Review new DangerousJavaDeserialization error-prone check

apache / iceberg

Apache Iceberg

https://iceberg.apache.org/

Apache License 2.0

6.49k stars 2.24k forks source link

Review new DangerousJavaDeserialization error-prone check #10853

Open findepi opened 3 months ago

findepi commented 3 months ago

DangerousJavaDeserialization is a recently added error-prone check (https://github.com/apache/iceberg/pull/10788). Figure out whether we adjust the code or suppress the check permanently

spotted-cat commented 3 months ago

Can I work on this issue?

Fokko commented 3 months ago

@spotted-cat sure thing! Feel free to reach out when you bump into anything

spotted-cat commented 3 months ago

@spotted-cat sure thing! Feel free to reach out when you bump into anything

Thankyou for offering to help.

So I looked up into the issue, and I am unable to find any documentation for the check DangerousJavaDeserialization which atleast for now I didn't see listed in either Google's error prone docs or of the Palantir Baseline Error prone checks.

Can you point me if I am missing something here?

ebyhr commented 2 months ago

@spotted-cat You can find the code at https://github.com/palantir/gradle-baseline/blob/develop/baseline-error-prone/src/main/java/com/palantir/baseline/errorprone/DangerousJavaDeserialization.java