hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-25 08:45:14 +02:00
Code Issues Packages Projects Releases Wiki Activity

Java: update qhelp recommendation and example

Browse Source
This commit is contained in:
Jami Cogswell
2025-03-31 21:09:21 -04:00
parent caf21a8202
commit 416643ce39
1 changed files with 35 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

39
java/ql/src/Violations of Best Practice/Undesirable Calls/DoNotCallFinalize.md
View File

@@ -4,14 +4,43 @@ Triggering garbage collection by directly calling `finalize()` may either have n
## Recommendation
Avoid calling `finalize()` in application code. Allow the JVM to determine a garbage collection schedule instead.
Avoid calling `finalize()` in application code. Allow the JVM to determine a garbage collection schedule instead. If you need to explicitly release resources, provide a specific method to do so, such as by implementing the `AutoCloseable` interface and overriding its `close` method. You can then use a `try-with-resources` block to ensure that the resource is closed.
## Example
```java
public class Test {
void f() throws Throwable {
this.finalize(); // NON_COMPLIANT
class LocalCache {
private Collection<File> cacheFiles = ...;
// ...
}
void main() {
LocalCache cache = new LocalCache();
// ...
cache.finalize(); // NON_COMPLIANT
}
```
```java
import java.lang.AutoCloseable;
import java.lang.Override;
class LocalCache implements AutoCloseable {
private Collection<File> cacheFiles = ...;
// ...
@Override
public void close() throws Exception {
// release resources here if required
}
}
void main() {
// COMPLIANT: uses try-with-resources to ensure that
// a resource implementing AutoCloseable is closed.
try (LocalCache cache = new LocalCache()) {
// ...
}
}
@@ -25,4 +54,6 @@ This rule is focused on the use of existing `finalize()` invocations rather than
- SEI CERT Oracle Coding Standard for Java: [MET12-J. Do not use finalizers](https://wiki.sei.cmu.edu/confluence/display/java/MET12-J.+Do+not+use+finalizers).
- Java API Specification: [Object.finalize()](https://docs.oracle.com/javase/10/docs/api/java/lang/Object.html#finalize()).
- Java API Specification: [Interface AutoCloseable](https://docs.oracle.com/javase/10/docs/api/java/lang/AutoCloseable.html).
- Java SE Documentation: [The try-with-resources Statement](https://docs.oracle.com/javase/tutorial/essential/exceptions/tryResourceClose.html).
- Common Weakness Enumeration: [CWE-586](https://cwe.mitre.org/data/definitions/586).