CSHARP.CLASS.SER.FNON : Nonserializable Field (C#)

JavaScript is not currently enabled, but is required for full CodeSonar manual search and browse functionality.

If you are viewing this file in your hub's Web GUI, enable JavaScript in your browser: you will also need it for GUI functionality.

If you opened this file directly from disk, your browser may be directly suppressing JavaScript functionality: certain browsers perform this suppression on local files (but not files delivered by web servers) for security reasons.

If you access the manual through the hub's Web GUI, the functionality will not be suppressed because the hub is a web server.
Alternatively, your browser may allow you to explicitly disable the security setting that suppresses functionality. See the CodeSonar FAQ for more information.

A non-transient field of a serializable class might hold a non-serializable value.

If CSHARP_ANALYSIS_PEDANTIC_MODE=Yes, there is no special treatment for fields of standard container classes.

If CSHARP_ANALYSIS_PEDANTIC_MODE=No, the analysis will treat all container classes from the standard library as serializable: warnings will not be issued for fields of these classes, regardless of the library implementation used.

Serialization allows one to dump an object into a file and recover (deserialize) it later. For this to work, C# requires the class of the object to implement the System.Runtime.Serialization.ISerializable interface. Moreover, all instance non-transient fields of the class must be serializable themselves. For inner non-static classes, also the outer class must be serializable. In order to distinguish dumps of objects for distinct versions of the same class, it is required that serializable classes define a static field containing the serial version of the class.

クラス名

Nonserializable Field (C#)

日本語クラス名

Nonserializable Field (C#)

クラス分類

信頼性 (reliability)

ニーモニック

CSHARP.CLASS.SER.FNON

カテゴリー

CWE	CWE:913	Improper Control of Dynamically-Managed Code Resources

対応言語

C# で利用可能です。

有効/無効設定

このワーニングクラスのチェックはデフォルトで有効になっています。チェックを無効にするにはプロジェクト設定ファイル（configuration file）に以下の WARNING_FILTER ルールを追加してください。

WARNING_FILTER += discard class="Nonserializable Field (C#)"

using System.Runtime.Serialization;
namespace DocumentationExamples
{
    public class Serialization : ISerializable
    {
        public static void Main(string[] args)
        { }

        private readonly object f;         // Nonserializable Field (C#) warning issued here 
        private readonly SerializationC.Inner inner;

        public Serialization(object f)
        {
            this.f = f;
            inner = new SerializationC.Inner();
        }
        public void GetObjectData(SerializationInfo info, StreamingContext context) { }
    }
    public class SerializationC
    {
        public class Inner : ISerializable  // Nonserializable Outer Class (C#) warning issued here 
        {
            public void GetObjectData(SerializationInfo info, StreamingContext context) { }
        }
    }
    
}

Guarantee that all instance non-transient fields of a serializable class are themselves serializable. Make inner serializable classes have a serializable outer class, or make them static.

設定ファイルの以下のパラメータがこのワーニングクラスのチェックに影響します。

CSHARP.CLASS.SER.FNON : Nonserializable Field (C#)

要旨

プロパティ

例

解決法

関連のある設定ファイルパラメータ