...
Even though thread groups are useful for keeping threads organized, programmers seldom benefit from their use because many of the methods of the ThreadGroup class (for example, allowThreadSuspension(), resume(), stop(), and suspend()) are deprecated. Furthermore, many nondeprecated methods are obsolete in that they offer little desirable functionality. Ironically, a few ThreadGroup methods are not even thread-safe [Bloch 2001].
Insecure yet nondeprecated non-deprecated methods include
ThreadGroup.activeCount()
According to the Java API [API 2014], theactiveCount()method
This method is often used as a precursor to thread enumeration. Threads that have never started nevertheless reside in the thread group and are considered to be active. The active count is also affected by the presence of certain system threads [API 2014]. Consequently, thereturns an estimate of the number of active threads in the current thread's thread group and its subgroups.
activeCount()method might fail to reflect the actual number of running tasks in the thread group.
...
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
THI01-J | Low | Probable | Medium | P4 | L3 |
Automated Detection
| Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| Parasoft Jtest |
| CERT.THI01.AUTG | Do not use variables of the unsafe type 'java.lang.ThreadGroup' | ||||||
| SonarQube |
| S3014 | "ThreadGroup" should not be used |
...