Skip to main content
GitHub

MSC08-J. Do not store nonserializable objects as attributes in an HTTP session

This rule is a stub.

Noncompliant Code Example

This noncompliant code example shows an example where ...

Non-compliant code

Compliant Solution

In this compliant solution, ...

Compliant code

Risk Assessment

If nonserializable objects are stored as attributes in an HTTP session then ...

RuleSeverityLikelihoodDetectableRepairablePriorityLevel
MSC08-JLowProbableNoNoP2L3

Automated Detection

ToolVersionCheckerDescription
Security Reviewer - Static Reviewer
6.02
NonSerializableObjectFull Implementation

Bibliography

[ Fortify 2014 ]Fortify Diagnostic
HTTPSession J2EE Documentation Note. This is a JavaEE 5 reference. I cannot find the corresponding API in Java 7.