为什么 SonarQube 认为 int[][][] 不可序列化
Why does SonarQube consider int[][][] not serializable
在我的代码中有以下行:
private int[][][] shapes;
在野外它生活在一个枚举中:
public enum TetrisGamePiece {
private int id;
private int pieceColour;
private int[][][] shapes; // <-- This line is not accepted
private TetrisGamePiece(int id, int colour, int[][] shape1, int[][] shape2, int[][] shape3, int[][] shape4) {
this.id = id;
this.pieceColour = colour;
this.shapes = new int[][][]{shape1, shape2, shape3, shape4};
}
// ... the rest of the enum ...
// i've left out instantiation of objects to save space.
我从 sonarqube 那里得到以下提及:
Make "shapes" transient or serializable. Fields in a Serializable
class must themselves be either Serializable or transient even if the
class is never explicitly serialized or deserialized. That's because
under load, most J2EE application frameworks flush objects to disk,
and an allegedly Serializable object with non-transient,
non-serializable data members could cause program crashes, and open
the door to attackers.
据我所知,int[](和 int[][] 等)是可序列化的。这是 sonarqube 中的错误还是我误解了基本类型数组的可序列化性?
编辑:添加了它所在的枚举,以防枚举类型相关
正如@Simon Brandhof 在评论中提到的,这确实是所选规则中的一个错误。
这个问题是由于检查时未将原语视为可序列化的。
Ticket https://jira.codehaus.org/browse/SONARJAVA-918 将解决此问题。
感谢报告。
在我的代码中有以下行:
private int[][][] shapes;
在野外它生活在一个枚举中:
public enum TetrisGamePiece {
private int id;
private int pieceColour;
private int[][][] shapes; // <-- This line is not accepted
private TetrisGamePiece(int id, int colour, int[][] shape1, int[][] shape2, int[][] shape3, int[][] shape4) {
this.id = id;
this.pieceColour = colour;
this.shapes = new int[][][]{shape1, shape2, shape3, shape4};
}
// ... the rest of the enum ...
// i've left out instantiation of objects to save space.
我从 sonarqube 那里得到以下提及:
Make "shapes" transient or serializable. Fields in a Serializable class must themselves be either Serializable or transient even if the class is never explicitly serialized or deserialized. That's because under load, most J2EE application frameworks flush objects to disk, and an allegedly Serializable object with non-transient, non-serializable data members could cause program crashes, and open the door to attackers.
据我所知,int[](和 int[][] 等)是可序列化的。这是 sonarqube 中的错误还是我误解了基本类型数组的可序列化性?
编辑:添加了它所在的枚举,以防枚举类型相关
正如@Simon Brandhof 在评论中提到的,这确实是所选规则中的一个错误。
这个问题是由于检查时未将原语视为可序列化的。 Ticket https://jira.codehaus.org/browse/SONARJAVA-918 将解决此问题。 感谢报告。