Potentially invalid warning for s1948 in IntelliJ

OS: Windows 10, Ubuntu
SonarLint SonarSource
Connected to SonarQube Enterprise Edition Version 7.9.4 (build 35981)

s1948 rule: Fields in a “Serializable” class should either be transient or serializable

SonarLint appears to be incorrectly detecting this rule as broken in a specific scenario:

class CustomSerializable implements Serializable {}

class AnotherCustomerSerializable implements Serializable {
    private CustomSerializable customSerializable;

SonarLint will flag the object of type CustomSerializable in the AnotherCustomerSerializable class for breaking s1948, suggesting that it should either be transient or Serializable. In this scenario, CustomSerializable implements the Serializable interface already and so is-a Serializable, which should negate the need to instantiate customSerializable explicitly as type Serializable.

The Java docs indicate that “A Java object is serializable if its class or any of its superclasses implements either the java.io.Serializable interface or its subinterface, java.io.Externalizable” (available here) which seems to indicate that above warning for s1948 in this case is incorrect - am I misinterpreting the rule here?


Welcome to the community!

Even with the latest version of SonarLint, if you’re connected to an old version of SonarQube, you’re going to get old versions of the rules. And SonarQube 7.9.4 is old.

Could you disconnect from SonarQube and see if it’s still a problem? Disconnecting will force the newest version of the rule, which is embedded in your SonarLint version, to be used.


I have replicated this issue with SonarLint standalone:

Behaviour is still as described above

1 Like

Is this issue still being looked in to?

Thank you for reporting @CianS!

We have tried to reproduce locally but failed. We are wondering for instance whether the classes come from different jars…

Do you think it would be possible for you to provide a standalone reproducer? E.g. on github?