Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Failure to internally synchronize access to static fields that can be modified by untrusted code risks incorrect synchronization because the author of the untrusted code can inadvertently or maliciously ignore the synchronization policy.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

LCK05-J

Low

Probable

Medium

P4

L3

Automated Detection

ToolVersionCheckerDescription
CodeSonar
Include Page
CodeSonar_V
CodeSonar_V

JAVA.CONCURRENCY.UG.METH

Unguarded Method (Java)

Parasoft Jtest
Include Page
Parasoft_V
Parasoft_V
CERT.LCK05.IASFInspect accesses to "static" fields which may require synchronization

Related Guidelines

MITRE CWE

CWE-820, Missing Synchronization

Bibliography

[API 2014]

 


[Bloch 2008]

Item 67, "Avoid Excessive Synchronization"

...


...