SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 139

changes.mady.by.user Shannon Haas

Saved on

compared with

New Version 140

changes.mady.by.user Tracey Tamules

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Because the Helper class is declared public, it uses a private lock to handle synchronization in conformance with rule LCK00-J. Use private final lock objects to synchronize classes that may interact with untrusted code.

Exceptions

TSM03-EX1EX0: Classes that prevent partially initialized objects from being used may publish partially initialized objects. This could be implemented, for example, by setting a volatile boolean flag in the last statement of the initializing code and checking whether this flag is set before allowing class methods to execute.

...

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

TSM03-J

medium

probable

medium

P8

L2

...

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Bibliography

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="45ce102a15bf1c11-c431bf5f-42a24166-bad28638-0aeac1b798ae839e649d20b9"><ac:plain-text-body><![CDATA[

[[API 2006

AA. Bibliography#API 06]]

 

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="a23f82d82ea04732-3b5a14de-46864a99-9036909e-bf592c045a9b9432bbf02c5c"><ac:plain-text-body><![CDATA[

[[Bloch 2001

AA. Bibliography#Bloch 01]]

Item 48: "Synchronize access to shared mutable data"

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="a6c206371a92e4f0-a329aa71-4e044ff1-907798db-288715ffa67633452c1f630c"><ac:plain-text-body><![CDATA[

[[Goetz 2006

AA. Bibliography#Goetz 06]]

Section 3.5.3 "Safe Publication Idioms"

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="397bb292be5a1689-88850695-4ce246e0-ac52884e-2a73925f37a4f1dff165c203"><ac:plain-text-body><![CDATA[

[[Goetz 2007

AA. Bibliography#Goetz 07]]

Pattern #2: "one-time safe publication"

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="55706bad47722eea-a121d024-485a4e6c-a95a93e4-3174448fe60a7fbacd051456"><ac:plain-text-body><![CDATA[

[[JPL 2006

AA. Bibliography#JPL 06]]

14.10.2. "Final Fields and Security"

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="8cd61b2790de13d9-901d948e-4ea24d61-bd59a277-8bad44ae3f68f3aee0d004b2"><ac:plain-text-body><![CDATA[

[[Pugh 2004

AA. Bibliography#Pugh 04]]

 

]]></ac:plain-text-body></ac:structured-macro>

...