hohn/codeql
1
0
Fork 0
mirror of https://github.com/github/codeql.git synced 2026-04-25 16:55:19 +02:00
Code Issues Packages Projects Releases Wiki Activity

Merge branch 'main' into post-release-prep/codeql-cli-2.20.1

Browse Source
This commit is contained in:
Owen Mansel-Chan
2025-01-08 16:28:23 +00:00
committed by GitHub
parent fb20f6ca63 5cc34a16d1
commit 0f8f5d2793
211 changed files with 22830 additions and 10264 deletions
Download Patch File Download Diff File Expand all files Collapse all files

10
java/ql/src/Likely Bugs/Serialization/MissingVoidConstructorsOnSerializable.ql
View File

@@ -24,6 +24,16 @@ where
c.hasNoParameters() and
not c.isPrivate()
) and
// Assume if an object replaces itself prior to serialization,
// then it is unlikely to be directly deserialized.
// That means it won't need to comply with default serialization rules,
// such as non-serializable super-classes having a no-argument constructor.
not exists(Method m |
m = serial.getAMethod() and
m.hasName("writeReplace") and
m.getReturnType() instanceof TypeObject and
m.hasNoParameters()
) and
serial.fromSource()
select serial,
"This class is serializable, but its non-serializable " +

4
java/ql/src/change-notes/2025-01-06-write-replace-serializable.md Normal file
View File

@@ -0,0 +1,4 @@
---
category: fix
---
* Classes that define a `writeReplace` method are no longer flagged by the `java/missing-no-arg-constructor-on-serializable` query on the assumption they are unlikely to be deserialized using the default algorithm.