SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 48

changes.mady.by.user Tracey Tamules

Saved on

compared with

New Version 49

changes.mady.by.user Tracey Tamules

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Finally, several classes and methods impose particular limitations on their use. For instance, all of the subclasses of the abstract class java.text.Format are thread-unsafe. These classes must be avoided in multithreaded code. For more information about thread-safety, see rule TSM04-J. Document thread-safety and use annotations where applicable.

Obsolete Methods and Classes

The following methods and classes must not be used:

Class or Method

Replacement

Rule

java.lang.Character.isJavaLetter()

java.lang.Character.isJavaIdentifierStart()

java.lang.Character.isJavaLetterOrDigit()

java.lang.Character.isJavaIdentifierPart()

java.lang.Character.isSpace()

java.lang.Character.isWhitespace()

java.lang.reflect.Class.newInstance()

java.lang.reflect.Constructor.newInstance()

ERR10-J. Do not let code throw undeclared checked exceptions

java.util.Date (many methods)

java.util.Calendar

java.util.Dictionary

java.util.Map<K,V>

java.util.Properties.save()

java.util.Properties.store()

Risk Assessment

Using deprecated or obsolete classes or methods in program code can lead to erroneous behavior.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

MET15-J

high

likely

medium

P18

L1

Automated Detection

Detecting uses of deprecated methods is straightforward. Obsolete methods and thread-unsafe methods have no automatic means of detection.

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="154c0cb620232af7-53baf045-44fe497c-b0aca26f-48f5a90178191d2c87210b1f"><ac:plain-text-body><![CDATA[

[[MITRE 2009

AA. Bibliography#MITRE 09]]

[CWE-589

http://cwe.mitre.org/data/definitions/589.html]

]]></ac:plain-text-body></ac:structured-macro>

Bibliography

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="2bb744341127a9c6-a41267c0-4558462d-8edaaf0b-e8019e1d046e25d1d3f0f4f3"><ac:plain-text-body><![CDATA[

[[API 2006

AA. Bibliography#API 06]]

[Deprecated API

http://java.sun.com/javase/6/docs/api/deprecated-list.html], [Dictionary

http://download.oracle.com/javase/6/docs/api/java/util/Dictionary.html]

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="d27b2a07e5444ef4-8217998d-43614946-9028b439-5023a9e491f0eab5ec706474"><ac:plain-text-body><![CDATA[

[[SDN 2008

AA. Bibliography#SDN 08]]

Bug database, [Bug ID 4264153

http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=4264153]

]]></ac:plain-text-body></ac:structured-macro>

...