This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit

Difference between revisions of "Poor Style: Empty Synchronized Block"

Jump to: navigation, search
Line 1: Line 1:
#REDIRECT [[Failure to follow guideline/specification]]
Line 8: Line 10:
Last revision (mm/dd/yy): '''{{REVISIONMONTH}}/{{REVISIONDAY}}/{{REVISIONYEAR}}'''
Last revision (mm/dd/yy): '''{{REVISIONMONTH}}/{{REVISIONDAY}}/{{REVISIONYEAR}}'''
[[Category:FIXME|This is the text from the old template. This needs to be rewritten using the new template.]]
Line 56: Line 55:
[[Category:FIXME|add links
In addition, one should classify vulnerability based on the following subcategories: Ex:<nowiki>[[Category:Error Handling Vulnerability]]</nowiki>
Availability Vulnerability
Authorization Vulnerability
Authentication Vulnerability
Concurrency Vulnerability
Configuration Vulnerability
Cryptographic Vulnerability
Encoding Vulnerability
Error Handling Vulnerability
Input Validation Vulnerability
Logging and Auditing Vulnerability
Session Management Vulnerability]]
[[Category:OWASP ASDR Project]]
[[Category:Code Quality Vulnerability]]
[[Category:Code Snippet]]

Revision as of 16:25, 17 February 2009


#REDIRECT Failure to follow guideline/specification

ASDR Table of Contents

Last revision (mm/dd/yy): 02/17/2009


This synchronized block contains no statements; it is unlikely the synchronization achieves the intended effect.

Synchronization in Java can be tricky. An empty synchronized block is often a sign that a programmer is wrestling with synchronization but has not yet achieved the result they intend.

Risk Factors



synchronized(this) { }

Related Attacks

Related Vulnerabilities

Related Controls

Related Technical Impacts