpgradeCheckRepository.cs   | 4 ++--
 src/Umbraco.Core/Security/LegacyPasswordSecurity.cs      | 9 ++++++---
 src/Umbraco.Core/Security/PasswordGenerator.cs           | 5 ++++-
 7 files changed, 16 insertions(+), 10 deletions(-)

diff --git a/src/Umbraco.Core/HealthChecks/Checks/Security/ExcessiveHeadersCheck.cs b/src/Umbraco.Core/HealthChecks/Checks/Security/ExcessiveHeadersCheck.cs
index e211d7c257..08088251e5 100644
--- a/src/Umbraco.Core/HealthChecks/Checks/Security/ExcessiveHeadersCheck.cs
+++ b/src/Umbraco.Core/HealthChecks/Checks/Security/ExcessiveHeadersCheck.cs
@@ -51,7 +51,7 @@ public class ExcessiveHeadersCheck : HealthCheck
         var url = _hostingEnvironment.ApplicationMainUrl?.GetLeftPart(UriPartial.Authority);
 
         // Access the site home page and check for the headers
-        var request = new HttpRequestMessage(HttpMethod.Head, url);
+        using var request = new HttpRequestMessage(HttpMethod.Head, url);
         try
         {
             using HttpResponseMessage response = await HttpClient.SendAsync(request);
diff --git a/src/Umbraco.Core/HealthChecks/Checks/Security/HttpsCheck.cs b/src/Umbraco.Core/HealthChecks/Checks/Security/HttpsCheck.cs
index 888b136360..fbe5933b28 100644
--- a/src/Umbraco.Core/HealthChecks/Checks/Security/HttpsCheck.cs
+++ b/src/Umbraco.Core/HealthChecks/Checks/Security/HttpsCheck.cs
@@ -80,7 +80,7 @@ public class HttpsCheck : HealthCheck
         var urlBuilder = new UriBuilder(_hostingEnvironment.ApplicationMainUrl) { Scheme = Uri.UriSchemeHttps };
         Uri url = urlBuilder.Uri;
 
-        var request = new HttpRequestMessage(HttpMethod.Head, url);
+        using var request = new HttpRequestMessage(HttpMethod.Head, url);
 
         try
         {
diff --git a/src/Umbraco.Core/Media/EmbedProviders/OEmbedProviderBase.cs b/src/Umbraco.Core/Media/EmbedProviders/OEmbedProviderBase.cs
index 59d0f171ef..e53935f49e 100644
--- a/src/Umbraco.Core/Media/EmbedProviders/OEmbedProviderBase.cs
+++ b/src/Umbraco.Core/Media/EmbedProviders/OEmbedProviderBase.cs
@@ -60,7 +60,7 @@ public abstract class OEmbedProviderBase : IEmbedProvider
 
         using (var request = new HttpRequestMessage(HttpMethod.Get, url))
         {
-            HttpResponseMessage response = _httpClient.SendAsync(request).GetAwaiter().GetResult();
+            using HttpResponseMessage response = _httpClient.SendAsync(request).GetAwaiter().GetResult();
             return response.Content.ReadAsStringAsync().Result;
         }
     }
diff --git a/src/Umbraco.Core/Persistence/Repositories/InstallationRepository.cs b/src/Umbraco.Core/Persistence/Repositories/InstallationRepository.cs
index c30015a7a0..e79edec7f7 100644
--- a/src/Umbraco.Core/Persistence/Repositories/InstallationRepository.cs
+++ b/src/Umbraco.Core/Persistence/Repositories/InstallationRepository.cs
@@ -20,7 +20,7 @@ public class InstallationRepository : IInstallationRepository
                 _httpClient = new HttpClient();
             }
 
-            var content = new StringContent(_jsonSerializer.Serialize(installLog), Encoding.UTF8, "application/json");
+            using var content = new StringContent(_jsonSerializer.Serialize(installLog), Encoding.UTF8, "application/json");
 
             await _httpClient.PostAsync(RestApiInstallUrl, content);
         }
diff --git a/src/Umbraco.Core/Persistence/Repositories/UpgradeCheckRepository.cs b/src/Umbraco.Core/Persistence/Repositories/UpgradeCheckRepository.cs
index 4d4e642d9d..9cf0d52251 100644
--- a/src/Umbraco.Core/Persistence/Repositories/UpgradeCheckRepository.cs
+++ b/src/Umbraco.Core/Persistence/Repositories/UpgradeCheckRepository.cs
@@ -21,10 +21,10 @@ public class UpgradeCheckRepository : IUpgradeCheckRepository
                 _httpClient = new HttpClient();
             }
 
-            var content = new StringContent(_jsonSerializer.Serialize(new CheckUpgradeDto(version)), Encoding.UTF8, "application/json");
+            using var content = new StringContent(_jsonSerializer.Serialize(new CheckUpgradeDto(version)), Encoding.UTF8, "application/json");
 
             _httpClient.Timeout = TimeSpan.FromSeconds(1);
-            HttpResponseMessage task = await _httpClient.PostAsync(RestApiUpgradeChecklUrl, content);
+            using HttpResponseMessage task = await _httpClient.PostAsync(RestApiUpgradeChecklUrl, content);
             var json = await task.Content.ReadAsStringAsync();
             UpgradeResult? result = _jsonSerializer.Deserialize<UpgradeResult>(json);
 
diff --git a/src/Umbraco.Core/Security/LegacyPasswordSecurity.cs b/src/Umbraco.Core/Security/LegacyPasswordSecurity.cs
index a960fd7998..f50d0b5bdb 100644
--- a/src/Umbraco.Core/Security/LegacyPasswordSecurity.cs
+++ b/src/Umbraco.Core/Security/LegacyPasswordSecurity.cs
@@ -16,8 +16,11 @@ public class LegacyPasswordSecurity
     public static string GenerateSalt()
     {
         var numArray = new byte[16];
-        new RNGCryptoServiceProvider().GetBytes(numArray);
-        return Convert.ToBase64String(numArray);
+        using (var rng = new RNGCryptoServiceProvider())
+        {
+            rng.GetBytes(numArray);
+            return Convert.ToBase64String(numArray);
+        }
     }
 
     // TODO: Remove v11
@@ -86,7 +89,7 @@ public class LegacyPasswordSecurity
     /// </summary>
     public bool VerifyLegacyHashedPassword(string password, string dbPassword)
     {
-        var hashAlgorithm = new HMACSHA1
+        using var hashAlgorithm = new HMACSHA1
         {
             // the legacy salt was actually the password :(
             Key = Encoding.Unicode.GetBytes(password),
diff --git a/src/Umbraco.Core/Security/PasswordGenerator.cs b/src/Umbraco.Core/Security/PasswordGenerator.cs
index 7d55e0e39d..1d938d36c8 100644
--- a/src/Umbraco.Core/Security/PasswordGenerator.cs
+++ b/src/Umbraco.Core/Security/PasswordGenerator.cs
@@ -98,7 +98,10 @@ public class PasswordGenerator
                 var data = new byte[length];
                 var chArray = new char[length];
                 var num1 = 0;
-                new RNGCryptoServiceProvider().GetBytes(data);
+                using (var rng = new RNGCryptoServiceProvider())
+                {
+                    rng.GetBytes(data);
+                }
 
                 for (var index = 0; index < length; ++index)
                 {