SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 3

changes.mady.by.user Justin Pincar

Saved on

compared with

New Version 4

changes.mady.by.user Fred Long

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
bgColor#ccccff
public class Hook {
  public static void main(String[] args) {
  Runtime.getRuntime().addShutdownHook(new Thread() {
  public void run() {
    hookShutdown();
  }
  });
		
  //other code
  }

  public static void hookShutdown() {
    // Log shutdown and close all resources
  }
}

Risk Assessment

TODOAllowing inadvertent calls to System.exit() may lead to denial-of-service attacks.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

CTL01-J

?? low ??

unlikely

?? medium

P??

L??

Automated Detection

...

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

References

Wiki Markup
\[[Kalinovsky 04|AA. Java References#Kalinovsky 04]\] Chapter 16 Intercepting a Call to System.exit
\[[API 06|AA. Java References#API 06]\] [method checkExit()|
Covert Java, Chapter 16 Intercepting a Call to System.exit
Java Documentation 
http://java.sun.com/j2se/1.4.2/docs/api/java/lang/SecurityManager.html#checkExit(int
Image Removed)
Custom security managers, 
)]
\[[Austin 00|AA. Java References#Austin 00]\] [Writing a Security Manager|http://java.sun.com/developer/onlineTraining/Programming/JDCBook/signed2.html
Image Removed
]