• CodeQL query help documentation »
• CodeQL query help for Java and Kotlin »

Deprecated method or constructor invocation

ID: java/deprecated-call
Kind: problem
Security severity: 
Severity: recommendation
Precision: high
Tags:
   - maintainability
   - non-attributable
   - external/cwe/cwe-477
Query suites:
   - java-security-and-quality.qls

Click to see the query in the CodeQL repository

A method (or constructor) can be marked as deprecated using either the @Deprecated annotation or the @deprecated Javadoc tag. Using a method that has been marked as deprecated is bad practice, typically for one or more of the following reasons:

• The method is dangerous.

• There is a better alternative method.

• Methods that are marked as deprecated are often removed from future versions of an API. So using a deprecated method may cause extra maintenance effort when the API is upgraded.

Recommendation

Avoid using a method that has been marked as deprecated. Follow any guidance that is provided with the @deprecated Javadoc tag, which should explain how to replace the call to the deprecated method.

References

• Help - Eclipse Platform: Java Compiler Errors/Warnings Preferences.

• Java API Specification: Annotation Type Deprecated.

• Java SE Documentation: How and When To Deprecate APIs.

• Common Weakness Enumeration: CWE-477.

• © GitHub, Inc.
• Terms
• Privacy