JD.EQ.ARR
JD.EQ.ARR is reported when two arrays are compared through an equals() method.
Vulnerability and risk
Method equals() called on array operates the same as a '==' operator, comparing references, not the array itself. It is most likely an error; a deep array comparison is required.
Mitigation and prevention
Either change this method invocation to an invocation of a deep array comparison Arrays.equals(arr1,arr2) or use a direct reference comparison arr1==arr2 (but only if the objects are exactly the same.)
Example 1
9 static class MyClass {
10 String names[];
11 public boolean equals(Object o) {
12 if (!(o instanceof MyClass))
13 return false;
14 MyClass m = (MyClass)o;
15 return this.names.equals(m.names);
16 }
17 }
JD.EQ.ARR is reported for 'equals' call on line 15: Comparison of arrays using the 'equals' method. For arrays, 'equals' compares the identities of the two arrays - not the values of the array contents. Should probably be replaced with java.util.Arrays.equals(...) call.
