JDK 14 RFR of JDK-8231262: Suppress warnings on non-serializable instance fields in security libs serializable classes
Joe Darcy
joe.darcy at oracle.com
Mon Sep 23 20:16:32 UTC 2019
Hi Sean,
On 9/23/2019 12:19 PM, Sean Mullan wrote:
> Hi Joe,
>
> It's a little odd to suppress the warnings in the X509CertImpl class
> since it is a subclass of java.security.cert.Certificate which
> implements the writeReplace method so these fields are not serialized.
>
> Also for other classes like X509Key which are internal it is a little
> odd to suppress the warnings for fields like bitStringKey that are not
> Serializable and are never serialized. It is probably better to mark
> them as transient, but I'm not really sure it is worth making those
> changes for otherwise stable code. I guess when I look at some of the
> warnings, I might think there is an issue when there really isn't.
>
> I suppose these are not things you can easily detect at compile time,
> but I am wondering what you think.
>
>
Thanks for the feedback. One motivation to send out these review is to
help tune-up the warning analysis.
A brief philosophical note, when designing any sort of warning scheme
the cost of false positives vs false negatives needs to be weighed as
any static check can likely only approximate the full range of dynamic
behavior. The checks as written give up, i.e. do not attempt to analyze
and warn, if the class uses serialPersistentFields. It would be possible
for the checks to similarly decline to analyze if any of the various
write* or read* serialization methods are defined. My current impression
is that the net benefit for the checks when write* methods are defined
is still worthwhile, even though there are some false positives.
As you observe, given the handling of the serial methods, bitStringKey
in X509Key is effectively transient. I think it would be better serial
coding for the field to be explicitly marked as transient to make it
more obviously consistent with the implementation. Moreover, all the
instance fields in X509Key except encodedKey look to be effectively
transient. Since the class already has a serialVersionUID, marking the
fields as transient is a serial-compatible change.
Cheers,
-Joe
More information about the security-dev
mailing list