The "UMC Unwanted method calls" group of errors relates to methods such as System.exit() and System.gc() that might be unwanted. Debug print, such as System.out.println() and System.err.println(), might be unwanted as well. A UMC.SYSERR warning appears if there is a call to a print method of the System.err stream.

Vulnerability and risk

In a mature application, this call should be limited to one logging module and functional console output; otherwise it causes misused diagnostics, which should be fixed.

Mitigation and prevention

Replace calls that print to syserr with calls to the Logger module. Replace calls that print to stdout either with calls to the Logger or with calls to specific methods, for example printRawToUser().

Example 1

      public int internalCalculateSum(int x, int y) {
         if (x < 0 || y < 0) {
             System.err.println("XXX: got strange arguments!");
         return x + y;

UMC.SYSERR is reported for line 11: Debug print using System.err method calls is unwanted.

Security training

Application security training materials provided by Secure Code Warrior.