Guidelines
CON00-J. Synchronize access to shared mutable variables
CON01-J. Always synchronize on the appropriate object
CON02-J. Do not use background threads during class initialization
CON03-J. Use the private lock object idiom instead of intrinsic synchronization
CON04-J. Ensure that threads do not fail during activation
CON05-J. Do not defer a thread that is holding a lock
CON06-J. Ensure atomicity of thread-safe code
CON07-J. Do not invoke a superclass method or constructor from a synchronized region in the subclass
CON08-J. Do not call overridable methods from synchronized regions
CON09-J. Methods that override synchronized methods must also possess synchronization capabilities
CON10-J. Do not assume that elements of an array declared volatile are volatile
CON11-J. Avoid deadlock by requesting locks in the proper order
CON12-J. Do not try to force thread shutdown
CON13-J. Do not let the "this" reference escape during object construction
CON14-J. Ensure atomicity of 64-bit operations
CON15-J. Ensure actively held locks are released on exceptional conditions
CON16-J. Do not expect sleep() and yield() methods to have any synchronization semantics
CON17-J. Avoid using ThreadGroup APIs
CON18-J. Always invoke wait() and await() methods inside a loop
CON19-J. Use notifyAll() instead of notify() to resume waiting threads
CON20-J. Never apply a lock to methods making network calls
CON21-J. Facilitate thread reuse by using Thread Pools
CON22-J. Use the correct form of the double-checked locking idiom
CON23-J. Address the shortcomings of the Singleton design pattern
CON24-J. Use a unique channel to acquire locks on any file
Risk Assessment Summary
Guideline |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
|---|---|---|---|---|---|
CON00- J |
medium |
probable |
medium |
P8 |
L2 |
CON01- J |
medium |
probable |
medium |
P8 |
L2 |
CON02- J |
low |
likely |
high |
P3 |
L3 |
CON03- J |
low |
probable |
medium |
P4 |
L3 |
CON04- J |
low |
probable |
medium |
P4 |
L3 |
CON05- J |
low |
probable |
medium |
P4 |
L3 |
CON06- J |
low |
probable |
medium |
P4 |
L3 |
CON07- J |
low |
likely |
high |
P3 |
L3 |
CON08- J |
low |
likely |
high |
P3 |
L3 |
CON09- J |
low |
probable |
medium |
P4 |
L3 |
CON10- J |
low |
probable |
medium |
P4 |
L3 |
CON11- J |
low |
likely |
high |
P3 |
L3 |
CON12- J |
low |
probable |
medium |
P4 |
L3 |
CON14- J |
low |
probable |
medium |
P4 |
L3 |
CON15- J |
low |
likely |
low |
P9 |
L2 |
CON16- J |
low |
probable |
medium |
P4 |
L3 |
CON17- J |
low |
probable |
low |
P6 |
L2 |
CON18- J |
low |
unlikely |
medium |
P2 |
L3 |
CON19- J |
low |
unlikely |
medium |
P2 |
L3 |
CON20- J |
low |
probable |
high |
P2 |
L3 |
CON21- J |
low |
probable |
high |
P2 |
L3 |
CON22- J |
low |
probable |
medium |
P4 |
L3 |
CON23- J |
low |
unlikely |
medium |
P2 |
L3 |
IDS05-J. Library methods should validate their parameters The CERT Sun Microsystems Secure Coding Standard for Java CON07-J. Do not invoke a superclass method or constructor from a synchronized region in the subclass