SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 74

changes.mady.by.user Carol J. Lallier

Saved on

compared with

New Version Current

changes.mady.by.user Michal Rozenau

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Parasoft Jtest 2021.1

...

Code Block
bgColor#ccccff
private void readObject(final ObjectInputStream stream)
                        throws IOException, ClassNotFoundException {
  stream.defaultReadObject();
}

Exceptions

SER09-J-EX0: The readObject() method may invoke the overridable methods defaultReadObject() and readFields() in class java.io.ObjectInputStream [SCG 2009].

...

Invoking overridable methods from the readObject() method can lead to initialization errors.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

SER09-J

Low

Probable

Medium

P4

L3

Automated Detection

ToolVersionCheckerDescription
Parasoft Jtest

Include Page
Parasoft_V
Parasoft_V

CERT.SER09.VREADOBJDo not invoke overridable methods from the readObject() method

Related Guidelines

Secure Coding Guidelines for Java SE, Version 5.0

Guideline 7-4 / OBJECT-4: Prevent constructors from calling methods that can be overridden

Bibliography

[API 2014]

 


[Bloch 2008]

Item 17, "Design and Document for Inheritance or Else Prohibit It"

[SCG 2009]
 

...



...