SonarQube - rule fields in the "Serializable" class must be either temporary or serializable

Question

SonarQube - rule fields in the "Serializable" class must be either temporary or serializable

This may look like a repeating question, but I posted a sample code suggested by the Compliant sonar rule. If you evaluate below the highlighted code using SonarQube, this violates the squid: S1948 rule.

Result

And yet his mystery is why his violation shows compatible code, plz clarifies.

UPDATE

transient or serializable issue not resolved even with sonar.java.binaries

Sonar scanning succeeds, but generates a class loader warning:

08:26:44.984 INFO - Java bytecode scan... 08:26:44.992 WARN - Class 'dummyserial/Address' is not accessible through the C lassLoader. 08:26:44.993 WARN - Class 'dummyserial/Person' is not accessible through the Cl assLoader. 08:26:44.993 WARN - Class 'dummyserial/Address' is not accessible through the C lassLoader. 08:26:44.994 WARN - Class 'dummyserial/Person' is not accessible through the Cl assLoader. 08:26:44.994 WARN - Class 'dummyserial/Address' is not accessible through the C lassLoader. 08:26:44.997 WARN - Class 'dummyserial/Person' is not accessible through the Cl assLoader. 08:26:44.998 INFO - Java bytecode scan done: 14 ms

+5

java serialization sonarqube

Jeevanantham 18 sept. '15 at 11:57

source share

1 answer

Michael - SonarSource Team · Answer 1 · 2015-09-18T15:41:42+0000

As previously reported, you must fill in the sonar.java.binaries property to enable bytecode analysis and character resolution. If this property is filled, the analysis will not cause any problems in this case.

Now, it is really annoying that we raise the problem when we cannot resolve the type of the field symbol. I created the following ticket to solve the problem: SONARJAVA-1266

SonarQube - rule fields in the "Serializable" class must be either temporary or serializable

More articles: