Recommendations
CON00-J. Do not invoke a superclass method or constructor from a synchronized region in the subclass
CON01-J. Avoid using ThreadGroup APIs
CON02-J. Facilitate thread reuse by using Thread Pools
CON03-J. Do not assume that elements of an array declared volatile are volatile
CON04-J. Do not call overridable methods from synchronized regions
CON05-J. Use a unique channel to acquire locks on any file
CON06-J. Methods that override synchronized methods must also possess synchronization capabilities
CON07-J. Do not defer a thread that is holding a lock
CON08-J. Ensure that threads do not fail during activation
CON10-J. Use the private lock object idiom instead of intrinsic synchronization
Rules
CON30-J. Synchronize access to shared mutable variables
CON31-J. Always invoke wait() and await() methods inside a loop
CON32-J. Use notifyAll() instead of notify() to resume waiting threads
CON33-J. Address the shortcomings of the Singleton design pattern
CON34-J. Avoid deadlock by requesting locks in the proper order
CON35-J. Do not try to force thread shutdown
CON36-J. Always synchronize on the appropriate object
CON37-J. Never apply a lock to methods making network calls
CON38-J. Ensure atomicity of thread-safe code
CON39-J. Ensure atomicity of 64-bit operations
CON40-J. Do not let the "this" reference escape during object construction
CON41-J. Do not use background threads during class initialization
CON42-J. Ensure actively held locks are released on exceptional conditions
CON43-J. Use the correct form of the double-checked locking idiom
CON44-J. Do not expect sleep() and yield() methods to have any synchronization semantics
Risk Assessment Summary
Recommendations
Recommendation |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
|---|---|---|---|---|---|
CON00- J |
low |
likely |
high |
P3 |
L3 |
CON01- J |
low |
probable |
low |
P6 |
L2 |
CON02- J |
low |
probable |
high |
P2 |
L3 |
CON03- J |
low |
probable |
medium |
P4 |
L3 |
CON04- J |
low |
likely |
high |
P3 |
L3 |
CON06- J |
low |
probable |
medium |
P4 |
L3 |
CON07- J |
low |
probable |
medium |
P4 |
L3 |
CON08- J |
low |
probable |
medium |
P4 |
L3 |
CON10 - J |
medium |
probable |
medium |
P8 |
L2 |
Rules
Rules |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
|---|---|---|---|---|---|
CON30- J |
medium |
probable |
medium |
P8 |
L2 |
CON31- J |
low |
unlikely |
medium |
P2 |
L3 |
CON32- J |
low |
unlikely |
medium |
P2 |
L3 |
CON33- J |
low |
unlikely |
medium |
P2 |
L3 |
CON34- J |
low |
likely |
high |
P3 |
L3 |
CON35- J |
low |
probable |
medium |
P4 |
L3 |
CON36- J |
medium |
probable |
medium |
P8 |
L2 |
CON37- J |
low |
probable |
high |
P2 |
L3 |
CON38- J |
low |
probable |
medium |
P4 |
L3 |
CON39- J |
low |
probable |
medium |
P4 |
L3 |
CON41-J |
low |
likely |
high |
P3 |
L3 |
CON42-J |
low |
likely |
low |
P9 |
L2 |
CON43- J |
low |
probable |
medium |
P4 |
L3 |
CON44- J |
low |
probable |
medium |
P4 |
L3 |
IDS15-J. Library methods should validate their parameters The CERT Sun Microsystems Secure Coding Standard for Java CON00-J. Do not invoke a superclass method or constructor from a synchronized region in the subclass