ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
rspec/rules/S2654/java/rule.adoc
Egon Okerman d1417e82f8
Modify CWE and OWASP Top 10 links to follow standard link format (APPSEC-1134) (#3529) 
* Fix all CWE references

* Fix all OWASP references

* Fix missing CWE prefixes
2024-01-15 17:15:56 +01:00

50 lines
1.2 KiB
Plaintext
Raw Blame History

== Why is this an issue?
Proper synchronization and thread management can be tricky under the best of circumstances, but it's particularly difficult in JEE application, and is even forbidden under some circumstances by the JEE standard.
This rule raises an issue for each ``++Runnable++``, and use of the ``++synchronized++`` keyword.
=== Noncompliant code example
[source,java]
----
public void doGet(HttpServletRequest request, HttpServletResponse response) throws ServletException, IOException {
// ...
Runnable r = new Runnable() { // Noncompliant
public void run() {
// ...
}
};
new Thread(r).start();
----
== Resources
* CWE - https://cwe.mitre.org/data/definitions/383[CWE-383 - J2EE Bad Practices: Direct Use of Threads]
* CWE - https://cwe.mitre.org/data/definitions/574[CWE-574 - EJB Bad Practices: Use of Synchronization Primitives]
ifdef::env-github,rspecator-view[]
'''
== Implementation Specification
(visible only on this page)
=== Message
Remove this use of threads.
'''
== Comments And Links
(visible only on this page)
=== on 20 Jul 2015, 07:37:44 Ann Campbell wrote:
Tagged java-top by Ann
endif::env-github,rspecator-view[]
Reference in New Issue View Git Blame Copy Permalink