#81 Detector: FindWriteObjectNonSerializable

2.0.3
closed-fixed
None
6
2014-06-19
2005-05-02
No

Detector to find instances where code is attempting to
write an object out via an implemention of DataOutput,
but the object is not guaranteed to be Serializable.

This could be a false positive if the field is defined
as a non-serializable superclass but only Serializable
subclasses are actually ever stored in the field (i.e.
field is Collection, LinkedList is actually placed in
the field).

The only other (rarer) way this can be a false positive
is if the DataOutput is a subclass of
ObjectOutputStream which has called
enableReplaceObject(true) where the stream can define
serializable replacement objects for non-serializable
objects.

Discussion

  • Jon Christiansen

    Test Case, java class that will exercise detector

     
  • Dave Brosius

    Dave Brosius - 2005-06-16
    • priority: 5 --> 6
    • assigned_to: nobody --> daveho
     
  • Andrey Loskutov

    Andrey Loskutov - 2014-06-19
    • assigned_to: David Hovemeyer --> William Pugh
    • Group: --> 3.0.1
     
  • Andrey Loskutov

    Andrey Loskutov - 2014-06-19

    Given test produces correct FindBugs warnings, so I assume that either the patch was applied or there is no need anymore in this one.

     
  • Andrey Loskutov

    Andrey Loskutov - 2014-06-19
    • status: open --> closed-fixed
    • Group: 3.0.1 --> 2.0.3
     

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:

JavaScript is required for this form.





No, thanks