Page Information

Title:	SER05-J. Do not serialize instances of inner classes
Author:	Dhruv Mohindra	Feb 28, 2009
Last Changed by:	David Svoboda	Feb 03, 2025
Tiny Link: (useful for email)	https://wiki.sei.cmu.edu/confluence/x/ZTdGBQ
Export As:	Word · PDF

SEI CERT Oracle Coding Standard for Java (1)     Page: SER04-J. Do not allow serialization and deserialization to bypass the security manager

Parent Page     Page: Rule 14. Serialization (SER)

• ser
• android-applicable
• android
• rule
• analyzable

Time	Editor
Feb 03, 2025 08:36	David Svoboda	View Changes
Dec 20, 2018 11:34	Alexandre GIGLEUX	View Changes
Jul 21, 2017 10:07	G. Ann Campbell	View Changes
Feb 26, 2016 11:15	G. Ann Campbell	View Changes
Jun 26, 2015 11:17	Carol J. Lallier

External Links (8)
    docs.oracle.com/javase/specs/jls/se8/html/jls-8.html#jls-8.…
    download.oracle.com/javase/6/docs/platform/serialization/sp…
    https://rules.sonarsource.com/java/RSPEC-2066
    cwe.mitre.org/
    https://rules.sonarsource.com/java/RSPEC-2059
    https://docs.oracle.com/javase/8/docs/api/java/io/Externali…
    https://docs.oracle.com/javase/8/docs/api/java/io/Serializa…
    cwe.mitre.org/data/definitions/499.html

SEI CERT Oracle Coding Standard for Java (7)     Page: Rule 14. Serialization (SER)     Page: SonarQube     Home page: SEI CERT Oracle Coding Standard for Java     Page: SER04-J. Do not allow serialization and deserialization to bypass the security manager     Page: SonarQube_V     Page: SER06-J. Make defensive copies of private mutable components during deserialization     Page: Rule AA. References