New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
[java] Implement rule NonSerializableClass #4196
Conversation
Generated by 🚫 Danger |
Use rulechain, consider inner classes/enums Use fully qualified name for reporting
Does this violation make sense? Wdyt? AdvisedSupport is serializable. It has a field Regarding the other open point (whether to rename or deprecate the old rule BeanMembersShouldSerialize): The new rule creates significantly less violations, as it only considers serializable classes (only 232 violations vs. 19796). When we rename the rule, this helps anyone who has enabled BeanMembersShouldSerialize now, because most of the false-positive noise will be gone without changing the ruleset. However, maybe nobody has this rule enabled anyway atm? Then some change in the ruleset will be necessary either way: adding NonSerializableClass or removing the exclude for BeanMembersShouldSerialize. So I guess, it doesn't really matter. |
This problem is apparent in other violations, where no interface is involved. For instance here: https://github.com/openjdk/jdk/blob/jdk-11%2B28/src/java.base/share/classes/java/util/AbstractMap.java#L609 While the rule is technically right, it would be very restrictive to require the type parameters to be serializable when the serialization feature might never be used... I think the rule is "more probably" right (true positive) when the field type is a non-abstract class (and not Object). When it's an interface or abstract class or a type parameter, maybe we should skip it conservatively (with a property). If we could, it would be nice to allow reporting these with a lower priority. |
By default, ignore abstract types like abstract classes, interfaces, generic types and java.lang.Object.
I've added the property "checkAbstractTypes" now. There is one more special case: the private static final field That means, that all violations in java.io.ObjectStreamClass (e.g. https://github.com/openjdk/jdk/blob/jdk-11%2B28/src/java.base/share/classes/java/io/ObjectStreamClass.java#L166) are false-positives, because this class defines actually no serializable fields: https://github.com/openjdk/jdk/blob/jdk-11%2B28/src/java.base/share/classes/java/io/ObjectStreamClass.java#L88-L89 This behavior is described here: https://docs.oracle.com/en/java/javase/19/docs/specs/serialization/serial-arch.html#defining-serializable-fields-for-a-class |
[java] Implement rule NonSerializableClass pmd#4196
Related issues
Note: We still need a replacement for BeanMembersShouldSerialize, see #4177
Not sure, whether we should deprecate BeanMembersShouldSerialize without replacements and just add NonSerializableClass as a new rule. The diff shows, that the implementation is completely different...
Ready?
./mvnw clean verify
passes (checked automatically by github actions)