Products
In-IDE
IDE extension that lets you fix coding issues before they exist!
Discover SonarLint
SaaS
Setup is effortless and analysis is automatic for most languages
Discover SonarCloud
Self-Hosted
Fast, accurate analysis; enterprise scalability
Discover SonarQube

Secrets
ABAP
Apex
AzureResourceManager
C
C++
CloudFormation
COBOL
C#
CSS
Docker
Flex
Go
HTML
Java
JavaScript
Kotlin
Kubernetes
Objective C
PHP
PL/I
PL/SQL
Python
RPG
Ruby
Scala
Swift
Terraform
Text
TypeScript
T-SQL
VB.NET
VB6
XML

Java static code analysis

Unique rules to find Bugs, Vulnerabilities, Security Hotspots, and Code Smells in your JAVA code

Filtered: 55 rules found

pitfall

Impact

Clean code attribute

Future keywords should not be used as names
Code Smell
"SecureRandom" seeds should not be predictable
Vulnerability
Getters and setters should access the expected fields
Bug
The signature of "finalize()" should match that of "Object.finalize()"
Bug
Class members annotated with "@VisibleForTesting" should not be accessed from production code
Code Smell
Whitespace and control characters in literals should be explicit
Code Smell
"null" should not be returned from a "Boolean" method
Code Smell
Class names should not shadow interfaces or superclasses
Code Smell
Try-with-resources should be used
Code Smell
"readResolve" methods should be inheritable
Code Smell
Package declaration should match source file directory
Code Smell
Generic wildcard types should not be used in return types
Code Smell
"compareTo" should not be overloaded
Bug
"iterator" should not return "this"
Bug
Conditionally executed code should be reachable
Bug
Child class methods named for parent class methods should be overrides
Bug
Classes extending java.lang.Thread should provide a specific "run" behavior
Bug
Related "if/else if" statements should not have the same condition
Bug
"StringBuilder" and "StringBuffer" should not be instantiated with a character
Bug
Methods should not be named "tostring", "hashcode" or "equal"
Bug
Asserts should not be used to check the parameters of a public method
Code Smell
"Stream.peek" should be used with caution
Code Smell
Raw types should not be used
Code Smell
"Thread" should not be used where a "Runnable" argument is expected
Code Smell
Inner class calls to super class methods should be unambiguous
Code Smell
"ResultSet.isLast()" should not be used
Code Smell
"static" members should be accessed statically
Code Smell
Classes named like "Exception" should extend "Exception" or a subclass
Code Smell
"for" loop stop conditions should be invariant
Code Smell
Non-constructor methods should not have the same name as the enclosing class
Code Smell
Classes from "sun.*" packages should not be used
Code Smell
Only static class initializers should be used
Code Smell
Local variables should not shadow class fields
Code Smell
Avoid using boxed "Boolean" types directly in boolean expressions
Code Smell
Boolean checks should not be inverted
Code Smell
"Collections.EMPTY_LIST", "EMPTY_MAP", and "EMPTY_SET" should not be used
Code Smell
Private fields only used as local variables in methods should become local variables
Code Smell
Threads should not be started in constructors
Code Smell
Octal values should not be used
Code Smell
Spring beans should be considered by "@ComponentScan"
Code Smell
Wildcard imports should not be used
Code Smell
Comparators should be "Serializable"
Code Smell
"Serializable" classes should have a "serialVersionUID"
Code Smell
"switch" statements and expressions should not be nested
Code Smell
Constructors should only call non-overridable methods
Code Smell
Control structures should use curly braces
Code Smell
Constructor injection should be used instead of field injection
Bug
"java.time" classes should be used for dates and times
Code Smell
"NullPointerException" should not be explicitly thrown
Code Smell
Classes and enums with private members should have a constructor
Code Smell
Literal suffixes should be upper case
Code Smell
"serialVersionUID" should not be declared blindly
Code Smell
"private" and "final" methods that don't access instance data should be "static"
Code Smell
"Serializable" inner classes of "Serializable" classes should be static
Code Smell
Functions should not be defined with a variable number of arguments
Code Smell

"readResolve" methods should be inheritable

intentionality - logical

maintainability

Code Smell

CriticalSonarSource default severity
click to learn more

pitfall

Why is this an issue?

Developers may want to add some logic to handle deserialized objects before they are returned to the caller. This can be achieved by implementing the readResolve method.

Non-final classes implementing readResolve should not set its visibility to private as this would make it unavailable to child classes. Instead, mark readResolve as protected, allowing it to be inherited.

Code examples

Noncompliant code example

public class Fruit implements Serializable {
  private static final long serialVersionUID = 1;

  private Object readResolve() throws ObjectStreamException // Noncompliant, `readResolve` should not be private
  {...}

  //...
}

public class Raspberry extends Fruit implements Serializable { // This class has no access to the parent's "readResolve" method
  //...
}

Compliant solution

public class Fruit implements Serializable {
  private static final long serialVersionUID = 1;

  protected Object readResolve() throws ObjectStreamException // Compliant, `readResolve` is protected
  {...}

  //...
}

public class Raspberry extends Fruit implements Serializable { // This class has access to the parent's "readResolve"
  //...
}

Resources

Java Object Serialization Specification - Object Input Classes

Available In:

Catch issues on the fly,
in your IDE

Detect issues in your GitHub, Azure DevOps Services, Bitbucket Cloud, GitLab repositories

Analyze code in your
on-premise CI

© 2008-2023 SonarSource S.A., Switzerland. All content is copyright protected. SONAR, SONARSOURCE, SONARLINT, SONARQUBE, and SONARCLOUD are trademarks of SonarSource S.A. All other trademarks and copyrights are the property of their respective owners. All rights are expressly reserved.
Privacy Policy | Cookie Policy

In-IDE

SaaS

Self-Hosted