制作“课堂"瞬态或可序列化但该类是可序列化的

2022-01-17 00:00:00 serialization sonarqube java

SonarQube 5.1 在查看我的代码后标记了许多关键问题.然而,类本身和字段中引用的类也是可序列化的.被引用的类通过一个类继承了可序列化的接口.

SonarQube 5.1 marks a lot of critical issues after reviewing my code. However the class itself and the referenced class in the field is also serializable. The referenced class inherits the serializable interface through a class.

这是我的例子

public class A implements Serializable {
     private B b;  // -> Sonarcube markes this field as not serialzable
}

而B类定义如下

public class B extends C {
 ....
}

而C类定义如下

public abstract class C extends D {
 ....
}

并且定义了D类

public abstract class D implements Serializable {
  ....
}

在同一个项目上运行 FindBugs 不会发现这些问题.我不确定它是 sonarcube 中的错误还是我的代码有其他问题(C、D 类中的其他字段或其他)

Running FindBugs on the same project does not see these problems. I am not sure if it is a bug in sonarcube or is my code has some other problems (other fields in the classes C,D or something else)

有人知道吗?

推荐答案

可能是因为没有正确提供二进制文件.我的 SonarQube 配置有类似的问题,然后我发现实现 Serializable 的类位于不同的模块和/或外部库中.

It is probably because the binary files are not provided correctly. I had a similar issue with my SonarQube configuration, then I discovered that the classes that implement Serializable are in different modules and/or in an external library.

sonar.java.binariessonar.java.libraries 设置正确的值允许 SonarQube 定位二进制文​​件并正确确定类是否可序列化.

Setting correct values for sonar.java.binaries and sonar.java.libraries allow SonarQube to locate the binaries and correctly determine whether or not the classes are serializable.

相关文章