SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 54

changes.mady.by.user Yitzhak Mandelbaum

Saved on

compared with

New Version 55

changes.mady.by.user Yitzhak Mandelbaum

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 4.0

...

Code Block
bgColor#ccccff
private void readObject(final ObjectInputStream stream)
                        throws IOException, ClassNotFoundException {
  stream.defaultReadObject();
}

Exceptions

Wiki Markup*SER09-EX0:* The {{readObject()}} method may invoke the overridable methods {{defaultReadObject()}} and {{readFields()}} in class {{java.io.ObjectInputStream}} \[ [SCG 2009|AA. References#SCG 09]\].

Risk Assessment

Invoking overridable methods from the readObject() method can lead to initialization errors.

...

Secure Coding Guidelines for the Java Programming Language, Version 3.0

Guideline 4-4. Prevent constructors from calling methods that can be overridden

Bibliography

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="f64715c1-c0a3-446d-9974-eefbdabb8fe7"><ac:plain-text-body><![CDATA [ [[API 2006AA. References#API 06] ]

 

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="ea5453ad-9551-4a52-b6d3-4c3321b09c06"><ac:plain-text-body><![CDATA[

[ [Bloch 2008AA. References#Bloch 08] ]

Item 17. Design and document for inheritance or else prohibit it ]]></ac:plain-text-body></ac:structured-macro>

...

      13. Serialization (SER)