forked from github/codeql
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathEjbSynchronization.ql
More file actions
31 lines (27 loc) · 1.08 KB
/
EjbSynchronization.ql
File metadata and controls
31 lines (27 loc) · 1.08 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
/**
* @name EJB uses synchronization
* @description An EJB should not use synchronization, since it will not work properly
* if an EJB is distributed across multiple JVMs.
* @kind problem
* @problem.severity error
* @precision low
* @id java/ejb/synchronization
* @tags reliability
* external/cwe/cwe-574
*/
import java
import semmle.code.java.frameworks.javaee.ejb.EJB
import semmle.code.java.frameworks.javaee.ejb.EJBRestrictions
/*
JSR 220: Enterprise JavaBeansTM,Version 3.0
EJB Core Contracts and Requirements
Section 21.1.2 Programming Restrictions
- An enterprise bean must not use thread synchronization primitives to synchronize execution of
multiple instances.
This is for the same reason as above. Synchronization would not work if the EJB container distributed
enterprise bean's instances across multiple JVMs.
*/
from Callable origin, ForbiddenSynchronizationCallable target, Call call
where ejbCalls(origin, target, call)
select origin, "EJB should not use synchronization by calling $@.",
call, target.getDeclaringType().getName() + "." + target.getName()