...
An object should use a private internal lock object rather than its own intrinsic lock . An object should rely on its intrinsic lock only if unless all of the following conditions are met:
- The object's class is package-private and untrusted code cannot infiltrate the package.
- No objects of that class (or a subclass) ever escape its package, for instance, because of
thisreference leaks (CON14-J. Do not let the "this" reference escape during object construction). - None of the object's superclasses use synchronization at all.
If any of these conditions are violated, the object's intrinsic lock is not trustworthy. If all conditions are satisfied, then the object gains no significant security from using a private internal lock object, and so it may rely on synchronize using its own intrinsic lock.
Noncompliant Code Example
...