SemmleCode Professional comes with a wide range of pre-packaged analyses, from architectural properties and metrics, to statement-level checks for likely bugs and violations of best practice.

Externalizable Class without Public No-Argument Constructor

This query finds classes implementing java.io.Externalizable which do not have a public no-argument constructor.

The JDK API documentation for Externalizable states:

When an Externalizable object is reconstructed, an instance is created using the public no-arg constructor, then the readExternal method called.

How to Interpret the Query Results

The query flags all offending classes and provides a list of all detected occurrences in the results view.

How to Address the Query Results

Make sure that externalizable classes always have a no-argument constructor.

Source Code

import default

from Class extern, Interface externalizable
where externalizable.hasQualifiedName("java.io", "Externalizable") and
      extern.hasSupertype+(externalizable) and
      not extern.hasModifier("abstract") and
      not exists(Constructor c | c = extern.getAConstructor() and
                                 c.hasNoParameters() and
                                 c.hasModifier("public"))
select extern, "This class is Externalizable but has no public no-argument constructor."

References

JDK API documentation for interface Externalizable