16f6c0aecf
Inline adoc files when they are included exactly once. Also fix language tags because this inlining gives us better information on what language the code is written in.
49 lines
1.1 KiB
Plaintext
49 lines
1.1 KiB
Plaintext
== Why is this an issue?
|
|
|
|
When a cycle exists between classes during their ``++static++`` initialization, the results can be unpredictable because they depend on which class was initialized first.
|
|
|
|
|
|
=== Noncompliant code example
|
|
|
|
[source,java]
|
|
----
|
|
public class A {
|
|
public static int a = B.b + 1; // Noncompliant; sometimes a = 1, others a = 2
|
|
}
|
|
|
|
public class B {
|
|
public static int b = A.a + 1; // Noncompliant; sometimes b = 1, others b = 2
|
|
}
|
|
----
|
|
|
|
|
|
== Resources
|
|
|
|
* https://www.securecoding.cert.org/confluence/display/java/DCL00-J.+Prevent+class+initialization+cycles[CERT, DCL00-J.] - Prevent class initialization cycles
|
|
|
|
|
|
ifdef::env-github,rspecator-view[]
|
|
|
|
'''
|
|
== Implementation Specification
|
|
(visible only on this page)
|
|
|
|
=== Message
|
|
|
|
Class "xxx" accesses this class during static initialization.
|
|
|
|
|
|
'''
|
|
== Comments And Links
|
|
(visible only on this page)
|
|
|
|
=== is related to: S3263
|
|
|
|
=== on 13 Jan 2015, 15:17:51 Ann Campbell wrote:
|
|
We had this in your queue for research, but I came across the CERT reference...
|
|
|
|
=== on 27 Jan 2015, 20:13:41 Freddy Mallet wrote:
|
|
And so the "cwe" tag is missing :)
|
|
|
|
endif::env-github,rspecator-view[]
|