JD.CAST.KEY
JD.CAST.KEY is reported when the type of key used to retrieve a collection element differs from the type of key used to put the object into the collection.
Vulnerability and risk
The expected element will not be found in the collection, since no elements were put into the collection with a key of this type.
Mitigation and prevention
Check if the collection is expected to contain keys of different types. Check if the key used to retrieve an element from the collection is of the correct type.
Example 1
Copy
public class JD_CAST_KEY_Sample_1 {
HashMap len=new HashMap();
void fill(File dir){
File[] list = dir.listFiles();
for (int i = 0; i < list.length; i++) {
File file = list[i];
len.put(file, new Long(file.length()));
}
}
int getLength(String file){
Long l = (Long) len.get(file);
if (l!=null) return l.intValue();
return 0;
}
}
JD.CAST.KEY is reported for call to 'len.get(file)' on line 24: Suspicious key of type 'java.lang.String' used to retrieve a collection element. Object was put into the collection with key of type 'java.io.File'.