问题描述
SonarQube 5.1 在查看我的代码后标记了许多关键问题.然而,类本身和字段中引用的类也是可序列化的.被引用的类通过一个类继承了可序列化的接口.
SonarQube 5.1 marks a lot of critical issues after reviewing my code. However the class itself and the referenced class in the field is also serializable. The referenced class inherits the serializable interface through a class.
这是我的例子
public class A implements Serializable {
private B b; // -> Sonarcube markes this field as not serialzable
}
而B类定义如下
public class B extends C {
....
}
而C类定义如下
public abstract class C extends D {
....
}
并且定义了D类
public abstract class D implements Serializable {
....
}
在同一个项目上运行 FindBugs 不会发现这些问题.我不确定它是 sonarcube 中的错误还是我的代码有其他问题(C、D 类中的其他字段或其他)
Running FindBugs on the same project does not see these problems.I am not sure if it is a bug in sonarcube or is my code has some other problems (other fields in the classes C,D or something else)
有人知道吗?
推荐答案
可能是因为没有正确提供二进制文件.我的 SonarQube 配置有类似的问题,然后我发现实现 Serializable
的类位于不同的模块和/或外部库中.
It is probably because the binary files are not provided correctly. I had a similar issue with my SonarQube configuration, then I discovered that the classes that implement Serializable
are in different modules and/or in an external library.
为 sonar.java.binaries
和 sonar.java.libraries
设置正确的值允许 SonarQube 定位二进制文件并正确确定类是否可序列化.
Setting correct values for sonar.java.binaries
and sonar.java.libraries
allow SonarQube to locate the binaries and correctly determine whether or not the classes are serializable.
这篇关于制作“课堂"瞬态或可序列化但该类是可序列化的的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持!