Bug 991388 - RTGov uses Strings as lock objects
Summary: RTGov uses Strings as lock objects
Keywords:
Status: CLOSED CURRENTRELEASE
Alias: None
Product: JBoss Fuse Service Works 6
Classification: JBoss
Component: RT Governance
Version: 6.0.0 GA
Hardware: Unspecified
OS: Unspecified
unspecified
low
Target Milestone: ER1
: 6.0.0
Assignee: Gary Brown
QA Contact: Jiri Sedlacek
URL:
Whiteboard:
Depends On:
Blocks:
TreeView+ depends on / blocked
 
Reported: 2013-08-02 10:18 UTC by Jiri Pechanec
Modified: 2015-08-02 23:44 UTC (History)
2 users (show)

Fixed In Version:
Clone Of:
Environment:
Last Closed: 2014-02-06 15:25:16 UTC
Type: Bug
Embargoed:


Attachments (Terms of Use)


Links
System ID Private Priority Status Summary Last Updated
Red Hat Issue Tracker RTGOV-242 0 Major Closed Change string sync objects to Object 2014-07-02 09:18:50 UTC

Description Jiri Pechanec 2013-08-02 10:18:38 UTC
There are multiple places in RTGov that uses constant string as a lock object
rtgov/modules/activity-analysis/reports/src/main/java/org/overlord/rtgov/reports/ReportManagerAccessor.java:    private static final String SYNC=new String("sync");
rtgov/modules/activity-management/activity/src/main/java/org/overlord/rtgov/activity/validator/ActivityValidatorManagerAccessor.java:    private static final String SYNC=new String("sync");
rtgov/modules/activity-management/activity/src/main/java/org/overlord/rtgov/activity/processor/InformationProcessorManagerAccessor.java:    private static final String SYNC=new String("sync");
rtgov/modules/activity-management/activity/src/main/java/org/overlord/rtgov/activity/collector/ActivityCollectorAccessor.java:    private static final String SYNC=new String("sync");
rtgov/modules/event-processor-network/epn-core/src/main/java/org/overlord/rtgov/epn/EPNManagerAccessor.java:    private static final String SYNC=new String("sync");
rtgov/modules/active-queries/active-collection/src/main/java/org/overlord/rtgov/active/collection/ActiveCollectionManagerAccessor.java:    private static final String SYNC=new String("sync");

This is an antipattern and can lead to unpredictable behaviour as the String constant acts as a global JVM lock

https://www.securecoding.cert.org/confluence/display/java/LCK01-J.+Do+not+synchronize+on+objects+that+may+be+reused

Comment 1 Gary Brown 2013-08-02 10:29:13 UTC
These are not string constants, they are string instances. If you look on the referenced page under "Compliant Solution (String Instance)" you will find they are ok.

Comment 2 Jiri Pechanec 2013-08-02 10:36:26 UTC
Right, under these conditions I am lowering the severity to low - refer to the sentence
-- Nevertheless, a better approach is to synchronize on a private final lock object, as shown in the following compliant solution. --

Comment 3 Jiri Pechanec 2013-09-16 09:29:19 UTC
Verified in ER2

Comment 7 JBoss JIRA Server 2014-07-02 09:18:50 UTC
Gary Brown <gary> updated the status of jira RTGOV-242 to Closed


Note You need to log in before you can comment on or make changes to this bug.