| Wiki Markup |
|---|
DoPrograms notmay submit only tasks that do not support interruption using {{Thread.interrupt()}} to a thread poolpools ifthat itrequire isthe necessaryability to shut down the thread pool or to cancel individual tasks within itthe pool. Submitting tasks that lack interruption support to such thread pools is forbidden. According to the Java API interface \[[API 2006|AA. Bibliography#API 06]\], the {{java.util.concurrent.ExecutorService.shutdownNow()}} method |
...
| Code Block | ||
|---|---|---|
| ||
public final class SocketReader implements Runnable { // Thread-safe class
private final Socket socket;
private final BufferedReader in;
private final Object lock = new Object();
public SocketReader(String host, int port) throws IOException {
this.socket = new Socket(host, port);
this.in = new BufferedReader(new InputStreamReader(this.socket.getInputStream()));
}
// Only one thread can use the socket at a particular time
@Override public void run() {
try {
synchronized (lock) {
readData();
}
} catch (IOException ie) {
// Forward to handler
}
}
public void readData() throws IOException {
String string;
try {
while ((string = in.readLine()) != null) {
// Blocks until end of stream (null)
}
} finally {
shutdown();
}
}
public void shutdown() throws IOException {
socket.close();
}
}
public final class PoolService {
private final ExecutorService pool;
public PoolService(int poolSize) {
pool = Executors.newFixedThreadPool(poolSize);
}
public void doSomething() throws InterruptedException, IOException {
pool.submit(new SocketReader("somehost", 8080));
// ...
List<Runnable> awaitingTasks = pool.shutdownNow();
}
public static void main(String[] args) throws InterruptedException, IOException {
PoolService service = new PoolService(5);
service.doSomething();
}
}
|
Because The shutdownNow() method may fail to shut down the thread pool because the task does not lacks support for interruption using the Thread.interrupt() method, there is no guarantee that the shutdownNow() method will shut down the thread pool. Using . Use of the shutdown() method does not also fails to fix the problem either because it waits until all executing tasks have finished.
...
TPS02-EX1: Short-running tasks that execute without blocking are not required to adhere to exempt from this rule.
Risk Assessment
Submitting tasks that are not interruptible may preclude the uninterruptible may prevent a thread pool from shutting down and consequently may cause denial of service.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
TPS02-J | low | probable | medium | P4 | L3 |
Automated Detection
TODO
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="095f49bb00318997-0af737d1-45084047-b4dea1eb-8c10a1f88651d912161ad961"><ac:plain-text-body><![CDATA[ | [[API 2006 | AA. Bibliography#API 06]] | interface ExecutorService | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="4aff384dd3df17a1-4cead9ec-47504e60-8eed895b-fe6b1f17cd1cf6e1e7cb604b"><ac:plain-text-body><![CDATA[ | [[Goetz 2006 | AA. Bibliography#Goetz 06]] | Chapter 7: Cancellation and shutdown | ]]></ac:plain-text-body></ac:structured-macro> |
...