SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 76

changes.mady.by.user G. Ann Campbell

Saved on

compared with

New Version Current

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: REM cost reform

...

Failure to provide a consistent serialization mechanism across releases can limit the extensibility of classes. If classes are extended, compatibility issues may result.

Rule

Severity

Likelihood

Remediation Cost

Detectable

Repairable

Priority

Level

SER00-J

Low

Probable

Yes

High

Yes

P2

P6

L3

L2

Automated Detection

Automated detection of classes that use the default serialized form is straightforward.

ToolVersionCheckerDescription
CodeSonar
Include Page
CodeSonar_V
CodeSonar_V

JAVA.CLASS.SER.UIDM

Missing Serial Version Field (Java)

Parasoft Jtest

Include Page

SonarQube Java Plugin

Parasoft_V
Parasoft_V

CERT.SER00.DUIDCreate a 'serialVersionUID' for all 'Serializable' classes
SonarQube
Include Page
SonarQube
Java Plugin
_V
SonarQube
Java Plugin
_V
S2057
Implemented

 

"Serializable" classes should have a "serialVersionUID"


Related Guidelines

MITRE CWE

CWE-589, Call to Non-ubiquitous API

Bibliography

[API 2014]

 


[Bloch 2008]

Item 74, "Implement Serialization Judiciously"

[Harold 2006]

Section 13.7.5, "serialPersistentFields"

[Sun 2006]

Java Object Serialization Specification

...


...