False positive for S2055 when SerializationProxy pattern is used

Rules and Languages Report False-positive / False-negative...
, ,
1

When using SerializationProxy pattern non-serializable ancestor of serializable class does not need to have no-parameter constructor, however SonarLint thinks that it is an issue.

  • SonarLint plugin for IntelliJ Idea, version 4.4.0.14142

Example:

package com.example

import org.apache.commons.lang3.SerializationUtils;

import java.io.Serializable;

class Point {
    int x;
    int y;

    Point(int x, int y) {
        this.x = x;
        this.y = y;
    }
}

class SerializablePoint extends Point implements Serializable {

    public SerializablePoint(int x, int y) {
        super(x, y);
    }

    protected Object writeReplace() {
        return new SerializationProxy(x, y);
    }

    private static class SerializationProxy implements Serializable {
        int x;
        int y;

        SerializationProxy(int x, int y) {
            this.x = x;
            this.y = y;
        }

        private Object readResolve() {
            return new SerializablePoint(x, y);
        }
    }

    public static void main(String[] args) {
        SerializablePoint serializablePoint = new SerializablePoint(1, 1);
        SerializationUtils.clone(serializablePoint);
    }
}
2

Hi Bartłomiej,
You’re right, ticket created: SONARJAVA-3275
Thanks for the feedback!

3

Superb, thank you!

4

And I’m glad to say that this false positive was fixed yesterday and will be part of version 6.1!

Best,
Quentin