SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 36

changes.mady.by.user Shannon Haas

Saved on

compared with

New Version 37

changes.mady.by.user vishal patel

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: fixing code sample for compilation

...

This noncompliant code example incorrectly uses the Object.equals() method to compare two arrays.

Code Block
bgColor#FFCCCC
public void arrayEqualsExample(){

int[] arr1 = new int[20]; // initialized to 0
int[] arr2 = new int[20]; // initialized to 0
arr1.equals(arr2); // false

}

Compliant Solution

This compliant solution compares the two arrays using the two-argument Arrays.equals() method.

Code Block
bgColor#ccccff

public void arrayEqualsExample(){

int[] arr1 = new int[20]; // initialized to 0
int[] arr2 = new int[20]; // initialized to 0
Arrays.equals(arr1, arr2); // true

}

Risk Assessment

Using the equals() method or relational operators with the intention of comparing array contents produces incorrect results, which can lead to vulnerabilities.

...

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="9696aa85add6ef77-c4088209-47a645fa-9b0687d9-855fe0da087df289ce98341f"><ac:plain-text-body><![CDATA[

[[API 2006

AA. Bibliography#API 06]]

[Class Arrays

http://download.oracle.com/javase/6/docs/api/java/util/Arrays.html]

]]></ac:plain-text-body></ac:structured-macro>

...