Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Parasoft Jtest 2021.1

Wiki Markup Never use deprecated fields, methods, or classes in new code. The Java SE 6 documentation provides a complete list of deprecated APIs \[[API 2006|AA. Bibliography#API 06]\]. Java provides a {{@deprecated}} annotation to indicate the deprecation of specific fields, methods, and classes. For instance, many methods of {{provides an @deprecated annotation to indicate the deprecation of specific fields, methods, and classes. For example, many methods of java.util.Date}}, such as {{Date.getYear()}}, have been explicitly deprecated. The rule [THI05-J. Do not use Thread.stop() to terminate threads|THI05-J. Do not use Thread.stop() to terminate threads] describes issues that can result from using the deprecated {{Thread.stop()}} method. 

The Java SE documentation provides a list of deprecated APIs for each version of the language:

Programmers should use the list of deprecated functions specific to the language version they are using, although it may also be possible to avoid the use of APIs that are deprecated in later versions as well if suitable alternatives are available.

Obsolete fields, methods, and classes should not be used. Java lacks any annotation that indicates obsolescence; nevertheless, several classes and methods are documented as obsolete. For instance, the java.util.Dictionary<K,V> class is marked as obsolete; new code should use Wiki MarkupObsolete fields, methods, and classes should not be used. Java provides no annotation to indicate obsolescence, but several objects are documented as obsolete. For instance, the {{java.util.Dictionary}} class is marked as obsolete, and new code should use {{java.util.Map<K,V>}} instead \ [[API 2006|AA. Bibliography#API 06]\].Finally, several classes and methods impose particular limitations on their use. For instance, all of the subclasses of the abstract class java.text.Format are thread-unsafe. These classes must be avoided in multithreaded code. For more information about thread-safety, see rule TSM04-J. Document thread-safety and use annotations where applicable.API 2014].

Obsolete Methods and Classes

The following methods and classes listed in the following table must not be used:

Class or Method

Replacement

Rule

java.lang.Character.isJavaLetter()

java.lang.Character.isJavaIdentifierStart()


java.lang.Character.isJavaLetterOrDigit()

java.lang.Character.isJavaIdentifierPart()


java.lang.Character.isSpace()

java.lang.Character.isWhitespace()


java.lang

.reflect

.Class.newInstance()

java.lang.reflect.Constructor.newInstance()

ERR10

ERR06-J. Do not

let code

throw undeclared checked exceptions

java.util.Date (many methods)

java.util.Calendar


java.util.

Dictionary

Dictionary<K,V>

java.util.Map<K,V>


java.util.Properties.save()

java.util.Properties.store()


java.lang.Thread.run()

java.lang.Thread.start()

THI00-J. Do not invoke Thread.run()

java.lang.Thread.stop()

java.lang.Thread.interrupt()

THI05-J. Do not use Thread.stop() to terminate threads

java.lang.ThreadGroup (many methods)

java.util.concurrent.Executor

THI01-J. Do not invoke ThreadGroup methods

java.util.Datejava.time (since Java 8)

The Java Virtual Machine Profiler Interface (JVMPI) and JVM Debug Interface (JVMDI) are also deprecated and have been replaced by the JVM Tool Interface (JVMTI) (see ENV05-J. Do not deploy an application that can be remotely monitored for more information).

Risk Assessment

Using deprecated or obsolete classes or methods in program code can lead to erroneous behavior.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

MET02-J

high

Low

likely

Unlikely

medium

Medium

P18

P2

L1

L3

Automated Detection

Detecting uses of deprecated methods is straightforward. Obsolete methods and thread-unsafe methods have no automatic means of detection.

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

ToolVersionCheckerDescription
Parasoft Jtest
Include Page
Parasoft_V
Parasoft_V
CERT.MET02.DPRAPI
CERT.MET02.THRD
Do not use deprecated APIs
Avoid calling unsafe deprecated methods of 'Thread' and 'Runtime'
SonarQube
Include Page
SonarQube_V
SonarQube_V
S1874"@Deprecated" code should not be used

Related Guidelines

ISO/IEC TR 24772:2010

Deprecated Language Features [MEM]

MITRE CWE

CWE-589,

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="1ea6870c-10ab-4e89-ab0a-3c6af03bd413"><ac:plain-text-body><![CDATA[

[[MITRE 2009

AA. Bibliography#MITRE 09]]

[CWE-589

http://cwe.mitre.org/data/definitions/589.html] "

Call to Non-ubiquitous API

"

]]></ac:plain-text-body></ac:structured-macro>

Bibliography

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="e336313c-2fe9-42f1-895a-84bcb34f7bce"><ac:plain-text-body><![CDATA[

[[API 2006

AA. Bibliography#API 06]]

[Deprecated API

http://java.sun.com/javase/6/docs/api/deprecated-list.html], [Dictionary

http://download.oracle.com/javase/6/docs/api/java/util/Dictionary.html]

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="5cd69797-a83b-4d36-a4b5-d46c81fd1520"><ac:plain-text-body><![CDATA[

[[SDN 2008

AA. Bibliography#SDN 08]]

Bug database, [Bug ID 4264153

http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=4264153]

]]></ac:plain-text-body></ac:structured-macro>

Android Implementation Details

The Android SDK has deprecated and obsolete APIs. Also, there may exist incompatible APIs depending on the SDK version. Consequently, it is recommended that developers refer to the "Android API Differences Report" and consider replacing deprecated APIs.

Bibliography


...

Image Added Image Added MET01-J. Never use assertions to validate method parameters      05. Methods (MET)