MC_OVERRIDABLE_METHOD_CALL_IN_READ_OBJECT false positive in 4.8.4 #2957
Description
With 4.8.4 (and latest 4.8.5-SNAPSHOT), I'm getting two false-positive errors:
[ERROR] Medium: Overridable method equals is called from readObject. [org.newsclub.net.unix.AFSocketAddress] At AFSocketAddress.java:[line 906] MC_OVERRIDABLE_METHOD_CALL_IN_READ_OBJECT
[ERROR] Medium: Overridable method readUTF is called from readObject. [org.newsclub.net.unix.AFSocketAddress] At AFSocketAddress.java:[line 905] MC_OVERRIDABLE_METHOD_CALL_IN_READ_OBJECT
Method in question:
private void readObject(ObjectInputStream in) throws ClassNotFoundException, IOException {
in.defaultReadObject();
String af = in.readUTF(); // 905 HERE
if ("undefined".equals(af)) { // 906 HERE
this.addressFamily = null;
} else {
this.addressFamily = Objects.requireNonNull(AFAddressFamily.getAddressFamily(af),
"address family");
}
}
In 905, it's clearly a false-positive because the object has been passed as the ObjectInputStream.
In 906, it's clearly a false-positive because we're operating on a string constant.
I think generally, these errors should not occur because they don't work on this (the instance where readObject is called) but on some other object.
I understand MC_OVERRIDABLE_METHOD_CALL_IN_READ_OBJECT has been newly introduced in 4.8.4.