1. @Deprecated” code should not be used
级别:cwe, obsolete, owasp-a9, security
Once deprecated, classes, and interfaces, and their members should be avoided, rather than used, inherited or extended. Deprecation is a warning that the class or interface has been superseded, and will eventually be removed. The deprecation period allows you to make a smooth transition away from the aging, soon-to-be-retired technology.
Noncompliant Code Example
/**
* @deprecated As of release 1.3, replaced by {@link #Fee}
*/@Deprecated
class Fum { ... }
public class Bar extends Fum { // Noncompliant; Fum is deprecated
public void myMethod() {
Foo foo = new Foo(); // okay; the class isn't deprecated
foo.doTheThing(); // Noncompliant
}
}
不应该在程序中使用@Deprecated
标注的接口、类和方法,该注解表明此功能已被废弃,之所以还存在是为了向前兼容,使用废弃的功能容易引起安全问题。
2. “@Override” annotation should be used on any method overriding (since Java 5) or implementing (since Java 6) another one
级别:bad-practice
Using the @Override annotation is useful for two reasons :
1. It elicits a warning from the compiler if the annotated method doesn’t actually override anything, as in the case of a misspelling.
2. It improves the readability of the source code by making it obvious that methods are overridden.
Noncompliant Code Example
class ParentClass {
public boolean doSomething(){...}
}
class FirstChildClass extends ParentClass {
public boolean doSomething(){...} // Noncompliant
}
Compliant Solution
class ParentClass {
public boolean doSomething(){...}
}
class FirstChildClass extends ParentClass {
@Override
public boolean doSomething(){...} // Compliant
}
当重写父类的方法或实现接口中的方法时,应该在方法上标注@Override
,一方面,这能提醒编译器如果由于拼写错误,这个方法在父类或接口中不存在,编译器能给出警告。另一方面,@Override
注解能提高代码的可读性。