False positive on squid:S2441 Non-serializable objects should not be stored in "HttpSessions"
99 views
Skip to first unread message
pico...@gmail.com
Aug 26, 2015, 11:42:53 AM8/26/15
to SonarQube
Hi guys,
Due to auto-boxing in Java there is no difference between:
and
but the first one triggers the squid:S2441 Non-serializable objects should not be stored in "HttpSessions", and the second one does not. I don't think that is correct.
Hope this is helpful and thank you! (I really like SonarQube)
Robert
Due to auto-boxing in Java there is no difference between:
int id=20;
request.getSession().setAttribute("id", id);
and
int id=20;
request.getSession().setAttribute("id", new Integer(id));
but the first one triggers the squid:S2441 Non-serializable objects should not be stored in "HttpSessions", and the second one does not. I don't think that is correct.
Hope this is helpful and thank you! (I really like SonarQube)
Robert
Michael Gumowski
Aug 28, 2015, 8:31:16 AM8/28/15
to pico...@gmail.com, SonarQube
Hey Robert,
Thanks for your precious feedback! Indeed we should handle primitives types correctly and take auto-boxing into consideration for this rule.
I created the following JIRA ticket to handle the issue: https://jira.sonarsource.com/browse/SONARJAVA-1238
Cheers,
--
You received this message because you are subscribed to the Google Groups "SonarQube" group.
To unsubscribe from this group and stop receiving emails from it, send an email to sonarqube+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/sonarqube/6bd9dc85-2168-44fb-9bc1-d74139921516%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Reply all
Reply to author
Forward
0 new messages