Uploaded image for project: 'SonarJava'
  1. SonarJava
  2. SONARJAVA-3168

FP S2441 and S2118: improve detection of serializable Objects


    • Type: False-Positive
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 6.2
    • Component/s: Rules
    • Labels:


      Both S2441 and S2118 needs to know whether an object is serializable or not, in the current situation, both rules have different way of determining it, but none of them is ideal, leading to FP in both rules.

      • FP in S2441:
        Looks like in SONARJAVA-1810 we excluded collections like sets and arrays, still we report FP on variable declared as Map and assigned instance of HashMap.
        S2188 faced this issue and solve it in SONARJAVA-3023. Since it requires a final variable, it does not seem to be ideal.
        public void myFunction(HttpServletRequest request) {
                HttpSession session = request.getSession();
                Map<String, String> map = new HashMap<>();
                session.setAttribute("test with map", map); // false positive
                HashMap<String, String> hashmap = new HashMap<>();
                session.setAttribute("test with hashmap", hashmap); // no error
                List<String> list = new ArrayList<>(); 
            	session.setAttribute("test with list", list); // no error
                Set<String> set = new HashSet<>(); 
            	session.setAttribute("test with set", set); // no error


      • FP in S2118:
        S2118 only supports Map and HashMap, but not the others usual collections
        void myMethod(ObjectOutputStream out) {
          out.writeObject(java.util.Arrays.asList("one", "two")); //FP
          List<String> list = new ArrayList<>();
          out.writeObject(list); // FP

      We should refactor the code to have a better detection of serializable and to allow both rule to share this information.


          Issue Links



              • Assignee:
                alban.auzeill Alban Auzeill
                elena.vilchik Elena Vilchik
              • Votes:
                0 Vote for this issue
                3 Start watching this issue


                • Due: