...
If sensitive data can be serialized, it may be transmitted over an insecure connection, stored in an insecure location, or disclosed inappropriately.
Rule | Severity | Likelihood | Detectable | RepairableRemediation Cost | Priority | Level |
|---|---|---|---|---|---|---|
SER03-J | Medium | Likely | No | NoHigh | P6 | L2 |
Automated Detection
Tool | Version | Checker | Description | ||||||
|---|---|---|---|---|---|---|---|---|---|
| CodeSonar |
| JAVA.CLASS.SER.ND | Serialization not disabled | ||||||
| Coverity | 7.5 | UNSAFE_DESERIALIZATION | Implemented | ||||||
| Parasoft Jtest |
| CERT.SER03.SIF | Inspect instance fields of serializable objects to make sure they will not expose sensitive information |
...