All geek questions in one place

Make the "class" transitional or serializable, but the class is serializable

SonarQube 5.1 notes many critical issues after looking at my code. However, the class itself and the reference class in the field are also serializable. The associated class inherits the serializable interface through the class.

Here is my example

public class A implements Serializable { private B b; // -> Sonarcube markes this field as not serialzable }

And class B is defined as follows:

 public class B extends C { .... }

And class C is defined as follows:

 public abstract class C extends D { .... }

And class D is defined

 public abstract class D implements Serializable { .... }

Running FindBugs in the same project does not see these problems. I'm not sure if this is a bug in sonarcube or my code has other problems (other fields in classes C, D or something else)

Does anyone have a key?

+6
source share
2 answers

Perhaps this is due to the fact that the binaries are not specified correctly. I had a similar problem with my SonarQube configuration, after which I found that classes that implement Serializable are in different modules and / or in an external library.

Setting the correct values โ€‹โ€‹for sonar.java.binaries and sonar.java.libraries allows SonarQube to find the binaries and correctly determine whether the classes are serializable.

+3
source

Just because some base class implements Serializable does not mean that automatically all derived classes are correctly serializable. Derived classes must define their own serialVersionUid . Derived classes can also introduce a new field whose values โ€‹โ€‹cannot be serialized.

Therefore, if SonarQube does not have a hint that the author actually meant that the class should be serializable (perhaps by repeating implements Serializable or declaring serialVersionUid ), for SonarQube this should be suspicious by the Liskov signature principle.

However, the classification as critical may be the subject of discussion. But this is also an opinion based here.

0
source

Source: https://habr.com/ru/post/984831/

More articles:


All Articles