Never use deprecated fields, methods, or classes in new code. The Java SE 6 documentation provides a complete list of deprecated APIs \[[API 2006|AA. Bibliography#API 06]\]. Java provides a {{@deprecated}} annotation to indicate the deprecation of specific fields, methods, and classes.  For instance, many methods of {{java.util.Date}}, such as {{Date.getYear()}}, have been explicitly deprecated.  The rule [THI05-J. Do not use Thread.stop() to terminate threads|THI05-J. Do not use Thread.stop() to terminate threads] describes issues that can result from using the deprecated {{Thread.stop()}} method.

Obsolete fields, methods, and classes should not be used.  Java provides no annotation to indicate obsolescence, but several objects are documented as obsolete. For instance, the {{java.util.Dictionary}} class is marked as obsolete, and new code should use {{java.util.Map<K,V>}} instead \[[API 2006|AA. Bibliography#API 06]\].

Finally, several classes and methods impose particular limitations on their use. For instance, all of the subclasses of the abstract class java.text.Format are thread-unsafe. These classes must be avoided in multithreaded code. For more information about thread-safety, see rule TSM04-J. Document thread-safety and use annotations where applicable.

Obsolete Methods and Classes

The following methods and classes must not be used:

Class or Method

Replacement

Rule

java.lang.Character.isJavaLetter()

java.lang.Character.isJavaIdentifierStart()

java.lang.Character.isJavaLetterOrDigit()

java.lang.Character.isJavaIdentifierPart()

java.lang.Character.isSpace()

java.lang.Character.isWhitespace()

java.lang.reflect.Class.newInstance()

java.lang.reflect.Constructor.newInstance()

ERR10-J. Do not let code throw undeclared checked exceptions

java.util.Date (many methods)

java.util.Calendar

java.util.Dictionary

java.util.Map<K,V>

java.util.Properties.save()

java.util.Properties.store()

Risk Assessment

Using deprecated or obsolete classes or methods in program code can lead to erroneous behavior.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

MET15-J

high

likely

medium

P18

L1

Automated Detection

Detecting uses of deprecated methods is straightforward. Obsolete methods and thread-unsafe methods have no automatic means of detection.

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="8e8dd34e-232e-48e3-bda0-1a9bf325a7ff"><ac:plain-text-body><![CDATA[

[[MITRE 2009

AA. Bibliography#MITRE 09]]

[CWE-589

http://cwe.mitre.org/data/definitions/589.html]

]]></ac:plain-text-body></ac:structured-macro>

Bibliography

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="73f1a722-d28c-4510-8459-211d3c855ee5"><ac:plain-text-body><![CDATA[

[[API 2006

AA. Bibliography#API 06]]

[Deprecated API

http://java.sun.com/javase/6/docs/api/deprecated-list.html], [Dictionary

http://download.oracle.com/javase/6/docs/api/java/util/Dictionary.html]

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="6452f557-d18e-43d4-a099-0d0fde9c8c3e"><ac:plain-text-body><![CDATA[

[[SDN 2008

AA. Bibliography#SDN 08]]

Bug database, [Bug ID 4264153

http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=4264153]

]]></ac:plain-text-body></ac:structured-macro>


MET14-J. Follow the general contract when implementing the compareTo() method      05. Methods (MET)