...
The untrusted code attempts to acquire a lock on the objectâs monitor and, upon succeeding, introduces an indefinite delay that prevents the synchronized changeValue() method from acquiring the same lock. Note that in the untrusted code, the attacker intentionally violates guideline LCK09-J. Do not perform operations that may can block while holding a lock.
Noncompliant Code Example (Public Non-Final Lock Object)
...
A compliant solution must comply with guideline LCK05-J. Synchronize access to static fields that can be modified by untrusted code. However, in the untrusted code, the attacker intentionally violates guideline LCK09-J. Do not perform operations that may can block while holding a lock.
Compliant Solution (Static)
...