== Why is this an issue?

The contract of the ``++Object.finalize()++`` method is clear: only the Garbage Collector is supposed to call this method.

Making this method public is misleading, because it implies that any caller can use it.


=== Noncompliant code example

[source,java]
----
public class MyClass {

  @Override
  public void finalize() {    // Noncompliant
    /* ... */
  }
}
----


== Resources

* CWE - https://cwe.mitre.org/data/definitions/583[CWE-583 - finalize() Method Declared Public]
* https://wiki.sei.cmu.edu/confluence/x/4jZGBQ[CERT, MET12-J.] - Do not use finalizers



ifdef::env-github,rspecator-view[]

'''
== Implementation Specification
(visible only on this page)

=== Message

Make this "finalize()" method protected.


'''
== Comments And Links
(visible only on this page)

=== on 1 Aug 2013, 13:05:52 Freddy Mallet wrote:
Is implemented by \http://jira.codehaus.org/browse/SONARJAVA-263

=== on 18 Jun 2020, 11:29:17 Quentin Jaquier wrote:
This rule overlap with:

* Do not override Object.finalize(). RSPEC-1113
* Do not override deprecated method [...] (since java 9). RSPEC-1874

 


We believe this rule is not interesting anymore for users on java >= 9. It can still be useful for users using Java < 9, so we decided to keep it for now, but you should expect it to be deprecated in the mid-term.

endif::env-github,rspecator-view[]