Rules
| Content by Label | ||||||||||||||
|---|---|---|---|---|---|---|---|---|---|---|---|---|---|---|
|
Risk Assessment Summary
Rule | Severity | Likelihood | Detectable | Repairable | Priority | Level |
|---|---|---|---|---|---|---|
| LCK00-J | Low | Probable | No | No | P2 | L3 |
| LCK01-J | Medium | Probable | Yes | No | P8 | L2 |
| LCK02-J | Medium | Probable | Yes | No | P8 | L2 |
| LCK03-J | Medium | Probable | Yes | No | P8 | L2 |
| LCK04-J | Low | Probable | Yes | No | P4 | L3 |
| LCK05-J | Low | Probable | No | No | P2 | L3 |
| LCK06-J | Medium | Probable | Yes | No | P8 | L2 |
| LCK07-J | Low | Likely | No | No | P3 | L3 |
| LCK08-J | Low | Likely | Yes | Yes | P9 | L2 |
| LCK09-J | Low | Probable | No | No | P2 | L3 |
| LCK10-J | Low | Probable | Yes | No | P4 | L3 |
| LCK11-J | Low | Probable | No | No | P2 | L3 |
...
Guidelines
CON01-J. Design APIs that ensure atomicity of composite operations and visibility of results
CON02-J. Always synchronize on the appropriate object
CON03-J. Do not use background threads during class initialization
CON04-J. Use the private lock object idiom instead of intrinsic synchronization
CON05-J. Ensure that threads do not fail during activation
CON06-J. Do not defer a thread that is holding a lock
CON07-J. Ensure atomicity of calls to thread-safe APIs
CON08-J. Do not invoke a superclass method or constructor from a synchronized region in the subclass
CON09-J. Do not call overridable methods from synchronized regions
CON10-J. Methods that override synchronized methods must also possess synchronization capabilities
CON11-J. Do not assume that declaring an object volatile guarantees visibility of its members
CON12-J. Avoid deadlock by requesting locks in the proper order
CON13-J. Do not try to force thread shutdown
CON14-J. Do not let the "this" reference escape during object construction
CON15-J. Ensure actively held locks are released on exceptional conditions
CON16-J. Do not expect sleep() and yield() methods to have any synchronization semantics
CON17-J. Avoid using ThreadGroup APIs
CON18-J. Always invoke wait() and await() methods inside a loop
CON19-J. Use notifyAll() instead of notify() to resume waiting threads
CON20-J. Never apply a lock to methods making network calls
CON21-J. Facilitate thread reuse by using Thread Pools
CON22-J. Do not use incorrect forms of the double-checked locking idiom
CON23-J. Address the shortcomings of the Singleton design pattern
CON24-J. Use a unique channel to acquire locks on any file
CON25-J. Ensure atomicity when reading and writing 64-bit values
CON26-J. Do not publish partially-constructed objects
Risk Assessment Summary
Guideline | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
CON00-J | medium | probable | medium | P8 | L2 |
CON01-J | medium | probable | medium | P8 | L2 |
CON02-J | low | likely | high | P3 | L3 |
CON03-J | low | probable | medium | P4 | L3 |
CON04-J | low | probable | medium | P4 | L3 |
CON05-J | low | probable | medium | P4 | L3 |
CON06-J | low | probable | medium | P4 | L3 |
CON07-J | low | likely | high | P3 | L3 |
CON08-J | low | likely | high | P3 | L3 |
CON09-J | low | probable | medium | P4 | L3 |
CON10-J | low | probable | medium | P4 | L3 |
CON11-J | low | likely | high | P3 | L3 |
CON12-J | low | probable | medium | P4 | L3 |
CON14-J | low | probable | medium | P4 | L3 |
CON15-J | low | likely | low | P9 | L2 |
CON16-J | low | probable | medium | P4 | L3 |
CON17-J | low | probable | low | P6 | L2 |
CON18-J | low | unlikely | medium | P2 | L3 |
CON19-J | low | unlikely | medium | P2 | L3 |
CON20-J | low | probable | high | P2 | L3 |
CON21-J | low | probable | high | P2 | L3 |
CON22-J | low | probable | medium | P4 | L3 |
CON23-J | low | unlikely | medium | P2 | L3 |
CON24-J | low | unlikely | medium | P2 | L3 |
CON25-J | low | unlikely | medium | P2 | L3 |
IDS17-J. Understand how escape characters are interpreted when String literals are compiled The CERT Sun Microsystems Secure Coding Standard for Java VOID CON00-J. Synchronize access to shared mutable variables