SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 129

changes.mady.by.user vishal patel

Saved on

compared with

New Version 130

changes.mady.by.user Melanie Thompson

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Edited by NavBot (vkp)

...

Additionally, hostile code from any other package can exploit this vulnerability if the class is accessible. (For more information, see CON07 LCK00-J. Use private final lock objects to synchronize classes that may interact with untrusted code.)

Noncompliant Code Example (String Literal)

...

For more information on using an Object as a lock, see CON07 LCK00-J. Use private final lock objects to synchronize classes that may interact with untrusted code.

Risk Assessment

A significant number of concurrency vulnerabilities arise from locking on the wrong kind of object. It is important to consider the properties of the lock object rather than indiscreetly scavenging for objects to synchronize on.

...

Wiki Markup
\[[API 06|AA. Java References#API 06]\] Class String, Collections
\[[Findbugs 08|AA. Java References#Findbugs 08]\]
\[[Pugh 08|AA. Java References#Pugh 08]\] "Synchronization"
\[[Miller 09|AA. Java References#Miller 09]\] Locking
\[[Tutorials 08|AA. Java References#Tutorials 08]\] [Wrapper Implementations|http://java.sun.com/docs/books/tutorial/collections/implementations/wrapper.html]

...

CON07-J. Use private final lock objects to synchronize classes that may interact with untrusted codeImage Added      11. Concurrency (CON)      CON09-J. Do not synchronize on the class object returned by getClass()