SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 70

changes.mady.by.user Yozo TODA

Saved on

compared with

New Version 71

changes.mady.by.user Yozo TODA

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 4.0

...

This implementation uses an internal flag to track whether the exit is permitted. The method setExitAllowed() sets this flag. The checkExit() method throws a SecurityException when the flag is unset (that is, false). Because this flag is not initially set, normal exception processing bypasses the initial call to System.exit(). The program catches the SecurityException and performs mandatory cleanup operations, including logging the exception. The System.exit() method is enabled only after cleanup is complete.

Exceptions

Wiki Markup*ERR09-EX0:* It is permissible for a command-line utility to call {{System.exit()}}, for example, when the required number of arguments are not input \[ [Bloch 2008|AA. References#Bloch 08]\]\[[ESA 2005|AA. References#ESA 05]\].

Risk Assessment

Allowing unauthorized calls to System.exit() may lead to denial of service (DoS).

...

MITRE CWE

CWE-382. J2EE bad practices: Use of System.exit()

Bibliography

...

[[API 2006AA. References#API 06] ]

[Method checkExit()http://java.sun.com/j2se/1.4.2/docs/api/java/lang/SecurityManager.html#checkExit(int)], class Runtime, method addShutdownHook

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="048f9fff-dad9-4c2e-9805-e3d1454a555b"><ac:plain-text-body><![CDATA[

[ [Austin 2000AA. References#Austin 00] ]

[Writing a Security Manager

http://java.sun.com/developer/onlineTraining/Programming/JDCBook/signed2.html]

]]></ac:plain-text-body></ac:structured-macro><ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="e2e938ad-7edf-46ad-a834-1fbc3c1d861a"><ac:plain-text-body><!

[CDATA[ [[Darwin 2004AA. References#Darwin 04] ]

9.5, The Finalize Method

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="8232ae1f-9ff4-4a27-86c0-4da0b7093b32"><ac:plain-text-body><![CDATA[

[[ESA 2005AA. References#ESA 05] ]

Rule 78. Restrict the use of the System.exit method

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="f4746af5-6516-49f5-8683-7ef79d5aefb0"><ac:plain-text-body><![CDATA[

[[Goetz 2006AA. References#Goetz 06] ]

7.4, JVM Shutdown

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="24c8a871-abe3-4b8c-8c8a-75355df17f14"><ac:plain-text-body><![CDATA[

[[Kalinovsky 2004AA. References#Kalinovsky 04]]

Chapter 16, Intercepting a Call to System.exit]]></ac:plain-text-body></ac:structured-macro>

...

      06. Exceptional Behavior (ERR)      07. Visibility and Atomicity (VNA)