Deprecated method or constructor invocation¶
ID: java/deprecated-callKind: problemSecurity severity: Severity: recommendationPrecision: highTags: - maintainability - readability - non-attributable - external/cwe/cwe-477Query suites: - java-security-and-quality.qls
Click to see the query in the CodeQL repository
A method (or constructor) can be marked as deprecated using either the@Deprecated annotation or the@deprecated Javadoc tag. Using a method that has been marked as deprecated is bad practice, typically for one or more of the following reasons:
The method is dangerous.
There is a better alternative method.
Methods that are marked as deprecated are often removed from future versions of an API. So using a deprecated method may cause extra maintenance effort when the API is upgraded.
Recommendation¶
Avoid using a method that has been marked as deprecated. Follow any guidance that is provided with the@deprecated Javadoc tag, which should explain how to replace the call to the deprecated method.
References¶
Help - Eclipse Platform:Java Compiler Errors/Warnings Preferences.
Java API Specification:Annotation Type Deprecated.
Java SE Documentation:How and When To Deprecate APIs.
Common Weakness Enumeration:CWE-477.