CodeQL documentation

Deprecated method or constructor invocation

ID: java/deprecated-call
Kind: problem
Severity: recommendation
Precision: high
Tags:
   - maintainability
   - non-attributable
   - external/cwe/cwe-477
Query suites:
   - java-security-and-quality.qls

Click to see the query in the CodeQL repository

A method (or constructor) can be marked as deprecated using either the @Deprecated annotation or the @deprecated Javadoc tag. Using a method that has been marked as deprecated is bad practice, typically for one or more of the following reasons:

  • The method is dangerous.

  • There is a better alternative method.

  • Methods that are marked as deprecated are often removed from future versions of an API. So using a deprecated method may cause extra maintenance effort when the API is upgraded.

Recommendation

Avoid using a method that has been marked as deprecated. Follow any guidance that is provided with the @deprecated Javadoc tag, which should explain how to replace the call to the deprecated method.

References