JD.EQ.ARR

JD.EQ.ARR is reported when two arrays are compared through an equals() method.

Vulnerability and risk

Method equals() called on array operates the same as a '==' operator, comparing references, not the array itself. It is most likely an error; a deep array comparison is required.

Mitigation and prevention

Either change this method invocation to an invocation of a deep array comparison Arrays.equals(arr1,arr2) or use a direct reference comparison arr1==arr2 (but only if the objects are exactly the same.)

Example 1

9
10
11
12
13
14
15
16
17
          static class MyClass {
              String names[];
              public boolean equals(Object o) {
                      if (!(o instanceof MyClass))
                              return false;
                  MyClass m = (MyClass)o;
                      return this.names.equals(m.names);
              }
      }

JD.EQ.ARR is reported for 'equals' call on line 15: Comparison of arrays using the 'equals' method. For arrays, 'equals' compares the identities of the two arrays - not the values of the array contents. Should probably be replaced with java.util.Arrays.equals(...) call.

Related checkers

• JD.EQ.UTA
• JD.EQ.UTC

External guidance

• CERT EXP02-J: Do not use the Object.equals() method to compare two arrays