• Home
• io.github.erroraway
• sonar-erroraway-sonar-plugin
• 2.2.0
• source code
• BanSerializableRead.md

×

Project download

Many resources are needed to download a project. Please understand that we have to compensate our server costs. Thank you in advance.
Project price only 1 $

You can buy this project and download/modify it how often you want.

errorprone.bugpattern.BanSerializableRead.md Maven / Gradle / Ivy

The Java `Serializable` API is very powerful, and very dangerous. Any
consumption of a serialized object that cannot be explicitly trusted will likely
result in a critical remote code execution bug that will give an attacker
control of the application. (See
[Effective Java 3rd Edition §85][ej3e-85])

[ej3e-85]: https://www.google.co.uk/books/edition/Effective_Java/ka2VUBqHiWkC

Consider using less powerful serialization methods, such as JSON or XML.