...
Consequently, programs must not serialize inner classes.
None Because none of these issues apply to static member classes. Consequently, serialization of static member these classes is permitted.
Noncompliant Code Example
...
It is allowable to declare the inner class as static to prevent its serialization. It is also permissible for a static inner class to implement Serializable.
| Code Block | ||
|---|---|---|
| ||
public class OuterSer implements Serializable {
private int rank;
static class InnerSer implements Serializable {
protected String name;
//...
}
}
|
Risk Assessment
Attempts to serialize Serialization of inner classes can introduce platform dependencies and can cause serialization of instances of the outer class.
...
Detection of inner classes that implement serialization appears to be is straightforward.
Related Vulnerabilities
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="4210e3dddf394a6a-47b58636-4b0f4515-b361b097-811716f8863e6e9e64ef1011"><ac:plain-text-body><![CDATA[ | [[API 2006 | AA. Bibliography#API 06]] |
| ]]></ac:plain-text-body></ac:structured-macro> | |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="2da2e0480c14ad4a-bead7904-44584bf6-84c29d20-8afb296d7145d9aa8a196282"><ac:plain-text-body><![CDATA[ | [[Bloch 2008 | AA. Bibliography#Bloch 08]] | Item 74: "Implement serialization judiciously" | ]]></ac:plain-text-body></ac:structured-macro> | |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="2dd2cc38a0e4bed9-76723ce7-436040fb-b4ba85b7-b4156e96ceff2bc215d9c5cf"><ac:plain-text-body><![CDATA[ | [[JLS 2005 | AA. Bibliography#JLS 05]] | [Section 8.1.3, Inner Classes and Enclosing Instances | http://java.sun.com/docs/books/jls/third_edition/html/classes.html] | ]]></ac:plain-text-body></ac:structured-macro> |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="816d97ca0bec4cbd-fe9034da-47a349dd-a1ba8065-518fa64b53b2a4e3f63350a1"><ac:plain-text-body><![CDATA[ | [[Sun 2006 | AA. Bibliography#Sun 06]] | "Serialization specification" | ]]></ac:plain-text-body></ac:structured-macro> |
...