SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 72

changes.mady.by.user G. Ann Campbell

Saved on

compared with

New Version Current

changes.mady.by.user Alexandre GIGLEUX

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Serialization of inner classes can introduce platform dependencies and can cause serialization of instances of the outer class.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

SER05-J

Medium

Likely

Medium

P12

L1

Automated Detection

Detection of inner classes that implement serialization is straightforward.

ToolVersionCheckerDescription
SonarQube
Include Page
SonarQube_V
SonarQube_V
S2066
S2059
 

...

"Serializable" inner classes of non-serializable classes should be "static"
"Serializable" inner classes of "Serializable" classes should be static


Related Guidelines

MITRE CWE

CWE-499, Serializable Class Containing Sensitive Data

Bibliography

[API 2014]

Interface Externalizable
Interface Serializable

[Bloch 2008]

Item 74, "Implement Serialization Judiciously"

[JLS 2015]

§8.1.3, "Inner Classes and Enclosing Instances"

[Sun 2006]

Serialization Specification, Section 1.10, "The Serializable Interface"

...


...