...
According to the Java API [API 20062011], Annotation Type SuppressWarnings documentation,
As a matter of style, programmers should always use this annotation on the most deeply nested element where it is effective. If you want to suppress a warning in a particular method, you should annotate that method rather than its class.
...
This noncompliant code example is from the implementation of java.util.ArrayList. When the class is compiled, it emits an unchecked cast warning, as shown. Because the return statement is not a declaration, the Java Language Specification [JLS 20052011] makes it impossible to suppress the warning trivially. Consequently, the @SuppressWarnings is used over method scope. This can cause issues when some functionality that performs type-unsafe operations is added to the method at a later date [Bloch 2008].
...
| Code Block | ||
|---|---|---|
| ||
// ...
@SuppressWarnings("unchecked") T[] result =
(T[]) Arrays.copyOf(elements, size, a.getClass());
return result;
// ...
|
...
Applicability
Failure to reduce the scope of the @SuppressWarnings annotation can lead to runtime exceptions and break type-safety guarantees.
Guideline | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
MSC51-JG | medium | probable | high | P4 | L3 |
...
This rule cannot be statically enforced in full generality; static analysis could be possible for some interesting special cases.
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Bibliography
[Bloch 2008] Item 24: "Eliminate unchecked warnings"
...