#81 Detector: FindWriteObjectNonSerializable

2.0.3
closed-fixed
William Pugh
None
6
2014-06-19
2005-05-02
Jon Christiansen
No

Detector to find instances where code is attempting to
write an object out via an implemention of DataOutput,
but the object is not guaranteed to be Serializable.

This could be a false positive if the field is defined
as a non-serializable superclass but only Serializable
subclasses are actually ever stored in the field (i.e.
field is Collection, LinkedList is actually placed in
the field).

The only other (rarer) way this can be a false positive
is if the DataOutput is a subclass of
ObjectOutputStream which has called
enableReplaceObject(true) where the stream can define
serializable replacement objects for non-serializable
objects.

Discussion

  • Unified Patch

     
    Attachments
  • Test Case, java class that will exercise detector

     
    Attachments
  • Dave Brosius
    Dave Brosius
    2005-06-16

    • priority: 5 --> 6
    • assigned_to: nobody --> daveho
     
    • assigned_to: David Hovemeyer --> William Pugh
    • Group: --> 3.0.1
     
  • Given test produces correct FindBugs warnings, so I assume that either the patch was applied or there is no need anymore in this one.

     
    • status: open --> closed-fixed
    • Group: 3.0.1 --> 2.0.3