SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 43

changes.mady.by.user Shannon Haas

Saved on

compared with

New Version 44

changes.mady.by.user Shannon Haas

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Wiki Markup
Note that these methods must be declared private for any serializable class. Serializable classes may also implement the {{readResolve()}} and {{writeReplace()}} methods. 
According to the Serialization Specification \[[Sun 2006|AA. Bibliography#Sun 06]\], {{readResolve()}} and {{writeReplace()}} method documentation:

...

It is possible to add any access-specifier to the readResolve() and writeReplace() methods. However, if these methods are declared private, extending classes cannot invoke or override them. Similarly, if these methods are declared static, extending classes cannot override the methodthese methods; they can only hide itthem.

Deviating from these method signatures produces a method that is not invoked during object serialization or deserialization. Such methods, especially if declared public, might be accessible to untrusted code.

...

This noncompliant code example shows a class Ser with a private constructor, indicating that code external to the class should not be able unable to create instances of it. The class implements java.io.Serializable and defines public readObject() and writeObject() methods. Consequently, untrusted code can obtain the reconstituted objects by using readObject() and can write to the stream by using writeObject().

Code Block
bgColor#FFcccc
public class Ser implements Serializable {
  private final long serialVersionUID = 123456789;
  private Ser() {
    // initialize
  }
  public static void writeObject(final ObjectOutputStream stream)
    throws IOException {
    stream.defaultWriteObject();
  }
	
  public static void readObject(final ObjectInputStream stream)
      throws IOException, ClassNotFoundException {
    stream.defaultReadObject();
  }
}

...

Deviating from the proper signatures of serialization methods can lead to unexpected behavior. Failure to limit the accessibility of the readObject() and writeObject() methods can leave code vulnerable to untrusted invocations. Declaring readResolve() and writeReplace() methods to be static or private can force subclasses to silently ignore them, while declaring them public permits allows them to be invoked by untrusted code.

...

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="402323d790cf6cf5-cba46f37-42a54a71-8e4c9056-c8b05d69bcd888d5622472ce"><ac:plain-text-body><![CDATA[

[[API 2006

AA. Bibliography#API 06]]

Serializable

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="7621f56f2e240aa3-65805e58-4e55486a-932092cb-9cb55b3e5dedc41cd2e34905"><ac:plain-text-body><![CDATA[

[[Sun 2006

AA. Bibliography#Sun 06]]

Serialization Specification

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="31e77473d94e6aec-e76ef737-429742d2-a1c598c5-93d12094e7f33c1eeb3c5174"><ac:plain-text-body><![CDATA[

[[Ware 2008

AA. Bibliography#Ware 08]]

 

]]></ac:plain-text-body></ac:structured-macro>

...