TechQA.

Fortify race condition in servlet

4.9k views Asked by At

I'm getting the following abstract for several similar lines of code:

The class LabResult is a singleton, so the member field testname is shared between users. The result is that one user could see another user's data.

Where this is the line of code:

public void setTestname(String testname) {
    this.testname = testname;
}

I have 57 of these errors since this is happening in almost every form. Is there really a security error here?

java servlets fortify
Original Q&A
2

There are 2 answers

2
forgivenson On

I assume that code you showed is part of the class LabResult. From the name of the class, I'd guess you create more than just one object of that class, so you don't want to use a singleton (which is a class restricted to only one instance of itself). Otherwise, one user will set the fields in that class, and then another user will overwrite that data, and then the first user will get back the other user's data. Probably not what you want.

0
Manas On

Essentially any instance variable should be constant, that is 'static final' but in case your instance variable does not have a final value we can declare your testname as below

private static volatile testname;

Details can be found here. Race condition - field member issue

Related Questions in JAVA

Related Questions in SERVLETS

Related Questions in FORTIFY

Popular Questions

Popular Tags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Trending Questions