Menu
I'm analyzing Java SE 7 project by SonarQube version 5.1.
Then, I faced squid:S1948 on below code.
Fields in a "Serializable" class should either be transient or serializable
Fields in a Serializable class must themselves be either Serializable or transient even if the class is never explicitly serialized or deserialized. That's because under load, most J2EE application frameworks flush objects to disk, and an allegedly Serializable object with non-transient, non-serializable data members could cause program crashes, and open the door to attackers.
enum ShutterSpeed {
private final Rational value; // Make "value" transient or serializable.
...
}
I think that any enum fields won't be serialized in J2SE 5.0 (Serialization of Enum Constants)
Is this a false-positive?
Whole code and issue are here.
434
Because enums are automatically Serializable (see Javadoc API documentation for Enum), there is no need to explicitly add the "implements Serializable" clause following the enum declaration.
class); Custom serialization can be used to allow a class with attributes of non-serializable types to be serialized without making those attributes of non-serializable type transient.
If there are fields in Java objects that do not wish to be serialized, we can use the @JsonIgnore annotation in the Jackson library. The @JsonIgnore can be used at the field level, for ignoring fields during the serialization and deserialization.
Java's default serialization process is fully recursive, so whenever we try to serialize one object, the serialization process try to serialize all the fields (primitive and reference) with our class (except static and transient fields).
It is actually a false-positive. The Serialization of Enum Constants (which you've provided a link to) says that:
Enum constants are serialized differently than ordinary serializable or externalizable objects. The serialized form of an enum constant consists solely of its name; field values of the constant are not present in the form.
As I see it, it doesn't make sense to mark Enum's field values as transient or make them implement Serializable, since they'll never get serialized, no matter if they're marked as transient or implement Serializable.
If that analyzing tool forces you to do one of these two things, then you'll be writing useless code. If I were you, I'd try to disable that warning for enums.
64
As said, it's a false positive, so you can suppress the warning:
@SuppressWarnings("squid:S1948")
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
