1. @Deprecated” code should not be used
級別:cwe, obsolete, owasp-a9, security
Once deprecated, classes, and interfaces, and their members should be avoided, rather than used, inherited or extended. Deprecation is a warning that the class or interface has been superseded, and will eventually be removed. The deprecation period allows you to make a smooth transition away from the aging, soon-to-be-retired technology.
Noncompliant Code Example
/**
* @deprecated As of release 1.3, replaced by {@link #Fee}
*/@Deprecated
class Fum { ... }
public class Bar extends Fum { // Noncompliant; Fum is deprecated
public void myMethod() {
Foo foo = new Foo(); // okay; the class isn't deprecated
foo.doTheThing(); // Noncompliant
}
}
不應該在程序中使用@Deprecated
標註的接口、類和方法,該註解表明此功能已被廢棄,之所以還存在是爲了向前兼容,使用廢棄的功能容易引起安全問題。
2. “@Override” annotation should be used on any method overriding (since Java 5) or implementing (since Java 6) another one
級別:bad-practice
Using the @Override annotation is useful for two reasons :
1. It elicits a warning from the compiler if the annotated method doesn’t actually override anything, as in the case of a misspelling.
2. It improves the readability of the source code by making it obvious that methods are overridden.
Noncompliant Code Example
class ParentClass {
public boolean doSomething(){...}
}
class FirstChildClass extends ParentClass {
public boolean doSomething(){...} // Noncompliant
}
Compliant Solution
class ParentClass {
public boolean doSomething(){...}
}
class FirstChildClass extends ParentClass {
@Override
public boolean doSomething(){...} // Compliant
}
當重寫父類的方法或實現接口中的方法時,應該在方法上標註@Override
,一方面,這能提醒編譯器如果由於拼寫錯誤,這個方法在父類或接口中不存在,編譯器能給出警告。另一方面,@Override
註解能提高代碼的可讀性。