[bugfix] Remove invalid marked transient on cacheKey as reported by sonarlint

[hazendaz]

Test cases written around this to avoid this serious flaw in the future,
configured origin of scanning asking for transient to be added, added
comment about when this would actually fail serialization, and wrote
test for that as well.

---

Note: revert #989

[hazendaz]

#989 issue is invalid given bulk of use-case. The fix actually made things worse. While a real non serializable issue would get that error, the general valid use case will not get null on underlying object list defeating purpose of the class. Test case provided shows both bad case that is not serializable and valid case that is.

[hazendaz]

hang on on this...fixing mistakenly added commit.

[hazendaz]

OK - ready to go.

[hazendaz]

Note: Attempting to make updateList transient again will cause a failure in both unit tests as null pointer exceptions. This is expected behaviour and will prevent accidently doing this in the future.

[FrantaM]

No need to use files - ByteArrayOutputStream and ByteArrayInputStream will do just fine.

[hazendaz]

Can you show me how to do that and read the data back? I was using ByteArrayOutputStream but then wanted to read it back so changed to files.

[FrantaM]

private static <T> T serialize(T object) throws Exception {
    ByteArrayOutputStream baos = new ByteArrayOutputStream();
    new ObjectOutputStream(baos).writeObject(object);
 
    ByteArrayInputStream bais = new ByteArrayInputStream(baos.toByteArray());
    return (T) new ObjectInputStream(bais).readObject();
}

[hazendaz]

@FrantaM Merging now, will look at any comments you have back or re-view later when I have some more time. This for now will get master back in working state for you. Thanks.

[hazendaz]

Thank you! I learned quite a bit on this one. I'm going to use this guidance over on the testing framework I mentioned. Thanks for the help and sorry for the mess this caused. Get Outlook for Android<https://aka.ms/ghei36>

________________________________ From: FrantaM <notifications@github.com> Sent: Monday, August 21, 2017 6:30:47 PM To: mybatis/mybatis-3 Cc: Jeremy Landis; State change Subject: Re: [mybatis/mybatis-3] [bugfix] Remove invalid marked transient on cacheKey as reported by sonarlint (#1084) @FrantaM commented on this pull request.

________________________________ In src/test/java/org/apache/ibatis/cache/CacheKeyTest.java<#1084 (comment)>:

+ @test (expected = NotSerializableException.class)

+ public void serializationExceptionTest() throws ClassNotFoundException, IOException { + CacheKey cacheKey = new CacheKey(); + cacheKey.update(new Object()); + canSerialize(cacheKey); + } + + @test + public void serializationTest() throws ClassNotFoundException, IOException { + CacheKey cacheKey = new CacheKey(); + cacheKey.update("serializable"); + canSerialize(cacheKey); + } + + private void canSerialize(final CacheKey object) throws ClassNotFoundException, IOException { + FileOutputStream fout = new FileOutputStream("target/address.ser"); private static <T> T serialize(T object) throws Exception { ByteArrayOutputStream baos = new ByteArrayOutputStream(); new ObjectOutputStream(baos).writeObject(object); ByteArrayInputStream bais = new ByteArrayInputStream(baos.toByteArray()); return (T) new ObjectInputStream(bais).readObject(); } — You are receiving this because you modified the open/close state. Reply to this email directly, view it on GitHub<#1084 (comment)>, or mute the thread<https://github.com/notifications/unsubscribe-auth/AA7ho-lyqioSpxAH1oi_NzPugOa0jBnwks5sagUXgaJpZM4O9zPP>.