Home/ Questions/Q 1020213
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-16T11:07:55+00:00

I’m currently reviewing the security implications of various warnings in a large Java EE

  • 0

I’m currently reviewing the security implications of various warnings in a large Java EE application. Since most of the code is several years old, it contains many uses of the raw collection types:

List items = new List();

rather than the parametrized collection types:

List<Item> items = new List<Item>();

The only security implication I can think of is that raw types cannot be statically type-checked at compilation and could potentially result in a run-time errors such as ClassCastException which, depending on where in the code this occurs, might lead to a denial of service.

Are there any other implications of using raw types that I’m not thinking of?

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    I can’t think of any other security implications.

    For non-security implications, generic types also do explicit casts* in the bytecode for types that return a generic. Of course, this is transparent to the user, and it appears that the type returned is the generic type.

    For example:

    List<Item> items = new ArrayList<Item>();
// .get(int) and remove(int) return Item automatically

    *This happens due to type erasure.

    • 0