-
Notifications
You must be signed in to change notification settings - Fork 2k
Expand file tree
/
Copy pathIncorrectSerializableMethods.qhelp
More file actions
48 lines (36 loc) · 1.34 KB
/
IncorrectSerializableMethods.qhelp
File metadata and controls
48 lines (36 loc) · 1.34 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
<!DOCTYPE qhelp PUBLIC
"-//Semmle//qhelp//EN"
"qhelp.dtd">
<qhelp>
<overview>
<p>
A serializable object that defines its own serialization protocol using the methods
<code>readObject</code>, <code>readObjectNoData</code> or <code>writeObject</code> must use
the signature that is expected by the Java serialization framework. Otherwise, the default
serialization mechanism is used.
</p>
</overview>
<recommendation>
<p>
Make sure that the signatures of <code>readObject</code>, <code>readObjectNoData</code> and
<code>writeObject</code> on serializable classes match these expected signatures:
</p>
<sample src="IncorrectSerializableMethodsSig.java" />
</recommendation>
<example>
<p>In the following example, <code>WrongNetRequest</code> defines <code>readObject</code>,
<code>readObjectNoData</code> and <code>writeObject</code> using the wrong signatures. However,
<code>NetRequest</code> defines them correctly.</p>
<sample src="IncorrectSerializableMethods.java" />
</example>
<references>
<li>
Java API Specification:
<a href="https://docs.oracle.com/en/java/javase/11/docs/api/java.base/java/io/Serializable.html">Serializable</a>.
</li>
<li>
Oracle Technology Network:
<a href="https://www.oracle.com/technical-resources/articles/java/serializationapi.html">Discover the secrets of the Java Serialization API</a>.
</li>
</references>
</qhelp>