Why you should care
Deprecated features are usable but should not be used because they are expected to be removed entirely in the near-future and placing them in the code can cause potential bugs and be less resilient.
Business Impacts
Deprecated features are considered to be highly risky and unproductive in nature since they are considered to be obsolete which can cause potential bugs in the code. Bugs are equivalent to lack of productivity which makes the code less resilient in the long run.
CAST Recommendations
How we detect
Are not unit testable.
Are not reusable.
Cannot make use of object oriented concepts such as inheritence.
Have poor error handling capabilities: if an exception is thrown, an empty page is rended.
Mix the business and presentation logic.
JSP Standard Tag Library (JSTL) and Expression Language should be used instead, enabiling the adoption of the model-view-controller (MVC) design pattern which reduces the coupling between the presentation tier and the business logic.
Noncompliant Code Example
< input name =””foo”” type=””text”” value=””<%=” />” />
Compliant Solution
< input name =””foo”” type=””text”” value=””${fn:escapeXml(param.foo)}”” />
http://nemo.sonarqube.org/coding_rules#languages=web|tags=jsp-jsf
About CAST and Highlight’s Code Insights
Over the last 25 years, CAST has leveraged unique knowledge on software quality measurement by analyzing thousands of applications and billions of lines of code. Based on this experience and community standards on programming best practices, Highlight implements hundreds of code insights across 15+ technologies to calculate health factors of a software.