Class declared as "Not ProcedureBlock"

objectscriptQuality release 
1.0.0
Id 
OS0036
Rule type 
Vulnerability
Severity 

Blocker

Blocker
SQALE characteristic 
  • Security
    • Security compliance
Tags 
design
Remediation function 
Constant/issue
Remediation cost 
1d

Usage of Not ProcedureBlock in class modifiers is, confusing (at best) and dangerous (always). Consider those two classes running in the same process:

    // Class C1
    Class C1 [ Not ProcedureBlock ]
    {
    ClassMethod m()
    {
        set x = "world"
    }
    }

    // Class C2
    Class C2 [ Not ProcedureBlock ]
    {
    ClassMethod m()
    {
        do ##class(C1).m()
        w "hello ", x, "!", !
    }
    }

Running method m of class C2 will yield:

    hello world!

This means that any variable set in any class defined as Not ProcedureBlock will be visible to any other such class.

This is a very dangerous feature. It is very strongly recommended that the code be refactored so as to avoid using this feature altogether. One such way would be, for example, to use globals instead.