SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 29

changes.mady.by.user G. Ann Campbell

Saved on

compared with

New Version Current

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: REM cost reform

...

Use of nonstatic member fields in a servlet can result in information leakage. 

Rule

Severity

Likelihood

Remediation Cost

Detectable

Repairable

Priority

Level

MSC11-J

Medium

Likely

No

High

No

P6

L2

Automated Detection

Tool
Version
Checker
Description
Findbugs2.0.3

MSF_MUTABLE_SERVLET_FIELD
MTIA_SUSPECT_STRUTS_INSTANCE_FIELD
MTIA_SUSPECT_SERVLET_INSTANCE_FIELD

Implemented
Fortify6.10.0120

Singleton_Member_Field

Implemented
SonarQube
Java Plugin
Include Page
SonarQube
Java Plugin
_V
SonarQube
Java Plugin
_V
S2226
Implemented

Related Guidelines

 MITRE CWE CWE-543, Use of Singleton Pattern Without Synchronization in a Multithreaded Context

Bibliography

[Apache 2015]Apache Tomcat
[Fortify 2014]Fortify Diagnostic
[J2EE API 2013]HttpServletRequest

...


...