SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 85

changes.mady.by.user Amy Gale

Saved on

compared with

New Version Current

changes.mady.by.user Jon O'Donnell

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Allowing unauthorized calls to System.exit() may lead to denial of service.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

ERR09-J

Low

Unlikely

Medium

P2

L3

Automated Detection

Tool
Version
Checker
Description
CodeSonar
4.4PMD.J2EE.DoNotCallSystemExit
FB.BAD_PRACTICE.DM_EXITDo not call System exit
Method invokes System.exit(...
Include Page
CodeSonar_V
CodeSonar_V

JAVA.DEBUG.CALL

Debug Call (Java)

Coverity7.5

DC.CODING_STYLE
FB.DM_EXIT

Implemented
Parasoft Jtest
9.5CODSTA.BP.EXIT, SECURITY.EAB.JVMImplementedSonarQube Java Plugin
Include Page
Parasoft_V
Parasoft_V
CERT.ERR09.JVM
CERT.ERR09.EXIT
Do not stop the JVM in a web component
Do not call methods which terminates Java Virtual Machine
SonarQube
Include Page
SonarQube
Java Plugin
_V
SonarQube
Java Plugin
_V
S1147
Implemented
Exit methods should not be called

Related Guidelines

MITRE CWE

CWE-382, J2EE Bad Practices: Use of System.exit()

Android Implementation Details

On Android, System.exit() should not be used because it will terminate the virtual machine abruptly, ignoring the activity life cycle, which may prevent proper garbage collection.

Bibliography

[API 2014]

Method checkExit()
Class Runtime: Method addShutdownHook

[Austin 2000]

"Writing a Security Manager"

[Darwin 2004]

Section 9.5, "The Finalize Method"

[ESA 2005]

Rule 78, Restrict the use of the System.exit method

[Goetz 2006]

Section 7.4, "JVM Shutdown"

[Kalinovsky 2004]

Chapter 16, "Intercepting a Call to System.exit"

...


...