JAVA.THREADGROUP
Do not invoke ThreadGroup methods
Vulnerability and risk
Certain ThreadGroup methods are deprecated or known to be insecure or not thread safe.
Mitigation and prevention
do not instantiate ThreadGroup directly. Use alternatives to ThreadGroup.
Vulnerable code example
Copy
package com.klocwork;
public class JAVA_THREADGROUP_POSITIVE {
public ThreadGroup get() {
return new ThreadGroup("");
}
}Fixed code example
Copy
package com.klocwork;
public class JAVA_THREADGROUP_NEGATIVE
{
public ThreadGroup get(ThreadGroup threadGroup) {
return threadGroup;
}
}