JD.UMC.FINALIZEJD.UMC.FINALIZE shows that a method contains an explicit invocation of the finalize() method of an object. Vulnerability and riskObject finalizer methods are supposed to be executed once, and only by the JVM, so calling one explicitly is bad practice. Depending on the particular JVM and its method of implementation, the improper behavior may be because the object finalizer method was called twice. Mitigation and preventionIt is better practice to avoid finalizers at all, and to create an explicit termination method with a different name. If absolutely necessary, a finalizer can call an object finalizer method as a "safety net". Example 1
11 OutputStream st;
12 protected void finalize() throws Throwable {
13 if (st!=null) st.close();
14 super.finalize();
15 }
16
17 void run() throws Throwable{
18 // ...
19 finalize();
20 }
JD.UMC.FINALIZE is reported for call on line 19: There is a call to a 'finalize()' method. This method is not intended to be called explicitly. |