
Never use deprecated fields, methods, or classes in new code. The Java SE 6 documentation provides a complete list of deprecated APIs [[API 2006]]. Java provides a @deprecated
annotation to indicate the deprecation of specific fields, methods, and classes. For instance, many methods of java.util.Date
, such as Date.getYear()
, have been explicitly deprecated. The rule THI05-J. Do not use Thread.stop() to terminate threads describes issues that can result from using the deprecated Thread.stop()
method.
Obsolete fields, methods, and classes should not be used. Java provides no annotation to indicate obsolescence, but several objects are documented as obsolete. For instance, the java.util.Dictionary
class is marked as obsolete, and new code should use java.util.Map<K,V>
instead [[API 2006]].
Finally, several classes and methods impose particular limitations on their use. For instance, all of the subclasses of the abstract
class java.text.Format
are thread-unsafe. These classes must be avoided in multithreaded code. For more information about thread-safety, see rule TSM04-J. Document thread-safety and use annotations where applicable.
Obsolete Methods and Classes
The following methods and classes must not be used:
Class or Method |
Replacement |
Rule |
---|---|---|
|
|
|
|
|
|
|
|
|
|
|
ERR10-J. Do not let code throw undeclared checked exceptions |
|
|
|
|
|
|
|
|
Risk Assessment
Using deprecated or obsolete classes or methods in program code can lead to erroneous behavior.
Rule |
Severity |
Likelihood |
Remediation Cost |
Priority |
Level |
---|---|---|---|---|---|
MET15-J |
high |
likely |
medium |
P18 |
L1 |
Automated Detection
Detecting uses of deprecated methods is straightforward. Obsolete methods and thread-unsafe methods have no automatic means of detection.
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
Related Guidelines
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="0b7120d7-10ea-4905-a795-1640bbbe867d"><ac:plain-text-body><![CDATA[ |
[[MITRE 2009 |
AA. Bibliography#MITRE 09]] |
[CWE-589 |
http://cwe.mitre.org/data/definitions/589.html] |
]]></ac:plain-text-body></ac:structured-macro> |
Bibliography
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="b3d5cb40-4a74-467a-9b3f-bcc64b792b78"><ac:plain-text-body><![CDATA[ |
[[API 2006 |
AA. Bibliography#API 06]] |
[Deprecated API |
http://java.sun.com/javase/6/docs/api/deprecated-list.html], [Dictionary |
http://download.oracle.com/javase/6/docs/api/java/util/Dictionary.html] |
]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="6a5ee7f5-a322-4ad4-97fa-a6a2ac414379"><ac:plain-text-body><![CDATA[ |
[[SDN 2008 |
AA. Bibliography#SDN 08]] |
Bug database, [Bug ID 4264153 |
http://bugs.sun.com/bugdatabase/view_bug.do?bug_id=4264153] |
]]></ac:plain-text-body></ac:structured-macro> |
MET14-J. Follow the general contract when implementing the compareTo() method 05. Methods (MET) MET17-J. Do not increase the accessibility of overridden or hidden methods