问题描述
SonarQube 5.1 在查看我的代码后标记了许多关键问题.然而,类本身和字段中引用的类也是可序列化的.被引用的类通过一个类继承了可序列化的接口.
SonarQube 5.1 marks a lot of critical issues after reviewing my code. However the class itself and the referenced class in the field is also serializable. The referenced class inherits the serializable interface through a class.
这是我的例子
public class A implements Serializable { private B b; // -> Sonarcube markes this field as not serialzable }
而B类定义如下
public class B extends C { .... }
而C类定义如下
public abstract class C extends D { .... }
并且定义了D类
public abstract class D implements Serializable { .... }
在同一个项目上运行 FindBugs 不会发现这些问题.我不确定它是 sonarcube 中的错误还是我的代码有其他问题(C、D 类中的其他字段或其他)
Running FindBugs on the same project does not see these problems. I am not sure if it is a bug in sonarcube or is my code has some other problems (other fields in the classes C,D or something else)
有人知道吗?
推荐答案
可能是因为没有正确提供二进制文件.我的 SonarQube 配置有类似的问题,然后我发现实现 Serializable 的类位于不同的模块和/或外部库中.
It is probably because the binary files are not provided correctly. I had a similar issue with my SonarQube configuration, then I discovered that the classes that implement Serializable are in different modules and/or in an external library.
为 sonar.java.binaries 和 sonar.java.libraries 设置正确的值允许 SonarQube 定位二进制文??件并正确确定类是否可序列化.
Setting correct values for sonar.java.binaries and sonar.java.libraries allow SonarQube to locate the binaries and correctly determine whether or not the classes are serializable.