SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 32

changes.mady.by.user David Svoboda

Saved on

compared with

New Version 33

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Wiki Markup
            Never use deprecated or obsoletefields, methods or classes in new code. The Java SE 6 documentation provides a complete list of deprecated APIs \[[API 2006|AA. Bibliography#API 06]\].
The guidelines THI01-J. Do not invoke ThreadGroup methods and 
 Java provides a {{@deprecated}} annotation to indicate the deprecation of specific fields, methods, or classes.  For instance, many methods of {{java.util.Date}}, such as {{Date.getYear()}} have been explicitly deprecated.  The guideline [THI05-J. Do not use Thread.stop() to terminate threads] describes issues that can result from using
deprecated and obsolete methods
 the deprecated {{Thread.stop()}} method.

Wiki Markup
TheFields, methods, or classes that are obsolete should not be used.  Java SEprovides no 6annotation documentationto furtherindicate indicatesobsolescense; certainhowever classesseveral thatobjects are obsolete \[[API 2006|AA. Bibliography#API 06]\]documented as obsolete. For exampleinstance, the {{java.util.Dictionary}} class provides the same functionality as the {{Map}} interface.  is marked as obsolete, and new code should use {{java.util.Map<K,V>}} instead \[[API 2006|AA. Bibliography#API 06]\].

Finally, several classes and methods impose particular limitations on their use. For instanceThe java.util.Calendar class suffers from multi-threading related issues; its subclasses, such as java.util.GregorianCalendar, share these problems. Similarly, all of the subclasses of the abstract class java.text.Format are thread-unsafe. These classes must be avoided in multi-threaded code. For more information about thread-safety, see guideline TSM04-J. Document thread-safety and use annotations where applicable.

Risk Assessment

Using deprecated or obsolete classes or methods in program code can lead to erroneous behavior.

...

Detecting uses of deprecated methods is straightforward. Obsolete methods and thread-unsafe methods have no automatic means of detection.

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this guideline on the CERT website.

...

Wiki Markup
\[[API 2006|AA. Bibliography#API 06]\] [Deprecated API|http://java.sun.com/javase/6/docs/api/deprecated-list.html], [Dictionary|http://download.oracle.com/javase/6/docs/api/java/util/Dictionary.html]
\[[SDN 2008|AA. Bibliography#SDN 08]\] Bug database, [Bug ID 4264153|http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=4264153]
\[[MITRE 2009|AA. Bibliography#MITRE 09]\] [CWE ID 589|http://cwe.mitre.org/data/definitions/589.html]

...