View Source

            Never use deprecated fields, methods, or classes in new code. The Java SE 6 documentation provides a complete list of deprecated APIs \[[API 2006|AA. Bibliography#API 06]\]. Java provides a {{@deprecated}} annotation to indicate the deprecation of specific fields, methods, and classes.  For instance, many methods of {{java.util.Date}}, such as {{Date.getYear()}}, have been explicitly deprecated.  The rule [THI05-J. Do not use Thread.stop() to terminate threads|THI05-J. Do not use Thread.stop() to terminate threads] describes issues that can result from using the deprecated {{Thread.stop()}} method.

Obsolete fields, methods, and classes should not be used.  Java provides no annotation to indicate obsolescence, but several objects are documented as obsolete. For instance, the {{java.util.Dictionary}} class is marked as obsolete, and new code should use {{java.util.Map<K,V>}} instead \[[API 2006|AA. Bibliography#API 06]\].

Finally, several classes and methods impose particular limitations on their use. For instance, all of the subclasses of the abstract class java.text.Format are thread-unsafe. These classes must be avoided in multithreaded code. For more information about thread-safety, see rule TSM04-J. Document thread-safety and use annotations where applicable.

Obsolete Methods and Classes

The following methods and classes must not be used:

Class or Method	Replacement	Rule
`java.lang.Character.isJavaLetter()`	`java.lang.Character.isJavaIdentifierStart()`
`java.lang.Character.isJavaLetterOrDigit()`	`java.lang.Character.isJavaIdentifierPart()`
`java.lang.Character.isSpace()`	`java.lang.Character.isWhitespace()`
`java.lang.reflect.Class.newInstance()`	`java.lang.reflect.Constructor.newInstance()`	ERR10-J. Do not let code throw undeclared checked exceptions
`java.util.Date` (many methods)	`java.util.Calendar`
`java.util.Dictionary`	`java.util.Map<K,V>`
`java.util.Properties.save()`	`java.util.Properties.store()`

Risk Assessment

Using deprecated or obsolete classes or methods in program code can lead to erroneous behavior.

Rule	Severity	Likelihood	Remediation Cost	Priority	Level
MET02-J	high	likely	medium	P18	L1

Automated Detection

Detecting uses of deprecated methods is straightforward. Obsolete methods and thread-unsafe methods have no automatic means of detection.

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="2d9a05da-a3f4-422b-92af-1dbab04c2800"><ac:plain-text-body><![CDATA[	[ISO/IEC TR 24772:2010	http://www.aitcnet.org/isai/]	"Deprecated Language Features [MEM]"	]]></ac:plain-text-body></ac:structured-macro>
MITRE CWE	CWE ID 589, "Call to Non-ubiquitous API"

Bibliography

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="00581fc3-24a4-496e-90dc-c004beff859f"><ac:plain-text-body><![CDATA[	[[API 2006	AA. Bibliography#API 06]]	[Deprecated API	http://java.sun.com/javase/6/docs/api/deprecated-list.html], [Dictionary	http://download.oracle.com/javase/6/docs/api/java/util/Dictionary.html]	]]></ac:plain-text-body></ac:structured-macro>
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="ea0ea259-8ff0-4180-b9ec-cc857f615831"><ac:plain-text-body><![CDATA[	[[SDN 2008	AA. Bibliography#SDN 08]]	Bug database, [Bug ID 4264153	http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=4264153]	]]></ac:plain-text-body></ac:structured-macro>

MET01-J. Never use assertions to validate method parameters 05. Methods (MET)