UMC.SYSOUT
The "UMC Unwanted method calls" group of errors relates to methods such as System.exit() and System.gc() that might be unwanted. Debug print, such as System.out.println() and System.err.println(), might be unwanted as well. A UMC.SYSOUT warning appears if there is a call to a print method of the System.out stream.
Vulnerability and risk
In a mature application, this call should be limited to one logging module and functional console output; otherwise it causes misused diagnostics, which should be fixed.
Mitigation and prevention
Replace calls that print to syserr with calls to the Logger module. Replace calls that print to stdout either with calls to the Logger or with calls to specific methods, for example printRawToUser().
Example 1
public int internalCalculateSum(int x, int y) {
if (x < 0 || y < 0) {
System.out.println("XXX: got strange arguments!");
}
return x + y;
}
UMC.SYSOUT is reported for line 11: Debug print using System.out method calls is unwanted.
External guidance
Security training
Application security training materials provided by Secure Code Warrior.