...
A class that does not provide any accessible methods to change the lock is secure against untrusted manipulation, however, it is susceptible to inadvertent modification by the programmer. For maintainability reasons, eliminating the accessor method (which is presumably needed for other reasons) is not the preferred solution.
Noncompliant Code Example (public final lock object)
This noncompliant code example uses a public final lock object.
| Code Block | ||
|---|---|---|
| ||
public class SomeObject {
public final Object lock = new Object();
public void changeValue() {
synchronized (lock) {
// ...
}
}
}
// Untrusted code
new SomeObject().lock.wait()
|
Untrusted code that has the ability to create an instance of the class or has access to an already created instance, can invoke the wait() method on the publicly accessible lock. This causes the lock in the changeValue() method to be immediately released. Furthermore, if the method were to invoke lock.wait() from its body and not test a condition predicate, it would be vulnerable to malicious notifications. (see CON18-J. Always invoke wait() and await() methods inside a loop for more information)
Compliant Solution (private final lock object)
...