Avoid declaring a field type as MessageDigest

このページは日本語には対応しておりません。随時翻訳に取り組んでいます。翻訳に関してご質問やご意見ございましたら、お気軽にご連絡ください。

Metadata

ID: java-best-practices/avoid-message-digest-field

Language: Java

Severity: Notice

Category: Best Practices

Description

When you designate a MessageDigest instance as a class member, you enable direct access for multiple threads in your program. It is important to exercise caution when sharing instances among threads without proper synchronization.

Instead of sharing a single MessageDigest instance, consider generating new instances when necessary and using them locally within the specific context where they are needed. This practice offers two benefits. First, it guarantees that each thread operates on its own instance, thereby minimizing the possibility of interference between threads. Second, it sidesteps the intricacies of managing synchronized access to a shared instance.

Non-Compliant Code Examples

public class Foo {
    private final MessageDigest sharedMd; // should avoid this
    
    public Foo() throws Exception {
        sharedMd = MessageDigest.getInstance("SHA-256");
    }
    
    public byte[] bar(byte[] data) {
        // Incorrect outcomes could arise from sharing a 
        // MessageDigest without synchronized access.
        sharedMd.reset();
        sharedMd.update(data);
        return sharedMd.digest();
    }
}

Compliant Code Examples

public class Foo {
    public byte[] bar(byte[] data) throws Exception {
        MessageDigest md = MessageDigest.getInstance("SHA-256");
        md.update(data);
        return md.digest();
    }
}
https://static.datadoghq.com/static/images/logos/github_avatar.svg https://static.datadoghq.com/static/images/logos/vscode_avatar.svg jetbrains

Seamless integrations. Try Datadog Code Analysis

Datadog Code Analysis
PREVIEWING: may/unit-testing