Hi, we recently started using the Cloud Manager pipelines to run analysis on our code and one of the critical code smells that keep popping up is the following:
Issue | Type | Severity | Effort | Rule | Tags | Documentation |
Make "cryptoSupport" transient or serializable. | Code Smell | Critical | 30min | squid:S1948 | cwe,serialization | https://www.adobe.com/go/aem_cmcq_s1948_en |
In this case "cryptoSupport" refers to an injected service that implements the com.adobe.granite.crypto.CryptoSupport interface.
@reference
private CryptoSupport cryptoSupport;
My question is: Since we can't make CryptoSupport serializable, is it safe to declare the field as transient? Is there any danger of our servlet (that contains the above service reference) being flushed to disk at some point and failing to restore the service reference later?
Thank you,
William.
Views
Replies
Total Likes
Hi @Williamvdev i believe this is meant for AEM community - https://experienceleaguecommunities.adobe.com/t5/adobe-experience-manager/ct-p/adobe-experience-mana...
The best way to deal with this is to use secret environment variables. https://experienceleague.adobe.com/docs/experience-manager-cloud-service/content/implementing/using-...
Views
Replies
Total Likes