Inconsistent synchronization for writeObject()¶
ID: java/inconsistent-sync-writeobject
Kind: problem
Security severity:
Severity: warning
Precision: medium
Tags:
- reliability
- correctness
- concurrency
- language-features
- external/cwe/cwe-662
Query suites:
- java-security-and-quality.qls
Click to see the query in the CodeQL repository
Classes with a synchronized writeObject
method but no other synchronized methods usually lack a sufficient level of synchronization. If any mutable state of this class can be modified without proper synchronization, the serialization using the writeObject
method may result in an inconsistent state.
Recommendation¶
See if synchronization is necessary on methods other than writeOject
to make the class thread-safe. Any methods that access or modify the state of an object of this class should usually be synchronized as well.
References¶
Java Language Specification: Synchronization.
Common Weakness Enumeration: CWE-662.