Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Java: exclude writeReplace-defining classes from Serializable check #18415

Merged
merged 4 commits into from
Jan 7, 2025
Merged

Java: exclude writeReplace-defining classes from Serializable check #18415

merged 4 commits into from
Jan 7, 2025

Conversation

smowton
Copy link
Contributor

@smowton smowton commented Jan 6, 2025

#18371 notes that it is a common pattern to define writeReplace and thereby avoid needing to meet the default algorithm's requirements of Serializable-tagged classes.

This is imprecise since in general the defining class might show up in an object stream anyhow (old version; writeReplace that sometimes keeps the original object or another of the same type; etc), but the query is of low importance anyhow so I went for a low-effort fix. This should simply reduce noise for people using the security-and-quality suite.

@Copilot Copilot bot review requested due to automatic review settings January 6, 2025 14:48
@smowton smowton requested a review from a team as a code owner January 6, 2025 14:48
Copilot
Copilot AI reviewed Jan 6, 2025
View reviewed changes
Copy link
Contributor

@Copilot Copilot AI left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Copilot reviewed 2 out of 5 changed files in this pull request and generated 1 comment.

Files not reviewed (3)
  • java/ql/src/Likely Bugs/Serialization/MissingVoidConstructorsOnSerializable.ql: Language not supported
  • java/ql/test/query-tests/MissingVoidConstructorsOnSerializable/MissingVoidConstructorsOnSerializable.expected: Language not supported
  • java/ql/test/query-tests/MissingVoidConstructorsOnSerializable/MissingVoidConstructorsOnSerializable.qlref: Language not supported

Tip: Copilot code review supports C#, Go, Java, JavaScript, Markdown, Python, Ruby and TypeScript, with more languages coming soon. Learn more

java/ql/test/query-tests/MissingVoidConstructorsOnSerializable/Test.java Outdated Show resolved Hide resolved
igfoo
igfoo previously approved these changes Jan 6, 2025
View reviewed changes
Copy link
Contributor

@igfoo igfoo left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

LGTM, modulo the typo

@smowton
Copy link
Contributor Author

smowton commented Jan 6, 2025

@igfoo fixed; please re-approve

owen-mc
owen-mc approved these changes Jan 7, 2025
View reviewed changes
Copy link
Contributor

@owen-mc owen-mc left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Proxying previous approval

@smowton smowton merged commit 1761721 into github:main Jan 7, 2025
15 checks passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

Copilot Copilot left review comments

@owen-mc owen-mc owen-mc approved these changes

@igfoo igfoo igfoo left review comments

Assignees
No one assigned
Labels
documentation Java
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
3 participants
@smowton @igfoo @owen-mc