cwe-362-race-condition

star 1

Use this skill when you need to remediate CWE-362 (Race Condition) vulnerabilities in Java code. Triggers on SAST findings, security reviews, or when fixing race condition issues.

DevelopersCoffee By DevelopersCoffee schedule Updated 3/6/2026
play_arrow Run Skill in Manus View GitHub

name: cwe-362-race-condition description: Use this skill when you need to remediate CWE-362 (Race Condition) vulnerabilities in Java code. Triggers on SAST findings, security reviews, or when fixing race condition issues. version: 1.0.0 license: MIT tags:

  • security
  • java
  • cwe-362
  • remediation
  • sast

CWE-362 Race Condition

Description

Race Condition

Reference: https://cwe.mitre.org/data/definitions/362.html

OWASP Category: A04:2021 – Insecure Design

Vulnerable Pattern

❌ Example 1: Vulnerable Pattern

// VULNERABLE: Race condition in check-then-act
private int counter = 0;

public void increment() {
    if (counter < MAX_VALUE) {
        counter++; // Race condition
    }
}

Why it's vulnerable: This pattern is vulnerable to Race Condition

Deterministic Fix

✅ Secure Implementation: Secure Implementation

// SECURE: Use AtomicInteger for thread-safe operations
private AtomicInteger counter = new AtomicInteger(0);

public void increment() {
    counter.updateAndGet(c -> Math.min(c + 1, MAX_VALUE));
}

// Or use synchronization
private final Object lock = new Object();
public void incrementSynchronized() {
    synchronized (lock) {
        if (counter < MAX_VALUE) {
            counter++;
        }
    }
}

Why it's secure: Implements proper protection against Race Condition

Detection Pattern

Look for these patterns in your codebase:

# Find unsynchronized increment
grep -rn "++\\|--" --include="*.java" | grep -v "synchronized\\|Atomic"

Remediation Steps

  1. Use atomic variables for simple counters

  2. Use synchronized blocks for complex operations

  3. Consider using concurrent collections

  4. Use ReentrantLock for more control

Key Imports


import java.util.concurrent.atomic.AtomicInteger;

Verification

After remediation:

  • Run SAST scanner to confirm vulnerability is resolved

  • Review all instances of the vulnerable pattern

  • Add unit tests that verify the secure implementation

  • Check for similar patterns in related code

Trigger Examples

Fix CWE-362 vulnerability
Resolve Race Condition issue
Secure this Java code against race condition
SAST reports CWE-362

Common Vulnerable Locations

Layer Files Patterns

| Controller | *Controller.java | User input handling |

| Service | *Service.java | Business logic |

| Repository | *Repository.java | Data access |

References

Source: Generated by Java CWE Security Skills Generator Last Updated: 2026-03-07

Install via CLI
npx skills add https://github.com/DevelopersCoffee/java-cwe-security-skills --skill cwe-362-race-condition
Repository Details
star Stars 1
call_split Forks 0
navigation Branch main
article Path SKILL.md
More from Creator
DevelopersCoffee
DevelopersCoffee Explore all skills →