In my code I have the following line:
private int[][][] shapes;
In the wild it lives inside an enum:
public enum TetrisGamePiece {
private int id;
private int pieceColour;
private int[][][] shapes; // <-- This line is not accepted
private TetrisGamePiece(int id, int colour, int[][] shape1, int[][] shape2, int[][] shape3, int[][] shape4) {
this.id = id;
this.pieceColour = colour;
this.shapes = new int[][][]{shape1, shape2, shape3, shape4};
}
// ... the rest of the enum ...
// i've left out instantiation of objects to save space.
and I get the following mention from sonarqube:
Make "shapes" transient or serializable. Fields in a Serializable class must themselves be either Serializable or transient even if the class is never explicitly serialized or deserialized. That's because under load, most J2EE application frameworks flush objects to disk, and an allegedly Serializable object with non-transient, non-serializable data members could cause program crashes, and open the door to attackers.
As far as I was aware, int[] (and int[][] etc) are serializable. Is this a bug in sonarqube or am I misunderstanding the serializability of arrays of basic types?
edit: added the enum this lives in, just in case the enum type is relevant
As mentioned in the comment by @Simon Brandhof this is indeed a bug in the selected rule.
The issue is due to the fact that primitive are not considered as serializable by the check. Ticket https://jira.codehaus.org/browse/SONARJAVA-918 will fix this issue. Thanks for reporting.