Poor Style: Explicit call to finalize()

Last revision (mm/dd/yy): //

Vulnerabilities Table of Contents

ASDR Table of Contents

Description
The finalize method should only be called by the JVM after the object has been garbage collected.

While the Java Language Specification allows an object's finalize method to be called from outside the finalizer, doing so is usually a bad idea. For example, calling finalize explicitly means that finalize will be called more than once: the first time will be the explicit call and the last time will be the call that is made after the object is garbage collected.

Risk Factors
TBD

Examples
The following code fragment calls finalize explicitly:

// time to clean up	widget.finalize;

Related Attacks

 * Attack 1
 * Attack 2

Related Vulnerabilities

 * Vulnerability 1
 * Vulnerabiltiy 2

Related Controls

 * Control 1
 * Control 2

Related Technical Impacts

 * Technical Impact 1
 * Technical Impact 2