rspec/rules/S2059/java/rule.adoc

== Why is this an issue?

Serializing a non-``++static++`` inner class will result in an attempt at serializing the outer class as well. If the outer class is actually serializable, then the serialization will succeed but possibly write out far more data than was intended. 


Making the inner class ``++static++`` (i.e. "nested") avoids this problem, therefore inner classes should be ``++static++`` if possible. However, you should be aware that there are semantic differences between an inner class and a nested one: 

* an inner class can only be instantiated within the context of an instance of the outer class. 
* a nested (``++static++``) class can be instantiated independently of the outer class.


=== Noncompliant code example

[source,java]
----
public class Raspberry implements Serializable {
  // ...

  public class Drupelet implements Serializable {  // Noncompliant; output may be too large
    // ...
  }
}
----


=== Compliant solution

[source,java]
----
public class Raspberry implements Serializable {
  // ...

  public static class Drupelet implements Serializable {
    // ...
  }
}
----


== Resources

* https://wiki.sei.cmu.edu/confluence/x/ZTdGBQ[CERT, SER05-J.] - Do not serialize instances of inner classes


ifdef::env-github,rspecator-view[]

'''
== Implementation Specification
(visible only on this page)

include::message.adoc[]

'''
== Comments And Links
(visible only on this page)

include::comments-and-links.adoc[]
endif::env-github,rspecator-view[]
migrate rule descriptions to new education format 2023-05-03 11:06:20 +02:00			`== Why is this an issue?`

Restructure one-lang rspecs 2021-04-28 16:49:39 +02:00			Serializing a non-``++static++`` inner class will result in an attempt at serializing the outer class as well. If the outer class is actually serializable, then the serialization will succeed but possibly write out far more data than was intended.


			Making the inner class ``++static++`` (i.e. "nested") avoids this problem, therefore inner classes should be ``++static++`` if possible. However, you should be aware that there are semantic differences between an inner class and a nested one:

			`* an inner class can only be instantiated within the context of an instance of the outer class.`
			* a nested (``++static++``) class can be instantiated independently of the outer class.

Fix the missing default metadata fields 2021-04-28 18:08:03 +02:00
migrate rule descriptions to new education format 2023-05-03 11:06:20 +02:00			`=== Noncompliant code example`
Restructure one-lang rspecs 2021-04-28 16:49:39 +02:00
RULEAPI-661: Add syntax coloring 2022-02-04 17:28:24 +01:00			`[source,java]`
Restructure one-lang rspecs 2021-04-28 16:49:39 +02:00			`----`
			`public class Raspberry implements Serializable {`
			`// ...`

			`public class Drupelet implements Serializable { // Noncompliant; output may be too large`
			`// ...`
			`}`
			`}`
			`----`

Fix the missing default metadata fields 2021-04-28 18:08:03 +02:00
migrate rule descriptions to new education format 2023-05-03 11:06:20 +02:00			`=== Compliant solution`
Restructure one-lang rspecs 2021-04-28 16:49:39 +02:00
RULEAPI-661: Add syntax coloring 2022-02-04 17:28:24 +01:00			`[source,java]`
Restructure one-lang rspecs 2021-04-28 16:49:39 +02:00			`----`
			`public class Raspberry implements Serializable {`
			`// ...`

			`public static class Drupelet implements Serializable {`
			`// ...`
			`}`
			`}`
			`----`

Fix the missing default metadata fields 2021-04-28 18:08:03 +02:00
migrate rule descriptions to new education format 2023-05-03 11:06:20 +02:00			`== Resources`
Restructure one-lang rspecs 2021-04-28 16:49:39 +02:00
			`* https://wiki.sei.cmu.edu/confluence/x/ZTdGBQ[CERT, SER05-J.] - Do not serialize instances of inner classes`
Fix the missing default metadata fields 2021-04-28 18:08:03 +02:00
Export comments and rspec-to-rspec links from jira 2021-06-02 20:44:38 +02:00
Fix the comment display: rule-id, timestamp, GH visibility, link direction 2021-06-03 09:05:38 +02:00			`ifdef::env-github,rspecator-view[]`
RULEAPI-666: Migrate the "List of parameters", "Highlighting" and "Message" fields from jira RSPEC (#346) 2021-09-20 15:38:42 +02:00
			`'''`
			`== Implementation Specification`
			`(visible only on this page)`

			`include::message.adoc[]`

RULEAPI-576: add a horizontal rule between rule description and comments 2021-06-08 15:52:13 +02:00			`'''`
Export comments and rspec-to-rspec links from jira 2021-06-02 20:44:38 +02:00			`== Comments And Links`
			`(visible only on this page)`

			`include::comments-and-links.adoc[]`
Fix the comment display: rule-id, timestamp, GH visibility, link direction 2021-06-03 09:05:38 +02:00			`endif::env-github,rspecator-view[]`