rspec/rules/S1147/java/rule.adoc

== Why is this an issue?

Calling ``++System.exit(int status)++`` or ``++Rutime.getRuntime().exit(int status)++`` calls the shutdown hooks and shuts downs the entire Java virtual machine. Calling ``++Runtime.getRuntime().halt(int)++`` does an immediate shutdown, without calling the shutdown hooks, and skipping finalization.


Each of these methods should be used with extreme care, and only when the intent is to stop the whole Java process. For instance, none of them should be called from applications running in a J2EE container.

=== Noncompliant code example

[source,java]
----
System.exit(0);
Runtime.getRuntime().exit(0);
Runtime.getRuntime().halt(0);
----

=== Exceptions

These methods are ignored inside ``++main++``.

== Resources

* https://cwe.mitre.org/data/definitions/382[MITRE, CWE-382] - Use of System.exit()
* https://wiki.sei.cmu.edu/confluence/x/7zZGBQ[CERT, ERR09-J.] - Do not allow untrusted code to terminate the JVM

ifdef::env-github,rspecator-view[]

'''
== Implementation Specification
(visible only on this page)

include::../message.adoc[]

'''
== Comments And Links
(visible only on this page)

=== on 17 Aug 2017, 17:36:38 Pierre-Yves Nicolas wrote:
\[~jeanchristophe.collet] I moved the description from RSPEC-1147 here. The only difference is the addition of the second link in the "See" section: CERT, ERR09-J. Please check that it makes sense.

include::../comments-and-links.adoc[]

endif::env-github,rspecator-view[]
migrate rule descriptions to new education format 2023-05-03 11:06:20 +02:00			`== Why is this an issue?`

make in-line code blocks verbatim 2021-01-27 13:42:22 +01:00			Calling ``++System.exit(int status)++`` or ``++Rutime.getRuntime().exit(int status)++`` calls the shutdown hooks and shuts downs the entire Java virtual machine. Calling ``++Runtime.getRuntime().halt(int)++`` does an immediate shutdown, without calling the shutdown hooks, and skipping finalization.
Add rules 1000-1999 2020-06-30 12:47:33 +02:00
Force linebreaks 2021-02-02 15:02:10 +01:00
Add rules 1000-1999 2020-06-30 12:47:33 +02:00			`Each of these methods should be used with extreme care, and only when the intent is to stop the whole Java process. For instance, none of them should be called from applications running in a J2EE container.`

migrate rule descriptions to new education format 2023-05-03 11:06:20 +02:00			`=== Noncompliant code example`
Add rules 1000-1999 2020-06-30 12:47:33 +02:00
RULEAPI-661: Add syntax coloring 2022-02-04 17:28:24 +01:00			`[source,java]`
Add rules 1000-1999 2020-06-30 12:47:33 +02:00			`----`
			`System.exit(0);`
			`Runtime.getRuntime().exit(0);`
			`Runtime.getRuntime().halt(0);`
			`----`

migrate rule descriptions to new education format 2023-05-03 11:06:20 +02:00			`=== Exceptions`
Add rules 1000-1999 2020-06-30 12:47:33 +02:00
make in-line code blocks verbatim 2021-01-27 13:42:22 +01:00			These methods are ignored inside ``++main++``.
Add rules 1000-1999 2020-06-30 12:47:33 +02:00
migrate rule descriptions to new education format 2023-05-03 11:06:20 +02:00			`== Resources`
Add rules 1000-1999 2020-06-30 12:47:33 +02:00
RULEAPI-755 Update CWE URLs by removing .html suffix and update with https protocol (#926) * Change affects only see.adoc and rule.adoc files, not comments-and-links.adoc files 2022-04-07 08:53:59 -05:00			`* https://cwe.mitre.org/data/definitions/382[MITRE, CWE-382] - Use of System.exit()`
Add all rules, update all rules fixing the inline code syntax 2020-12-21 15:38:52 +01:00			`* https://wiki.sei.cmu.edu/confluence/x/7zZGBQ[CERT, ERR09-J.] - Do not allow untrusted code to terminate the JVM`
Export comments and rspec-to-rspec links from jira 2021-06-02 20:44:38 +02:00
Fix the comment display: rule-id, timestamp, GH visibility, link direction 2021-06-03 09:05:38 +02:00			`ifdef::env-github,rspecator-view[]`
RULEAPI-666: Migrate the "List of parameters", "Highlighting" and "Message" fields from jira RSPEC (#346) 2021-09-20 15:38:42 +02:00
			`'''`
			`== Implementation Specification`
			`(visible only on this page)`

			`include::../message.adoc[]`

RULEAPI-576: add a horizontal rule between rule description and comments 2021-06-08 15:52:13 +02:00			`'''`
Export comments and rspec-to-rspec links from jira 2021-06-02 20:44:38 +02:00			`== Comments And Links`
			`(visible only on this page)`

Inline adoc when include has no additional value (#1940) Inline adoc files when they are included exactly once. Also fix language tags because this inlining gives us better information on what language the code is written in. 2023-05-25 14:18:12 +02:00			`=== on 17 Aug 2017, 17:36:38 Pierre-Yves Nicolas wrote:`
			`\[~jeanchristophe.collet] I moved the description from RSPEC-1147 here. The only difference is the addition of the second link in the "See" section: CERT, ERR09-J. Please check that it makes sense.`

			`include::../comments-and-links.adoc[]`

Fix the comment display: rule-id, timestamp, GH visibility, link direction 2021-06-03 09:05:38 +02:00			`endif::env-github,rspecator-view[]`