JD.EQ.ARR
JD.EQ.ARR is reported when two arrays are compared through an equals() method.
Vulnerability and risk
Method equals() called on array operates the same as a '==' operator, comparing references, not the array itself. It is most likely an error; a deep array comparison is required.
Mitigation and prevention
Either change this method invocation to an invocation of a deep array comparison Arrays.equals(arr1,arr2) or use a direct reference comparison arr1==arr2 (but only if the objects are exactly the same.)
Example 1
Copy
static class MyClass {
String names[];
public boolean equals(Object o) {
if (!(o instanceof MyClass))
return false;
MyClass m = (MyClass)o;
return this.names.equals(m.names);
}
}
JD.EQ.ARR is reported for 'equals' call on line 15: Comparison of arrays using the 'equals' method. For arrays, 'equals' compares the identities of the two arrays - not the values of the array contents. Should probably be replaced with java.util.Arrays.equals(...) call.