2023-05-03 11:06:20 +02:00
== Why is this an issue?
2021-04-28 16:49:39 +02:00
When a cycle exists between classes during their ``++static++`` initialization, the results can be unpredictable because they depend on which class was initialized first.
2021-04-28 18:08:03 +02:00
2023-05-03 11:06:20 +02:00
=== Noncompliant code example
2021-04-28 16:49:39 +02:00
2022-02-04 17:28:24 +01:00
[source,java]
2021-04-28 16:49:39 +02:00
----
public class A {
public static int a = B.b + 1; // Noncompliant; sometimes a = 1, others a = 2
}
public class B {
public static int b = A.a + 1; // Noncompliant; sometimes b = 1, others b = 2
}
----
2021-04-28 18:08:03 +02:00
2023-05-03 11:06:20 +02:00
== Resources
2021-04-28 16:49:39 +02:00
* https://www.securecoding.cert.org/confluence/display/java/DCL00-J.+Prevent+class+initialization+cycles[CERT, DCL00-J.] - Prevent class initialization cycles
2021-04-28 18:08:03 +02:00
2021-06-02 20:44:38 +02:00
2021-06-03 09:05:38 +02:00
ifdef::env-github,rspecator-view[]
2021-09-20 15:38:42 +02:00
'''
== Implementation Specification
(visible only on this page)
2023-05-25 14:18:12 +02:00
=== Message
Class "xxx" accesses this class during static initialization.
2021-09-20 15:38:42 +02:00
2021-06-08 15:52:13 +02:00
'''
2021-06-02 20:44:38 +02:00
== Comments And Links
(visible only on this page)
2023-05-25 14:18:12 +02:00
=== is related to: S3263
=== on 13 Jan 2015, 15:17:51 Ann Campbell wrote:
We had this in your queue for research, but I came across the CERT reference...
=== on 27 Jan 2015, 20:13:41 Freddy Mallet wrote:
And so the "cwe" tag is missing :)
2021-06-03 09:05:38 +02:00
endif::env-github,rspecator-view[]
