SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 76

changes.mady.by.user G. Ann Campbell

Saved on

compared with

New Version Current

changes.mady.by.user Jon O'Donnell

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Failure to provide a consistent serialization mechanism across releases can limit the extensibility of classes. If classes are extended, compatibility issues may result.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

SER00-J

Low

Probable

High

P2

L3

Automated Detection

Automated detection of classes that use the default serialized form is straightforward.

ToolVersionCheckerDescription
SonarQube Java Plugin
CodeSonar
Include Page
CodeSonar_V
CodeSonar_V

JAVA.CLASS.SER.UIDM

Missing Serial Version Field (Java)

Parasoft Jtest

Include Page
Parasoft_V
Parasoft_V

CERT.SER00.DUIDCreate a 'serialVersionUID' for all 'Serializable' classes
SonarQube
Include Page
SonarQube
Java Plugin
_V
SonarQube
Java Plugin
_V
S2057
Implemented

...

"Serializable" classes should have a "serialVersionUID"


Related Guidelines

MITRE CWE

CWE-589, Call to Non-ubiquitous API

Bibliography

[API 2014]

 


[Bloch 2008]

Item 74, "Implement Serialization Judiciously"

[Harold 2006]

Section 13.7.5, "serialPersistentFields"

[Sun 2006]

Java Object Serialization Specification

...


...