SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 191

changes.mady.by.user Pranjal Jumde

Saved on

compared with

New Version 192

changes.mady.by.user Arthur Hicken

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: added parasoft

...

This noncompliant code example exposes instances of the SomeObject class to untrusted code.

Code Block
bgColor#FFCCCC

public class SomeObject {

  // Locks on the object's monitor
  public synchronized void changeValue() { 
    // ...
  }
}

// Untrusted code
SomeObject someObject = new SomeObject();
synchronized (someObject) {
  while (true) {
    // Indefinitely delay someObject
    Thread.sleep(Integer.MAX_VALUE); 
  }
}

...

This noncompliant code example locks on a public nonfinal object in an attempt to use a lock other than {{SomeObject}}’s intrinsic lock.

Code Block
bgColor#FFcccc

public class SomeObject {
  public Object lock = new Object();

  public void changeValue() {
    synchronized (lock) {
      // ...
    }
  }
}

...

This noncompliant code example synchronizes on a publicly accessible but nonfinal field. The lock field is declared volatile so that changes are visible to other threads.

Code Block
bgColor#FFcccc

public class SomeObject {
  private volatile Object lock = new Object();

  public void changeValue() {
    synchronized (lock) {
      // ...
    }
  }

  public void setLock(Object lockValue) {
    lock = lockValue;
  }
}

...

This noncompliant code example uses a public final lock object.

Code Block
bgColor#FFcccc

public class SomeObject {
  public final Object lock = new Object();

  public void changeValue() {
    synchronized (lock) {
      // ...
    }
  }
}

// Untrusted code
SomeObject someObject = new SomeObject();
someObject.lock.wait();

...

Thread-safe public classes that may interact with untrusted code must use a private final lock object. Existing classes that use intrinsic synchronization must be refactored to use block synchronization on such an object. In this compliant solution, calling changeValue() obtains a lock on a private final Object instance that is inaccessible to callers that are outside the class's scope.

Code Block
bgColor#ccccff

public class SomeObject {
  private final Object lock = new Object(); // private final lock object

  public void changeValue() {
    synchronized (lock) { // Locks on the private Object
      // ...
    }
  }
}

...

This noncompliant code example exposes the class object of SomeObject to untrusted code.

Code Block
bgColor#FFCCCC

public class SomeObject {
  //changeValue locks on the class object's monitor
  public static synchronized void changeValue() { 
    // ...
  }
}

// Untrusted code
synchronized (SomeObject.class) {
  while (true) {
    Thread.sleep(Integer.MAX_VALUE); // Indefinitely delay someObject
  }
}

...

Thread-safe public classes that both use intrinsic synchronization over the class object and may interact with untrusted code must be refactored to use a static private final lock object and block synchronization.

Code Block
bgColor#ccccff

public class SomeObject {
  private static final Object lock = new Object();

  public static void changeValue() {
    synchronized (lock) { // Locks on the private Object
      // ...
    }
  }
}

...

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

LCK00-J

low

probable

medium

P4

L3

Automated Detection

ToolVersionCheckerDescription
Parasoft Jtest9.5TRS.SOPFImplemented

Related Guidelines

MITRE CWE

CWE-412. Unrestricted externally accessible lock

 

CWE-413. Improper resource locking

...

[Bloch 2001]

Item 52. Document Thread Safety