SONARJAVA-4814 Improved S1948 RSPEC to better explain why public coll…

…ections are a problem (#4698)
SonarSource · Mar 4, 2024 · a39e170 · a39e170
1 parent 0b76498
commit a39e170
Showing 1 changed file with 5 additions and 4 deletions.
diff --git a/sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S1948.html b/sonar-java-plugin/src/main/resources/org/sonar/l10n/java/rules/java/S1948.html
@@ -9,10 +9,11 @@ <h2>Why is this an issue?</h2>
 not exhibit unexpected behaviour when an instance is serialized.</p>
 <p>This rule raises an issue on:</p>
 <ul>
-  <li> non-<code>Serializable</code> fields, </li>
-  <li> collection fields when they are not <code>private</code> (because they could be assigned non-<code>Serializable</code> values externally),
-  </li>
-  <li> when a field is assigned a non-<code>Serializable</code> type within the class. </li>
+  <li> Non-<code>Serializable</code> fields. </li>
+  <li> When a field is assigned a non-<code>Serializable</code> type within the class. </li>
+  <li> Collection fields when they are not <code>private</code>. Values that are not serializable could be added to these collections externally. Due
+  to type erasure, it cannot be guaranteed that the collection will only contain serializable objects at runtime despite being declared as a
+  collection of serializable types. </li>
 </ul>
 <h2>How to fix it</h2>
 <p>Consider the following scenario.</p>