SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 74

changes.mady.by.user Carol J. Lallier

Saved on

compared with

New Version Current

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: REM cost reform

...

Failure to provide a consistent serialization mechanism across releases can limit the extensibility of classes. If classes are extended, compatibility issues may result.

Rule

Severity

Likelihood

Remediation Cost

Detectable

Repairable

Priority

Level

SER00-J

Low

Probable

Yes

High

Yes

P2

P6

L3

L2

Automated Detection

Automated detection of classes that use the default serialized form is straightforward.

ToolVersionCheckerDescription
CodeSonar
Include Page
CodeSonar_V
CodeSonar_V

JAVA.CLASS.SER.UIDM

Missing Serial Version Field (Java)

Parasoft Jtest

Include Page
Parasoft_V
Parasoft_V

CERT.SER00.DUIDCreate a 'serialVersionUID' for all 'Serializable' classes
SonarQube
Include Page
SonarQube_V
SonarQube_V
S2057"Serializable" classes should have a "serialVersionUID"


Related Guidelines

MITRE CWE

CWE-589, Call to Non-ubiquitous API

Bibliography

[API 2014]

 


[Bloch 2008]

Item 74, "Implement Serialization Judiciously"

[Harold 2006]

Section 13.7.5, "serialPersistentFields"

[Sun 2006]

Java Object Serialization Specification

...


...