Method declared as "ProcedureBlock = 0"

objectscriptQuality release 
1.0.0
Id 
OS0037
Rule type 
Vulnerability
Severity 

Blocker

Blocker
SQALE characteristic 
  • Security
    • Security compliance
Tags 
design, maintainability
Remediation function 
Constant/issue
Remediation cost 
4d

Usage of ProcedureBlock = 0 in method modifiers is confusing (at best) and dangerous (always). Consider those two classes, running in the same process:

    // Class C1
    Class C1
    {
    ClassMethod m() [ ProcedureBlock = 0 ]
    {
        set x = "world"
    }
    }

    // Class C2
    Class C2
    {
    ClassMethod m() [ ProcedureBlock = 0 ]
    {
        do ##class(C1).m()
        w "hello ", x, "!", !
    }
    }

Running method m of class C2 will yield:

    hello world!

This means that any variable set in any method defined as ProcedureBlock = 0 will be visible to any other such method.

This is a very dangerous feature. It is very strongly recommended that the code be refactored so as to avoid using this feature altogether. One such way would be, for example, to use globals instead.