Skip to first unread message
Michel Pawlak
Jul 9, 2015, 12:07:37 PM7/9/15
to sona...@googlegroups.com
The ticket has relaxed the rule S1319 in order to avoid false positives due to the declaration of private fields not using a Java Collections interface. However this is not sufficient IMHO.
If we look at the following code, we see that S1948 will raise an issue du to the fact that java.util.Map is not Serializable :
public class AClass implements Serializable {
private Map<String,String> map = new WeakHashmap<String,String>(); // Noncompliant
private Map<String,String> map = new Hashmap<String,String>(); // Noncompliant according to S1948... but is there really a problem ?
}
This issue seems legit at first sight as Map, List, Iterable, etc. interfaces do NOT extend Serializable. However this is disputable. First, java.util.WeakHashMap, java.util DelayQueue are the only Collections classes not being Serializable and they are not widely used (I never used them so far). Second, interface based programming and decoupling interfaces from implementations provides great changeability benefits.
Therefore I would like to suggest the following improvement to rule S1948 :
- if the type of the field is a Java Collection interface, then an issue should only be raised if a non Serializable implementation of the interface is assigned to the variable and if the field is not final (which implies that the value of the field will be set at instanciation time).
The result would be :
public class AClass implements Serializable {
private Map<String,String> map = new WeakHashmap<String,String>(); // Noncompliant : WeakHashMap is non Serializable
private final Map<String,String> map2 = new WeakHashmap<String,String>(); // Noncompliant : WeakHashMap is non Serializable
private final Map<String,String> map3 = new Hashmap<String,String>(); // Compliant
private final Map<String,String> map3;
public AClass() {
this.map3 = new HashMap<String, String>(); // Compliant
this.map3 = new MyCustomSerializableMap<String,String>(); // Maybe noncompliant : we're not sure that this custom Map will be available at deserialization
}
}Your opinion ?
Regards,
Michel
Michel Pawlak
Jul 9, 2015, 12:19:08 PM7/9/15
to sona...@googlegroups.com
Code snippet modification (sorry for the mistakes) :
public class AClass implements Serializable {
private Map<String,String> map = new WeakHashmap<String,String>(); // Noncompliant : WeakHashMap is non Serializable
private final Map<String,String> map2 = new WeakHashmap<String,String>(); // Noncompliant : WeakHashMap is non Serializable
private final Map<String,String> map3 = new Hashmap<String,String>(); // Compliant
private final Map<String,String> map4;
private final Map<String,String> map5;
public AClass() {
this.map4 = new HashMap<String, String>(); // Compliant
this.map5 = new MyCustomSerializableMap<String,String>(); // Maybe noncompliant : we're not sure that this custom Map will be available at deserialization
}
}Michel Pawlak
Aug 17, 2015, 4:55:48 AM8/17/15
to SonarQube
Hi people, does anybody have an opinion about my improvement suggestion ? On our side, the squid:S1948 rule raises 250+ false positives (which is a lot)
Nicolas Peru
Aug 18, 2015, 8:16:10 AM8/18/15
to Michel Pawlak, SonarQube
Hi Michel,
Sorry for late answer : I tend to agree that rule S1948 makes too much noise with collections. What I would suggest then is the following :
- Field is not private : it can be modified outside of the class -> raise an issue : this is actually not safe at all.
- Field is private : find the assignement(s) and raise an issue if type assigned is not serializable. This is not that easy to implement but still doable.
WDYT ?
Cheers,
2015-08-17 10:55 GMT+02:00 Michel Pawlak <michel...@gmail.com>:
Hi people, does anybody have an opinion about my improvement suggestion ? On our side, the squid:S1948 rule raises 250+ false positives (which is a lot)
--
You received this message because you are subscribed to the Google Groups "SonarQube" group.
To unsubscribe from this group and stop receiving emails from it, send an email to sonarqube+...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/sonarqube/ccba4814-c046-4ea2-887a-1d705e757ee8%40googlegroups.com.
Michel Pawlak
Aug 18, 2015, 11:33:13 AM8/18/15
to SonarQube, michel...@gmail.com
Hi Nicolas,
Looks good, thanks
Cheers,
Nicolas Peru
Aug 18, 2015, 11:39:28 AM8/18/15
to Michel Pawlak, SonarQube
thanks for the feedback, ticket created :https://jira.sonarsource.com/browse/SONARJAVA-1225
To view this discussion on the web visit https://groups.google.com/d/msgid/sonarqube/a0ea6321-0038-4f9a-a375-ce26f3f14602%40googlegroups.com.
Reply all
Reply to author
Forward
0 new messages