forked from github/codeql
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathCallsToRunnableRun.ql
More file actions
30 lines (27 loc) · 896 Bytes
/
CallsToRunnableRun.ql
File metadata and controls
30 lines (27 loc) · 896 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
/**
* @name Direct call to a run() method
* @description Directly calling a 'Thread' object's 'run' method does not start a separate thread
* but executes the method within the current thread.
* @kind problem
* @problem.severity recommendation
* @precision high
* @id java/call-to-thread-run
* @previous-id java/run-method-called-on-java-lang-thread-directly
* @tags quality
* reliability
* concurrency
* external/cwe/cwe-572
*/
import java
class RunMethod extends Method {
RunMethod() {
this.hasName("run") and
this.hasNoParameters() and
this.getDeclaringType().getAnAncestor().hasQualifiedName("java.lang", "Thread")
}
}
from MethodCall m, RunMethod run
where
m.getMethod() = run and
not m.getEnclosingCallable() instanceof RunMethod
select m, "Calling 'Thread.run()' rather than 'Thread.start()' will not spawn a new thread."