CWE-383 J2EE不安全实践:直接使用线程
J2EE Bad Practices: Direct Use of Threads
结构: Simple
Abstraction: Variant
状态: Draft
被利用可能性: unkown
基本描述
Thread management in a Web application is forbidden in some circumstances and is always highly error prone.
扩展描述
Thread management in a web application is forbidden by the J2EE standard in some circumstances and is always highly error prone. Managing threads is difficult and is likely to interfere in unpredictable ways with the behavior of the application container. Even without interfering with the container, thread management usually leads to bugs that are hard to detect and diagnose like deadlock, race conditions, and other synchronization errors.
相关缺陷
适用平台
Language: {'cwe_Name': 'Java', 'cwe_Prevalence': 'Undetermined'}
常见的影响
| 范围 | 影响 | 注释 |
|---|---|---|
| Other | Quality Degradation |
可能的缓解方案
Architecture and Design
策略:
For EJB, use framework approaches for parallel execution, instead of using threads.
示例代码
例
In the following example, a new Thread object is created and invoked directly from within the body of a doGet() method in a Java servlet.
bad Java
// Perform servlet tasks.
...
// Create a new thread to handle background processing.
Runnable r = new Runnable() {
// Process and store request statistics.
...
}
};
new Thread(r).start();
}
分类映射
| 映射的分类名 | ImNode ID | Fit | Mapped Node Name |
|---|---|---|---|
| 7 Pernicious Kingdoms | J2EE Bad Practices: Threads | ||
| Software Fault Patterns | SFP3 | Use of an improper API |
文章来源于互联网:scap中文网
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论