Never use deprecated or obsolete methods or classes in new code. The Java SE 6 documentation provides a complete list of deprecated APIs [[API 2006]]. The guideline THI01-J. Do not invoke ThreadGroup methods describes issues that can result from using deprecated and obsolete methods.
The Java SE 6 documentation further indicates certain classes that are obsolete [[API 2006]]. For example, the java.util.Dictionary
class provides the same functionality as the Map
interface.
The java.util.Calendar
class suffers from multi-threading related issues; its subclasses, such as java.util.GregorianCalendar
, share these problems. Similarly, all of the subclasses of the abstract
class java.text.Format
are thread-unsafe. These classes must be avoided in multi-threaded code.
Risk Assessment
Using deprecated or obsolete classes or methods in program code can lead to erroneous behavior.
Guideline |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
---|---|---|---|---|---|
MET15-J |
high |
likely |
medium |
P18 |
L1 |
Automated Detection
Detecting uses of deprecated methods is straightforward.
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this guideline on the CERT website.
Bibliography
[[API 2006]] Deprecated API
[[SDN 2008]] Bug database, Bug ID 4264153
[[MITRE 2009]] CWE ID 589
MET14-J. Follow the general contract when implementing the compareTo() method 05. Methods (MET) MET17-J. Do not increase the accessibility of overridden or hidden methods