Poor Style: Explicit call to finalize()

ASDR Table of Contents

Last revision (mm/dd/yy): //

Description
The finalize method should only be called by the JVM after the object has been garbage collected.

While the Java Language Specification allows an object's finalize method to be called from outside the finalizer, doing so is usually a bad idea. For example, calling finalize explicitly means that finalize will be called more than once: the first time will be the explicit call and the last time will be the call that is made after the object is garbage collected.

Risk Factors
TBD

Examples
The following code fragment calls finalize explicitly:

// time to clean up	widget.finalize;

Related Attacks

 * Attack 1
 * Attack 2

Related Vulnerabilities

 * Vulnerability 1
 * Vulnerabiltiy 2

Related Controls

 * Control 1
 * Control 2

Related Technical Impacts

 * Technical Impact 1
 * Technical Impact 2