Should the overflow field be Serializable?

Question

Should the overflow field be Serializable?

I am analyzing a Java SE 7 project from SonarQube version 5.1.

Then I came across squid:S1948 below code.

Fields in the "Serializable" class must either be temporary or serializable
Fields in the Serializable class themselves must be either Serializable or transitional, even if the class is never explicitly serialized or deserialized. This is due to the fact that when loading most J2EE application frameworks flush objects to disk, and presumably a Serializable object with non-transient, non-serializable data elements can lead to program crashes and open the door for attackers.

 enum ShutterSpeed { private final Rational value; // Make "value" transient or serializable. ... }

I think that any enum fields will not be serialized in J2SE 5.0 ( Serialization of enum constants )

Is it false positive?

All code and problem here .

+8

java sonarqube

Hideki shiro Jul 15 '15 at 13:59

source share

2 answers

I would just mark the field as transitional.

0

Jidehem Jul 15 '15 at 16:45

source share

Federico peralta schaffner · Accepted Answer · 2015-07-15T19:51:46+0000

In fact, it is false positive. Serializing the enumeration constants (in which you provided the link) says that:

Continuum constants are serialized differently than regular serializable or external objects. The serialized form of the enumeration constant consists solely of its name; constant field values are not present in the form.

As I see it, it makes no sense to mark the values of Enum fields as transient or to make them implemented Serializable , since they will never be serialized, regardless of whether they are marked as transient or implement Serializable .

If this analysis tool forces you to do one of these two things, then you will write useless code. If I were you, I would try to disable this warning for Enum s.

Should the overflow field be Serializable?

More articles: