Uploaded image for project: 'SonarJava'
  1. SonarJava
  2. SONARJAVA-3168

FP S2441 and S2118: improve detection of serializable Objects

    Details

    • Type: False-Positive
    • Status: Closed
    • Priority: Major
    • Resolution: Fixed
    • Affects Version/s: None
    • Fix Version/s: 6.2
    • Component/s: Rules
    • Labels:

      Description

      Both S2441 and S2118 needs to know whether an object is serializable or not, in the current situation, both rules have different way of determining it, but none of them is ideal, leading to FP in both rules.

      • FP in S2441:
        Looks like in SONARJAVA-1810 we excluded collections like sets and arrays, still we report FP on variable declared as Map and assigned instance of HashMap.
        S2188 faced this issue and solve it in SONARJAVA-3023. Since it requires a final variable, it does not seem to be ideal.
        public void myFunction(HttpServletRequest request) {
                HttpSession session = request.getSession();
        	
                Map<String, String> map = new HashMap<>();
                session.setAttribute("test with map", map); // false positive
        	
                HashMap<String, String> hashmap = new HashMap<>();
                session.setAttribute("test with hashmap", hashmap); // no error
        	
                List<String> list = new ArrayList<>(); 
            	session.setAttribute("test with list", list); // no error
            
                Set<String> set = new HashSet<>(); 
            	session.setAttribute("test with set", set); // no error
        } 

         

      • FP in S2118:
        S2118 only supports Map and HashMap, but not the others usual collections
        void myMethod(ObjectOutputStream out) {
          out.writeObject(java.util.Arrays.asList("one", "two")); //FP
          List<String> list = new ArrayList<>();
          out.writeObject(list); // FP
        }
        

      We should refactor the code to have a better detection of serializable and to allow both rule to share this information.

        Attachments

          Issue Links

            Activity

              People

              • Assignee:
                alban.auzeill Alban Auzeill
                Reporter:
                elena.vilchik Elena Vilchik
              • Votes:
                0 Vote for this issue
                Watchers:
                3 Start watching this issue

                Dates

                • Due:
                  Created:
                  Updated:
                  Resolved: