SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 71

changes.mady.by.user G. Ann Campbell

Saved on

compared with

New Version Current

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: REM cost reform

...

Serialization of inner classes can introduce platform dependencies and can cause serialization of instances of the outer class.

Rule

Severity

Likelihood

Remediation Cost

Detectable

Repairable

Priority

Level

SER05-J

Medium

Likely

Medium

Yes

No

P12

L1

Automated Detection

Detection of inner classes that implement serialization is straightforward.

ToolVersionCheckerDescription
Klocwork

Include Page
Klocwork_V

SonarQube Java Plugin

Klocwork_V

JAVA.SERIALIZE.INNER
SonarQube
Include Page
SonarQube
Java Plugin
_V
SonarQube
Java Plugin
_V
S2066
,

S2059
Implemented

...

"Serializable" inner classes of non-serializable classes should be "static"
"Serializable" inner classes of "Serializable" classes should be static


Related Guidelines

MITRE CWE

CWE-499, Serializable Class Containing Sensitive Data

Bibliography

[API 2014]

Interface Externalizable
Interface Serializable

[Bloch 2008]

Item 74, "Implement Serialization Judiciously"

[JLS 2015]

§8.1.3, "Inner Classes and Enclosing Instances"

[Sun 2006]

Serialization Specification, Section 1.10, "The Serializable Interface"

...


...