Java System Exit Or Runtime Halt
Description
Detects potentially dangerous uses of System.exit(), Runtime.exit() or Runtime.halt() methods in Java applications that can abruptly terminate program execution. These methods should be avoided in production code as they bypass proper shutdown procedures and can lead to resource leaks, data loss, or denial of service when misused.
Detection Strategy
• Identifies direct calls to System.exit(), Runtime.getRuntime.exit(), or Runtime.getRuntime.halt() methods in Java code
• Excludes exit/halt calls that occur within the main() method since those are considered acceptable usage
• Reports a vulnerability when these termination methods are called from any other context in the application
• Checks both the method name (exit/halt) and its full qualifying path to confirm it matches the dangerous system termination calls
Vulnerable code example
public class UnsafeExit {
public void riskyExits() {
// Dangerous: Abrupt application termination can leave resources in inconsistent state
System.exit(0);
Runtime.getRuntime().exit(0);
// Particularly unsafe: halt() doesn't run shutdown hooks or finalizers
Runtime.getRuntime().halt(0);
}...✅ Secure code example
public class SafeExit {
public void safeTermination() throws Exception {
// Safe: Throw exceptions instead of abrupt exits
throw new IllegalStateException("Application needs to terminate");
// Alternative: Use return to exit method cleanly
// return;
}...Search for vulnerabilities in your apps for free with Fluid Attacks' automated security testing! Start your 21-day free trial and discover the benefits of the Continuous Hacking Essential plan. If you prefer the Advanced plan, which includes the expertise of Fluid Attacks' hacking team, fill out this contact form.