Start line:  
End line:  

Snippet Preview

Snippet HTML Code

Stack Overflow Questions
   * fb-contrib - Auxiliary detectors for Java programs
   * Copyright (C) 2005-2013 Dave Brosius
   * This library is free software; you can redistribute it and/or
   * modify it under the terms of the GNU Lesser General Public
   * License as published by the Free Software Foundation; either
   * version 2.1 of the License, or (at your option) any later version.
  * This library is distributed in the hope that it will be useful,
  * but WITHOUT ANY WARRANTY; without even the implied warranty of
  * Lesser General Public License for more details.
  * You should have received a copy of the GNU Lesser General Public
  * License along with this library; if not, write to the Free Software
  * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 package com.mebigfatguy.fbcontrib.detect;
 import  org.apache.bcel.classfile.Field;
 import  org.apache.bcel.classfile.JavaClass;
 import  org.apache.bcel.classfile.Method;
 import  edu.umd.cs.findbugs.BugInstance;
 import  edu.umd.cs.findbugs.BugReporter;
 import  edu.umd.cs.findbugs.Detector;

looks for classes that don't handle serialization of parent class member fields when the class in question is serializable but is derived from non serializable classes.
 public class PossibleIncompleteSerialization implements Detector
 	private BugReporter bugReporter;

constructs a PIS detector given the reporter to report bugs on

bugReporter the sync of bug reports
 	public PossibleIncompleteSerialization(BugReporter bugReporter) {
 		this. = bugReporter;

implements the visitor to look for classes that are serializable, and are derived from non serializable classes and don't either implement methods in Externalizable or Serializable to save parent class fields.

classContext the context object of the currently parsed class
 	public void visitClassContext(ClassContext classContext) {
 		try {
 			JavaClass cls = classContext.getJavaClass();
 			if (isSerializable(cls)) {
 				JavaClass superCls = cls.getSuperClass();
 				if (!isSerializable(superCls)) {
 					if (hasSerializableFields(superCls)) {
 						if (!hasSerializingMethods(cls)) {
 		} catch (ClassNotFoundException cnfe) {
 		} finally {

returns if the class implements Serializable or Externalizable

if the class implements Serializable or Externalizable
 	private boolean isSerializable(JavaClass clsthrows ClassNotFoundException {
 		JavaClass[] infs = cls.getAllInterfaces();
 		for (JavaClass inf : infs) {
 			String clsName = inf.getClassName();
 			if ("".equals(clsName)
 			||  "".equals(clsName))
 				return true;
 		return false;

looks for fields that are candidates for serialization

if their is a field that looks like it should be serialized
class the class to look for fields
 	private boolean hasSerializableFields(JavaClass cls) {
 		Field[] fields = cls.getFields();
		for (Field f : fields) {
			if (!f.isStatic() && !f.isTransient() && !f.isSynthetic())
				return true;
		return false;

looks to see if this class implements method described by Serializable or Externalizable

whether the class handles it's own serializing/externalizing
cls the class to examine for serializing methods
	private boolean hasSerializingMethods(JavaClass cls) {
		Method[] methods = cls.getMethods();
		for (Method m : methods) {
			if (!m.isStatic()) {
				String methodName = m.getName();
				String methodSig = m.getSignature();
				if ("writeObject".equals(methodName
				&&  "(Ljava/io/ObjectOutputStream;)V".equals(methodSig))
					return true;
				if ("writeExternal".equals(methodName)
				&&  "(Ljava/io/ObjectOutput;)V".equals(methodSig)) 
					return true;
		return false;
	public void report() {
New to GrepCode? Check out our FAQ X