ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
rspec/rules/S1147/java/rule.adoc
Egon Okerman d1417e82f8
Modify CWE and OWASP Top 10 links to follow standard link format (APPSEC-1134) (#3529) 
* Fix all CWE references

* Fix all OWASP references

* Fix missing CWE prefixes
2024-01-15 17:15:56 +01:00

44 lines
1.4 KiB
Plaintext
Raw Permalink Blame History

== Why is this an issue?
Calling ``++System.exit(int status)++`` or ``++Rutime.getRuntime().exit(int status)++`` calls the shutdown hooks and shuts downs the entire Java virtual machine. Calling ``++Runtime.getRuntime().halt(int)++`` does an immediate shutdown, without calling the shutdown hooks, and skipping finalization.
Each of these methods should be used with extreme care, and only when the intent is to stop the whole Java process. For instance, none of them should be called from applications running in a J2EE container.
=== Noncompliant code example
[source,java]
----
System.exit(0);
Runtime.getRuntime().exit(0);
Runtime.getRuntime().halt(0);
----
=== Exceptions
These methods are ignored inside ``++main++``.
== Resources
* CWE - https://cwe.mitre.org/data/definitions/382[CWE-382 - Use of System.exit()]
* https://wiki.sei.cmu.edu/confluence/x/7zZGBQ[CERT, ERR09-J.] - Do not allow untrusted code to terminate the JVM
ifdef::env-github,rspecator-view[]
'''
== Implementation Specification
(visible only on this page)
include::../message.adoc[]
'''
== Comments And Links
(visible only on this page)
=== on 17 Aug 2017, 17:36:38 Pierre-Yves Nicolas wrote:
\[~jeanchristophe.collet] I moved the description from RSPEC-1147 here. The only difference is the addition of the second link in the "See" section: CERT, ERR09-J. Please check that it makes sense.
include::../comments-and-links.adoc[]
endif::env-github,rspecator-view[]
Reference in New Issue View Git Blame Copy Permalink