Re-posting this question in the Adobe Experience Manager section
Hi, we recently started using the Cloud Manager pipelines to run analysis on our code and one of the critical code smells that keep popping up is the following:
Issue | Type | Severity | Effort | Rule | Tags | Documentation |
Make "cryptoSupport" transient or serializable. | Code Smell | Critical | 30min | squid:S1948 | cwe,serialization | https://www.adobe.com/go/aem_cmcq_s1948_en |
In this case "cryptoSupport" refers to an injected service that implements the com.adobe.granite.crypto.CryptoSupport interface.
@reference
private CryptoSupport cryptoSupport;
My question is: Since we can't make CryptoSupport serializable, is it safe to declare the field as transient? Is there any danger of our servlet (that contains the above service reference) being flushed to disk at some point and failing to restore the service reference later?
Thank you,
William.
Solved! Go to Solution.
Views
Replies
Total Likes
Hi @Williamvdev
You should be able to make it as transient and it should not have any issue as they will not be part of persistent state.
@Reference
private transient CryptoSupport cryptoSupport;
Thanks!
Hi @Williamvdev
You should be able to make it as transient and it should not have any issue as they will not be part of persistent state.
@Reference
private transient CryptoSupport cryptoSupport;
Thanks!