SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 85

changes.mady.by.user Tracey Tamules

Saved on

compared with

New Version 86

changes.mady.by.user Tracey Tamules

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Never violate any of these requirements when overriding the equals() method.

Noncompliant Code Example (Symmetry)

This noncompliant code example defines a CaseInsensitiveString class that includes a String and overrides the equals() method. The CaseInsensitiveString class knows about ordinary strings but the String class has no knowledge of case-insensitive strings. Consequently, CaseInsensitiveString.equals() method should not attempt to interoperate with objects of the String class.

...

Note that this code also violates MET13-J. Classes that define an equals() method must also define a hashCode() method.

Compliant Solution

In this compliant solution, the CaseInsensitiveString.equals() method is simplified to operate only on instances of the CaseInsensitiveString class, consequently preserving symmetry. The class also defines a hashCode() method.

Code Block
bgColor#ccccff
public final class CaseInsensitiveString {
  private String s;

  public CaseInsensitiveString(String s) {
    if (s == null) {
      throw new NullPointerException();
    }
    this.s = s;
  }

  public boolean equals(Object o) {
    return o instanceof CaseInsensitiveString &&
    ((CaseInsensitiveString)o).s.equalsIgnoreCase(s);
  }

  public int hashCode() {
    // ...
  }

  public static void main(String[] args) {
    CaseInsensitiveString cis = new CaseInsensitiveString("Java");
    String s = "java";
    System.out.println(cis.equals(s)); // Returns false now
    System.out.println(s.equals(cis)); // Returns false now
  }
}

Noncompliant Code Example (Transitivity)

This noncompliant code example defines an XCard class that extends the Card class.

...

In the noncompliant code example, p1 and p2 compare equal and p2 and p3 compare equal, but p1 and p3 compare unequal; this violates the transitivity requirement. The problem is that the Card class has no knowledge of the XCard class and consequently cannot determine that p2 and p3 have different values for the field type.

Compliant Solution

Wiki Markup
Unfortunately, it is impossible to extend an instantiable class (as opposed to an {{abstract}} class) by adding a value or field in the subclass while preserving the {{equals()}} contract. Use composition rather than inheritance to achieve the desired effect \[[Bloch 2008|AA. Bibliography#Bloch 08]\]. This compliant solution adopts this approach by adding a private {{card}} field to the {{XCard}} class and providing a {{public}} {{viewCard()}} method.

Code Block
bgColor#ccccff
class XCard {
  private String type;
  private Card card; // Composition

  public XCard(int number, String type) {
    card = new Card(number);
    this.type = type;
  }

  public Card viewCard() {
    return card;
  }

  public boolean equals(Object o) {
    if (!(o instanceof XCard)) {
      return false;
    }

    XCard cp = (XCard)o;
    return cp.card.equals(card) && cp.type.equals(type);
  }

  public static void main(String[] args) {
    XCard p1 = new XCard(1, "type1");
    Card p2 = new Card(1);
    XCard p3 = new XCard(1, "type2");
    XCard p4 = new XCard(1, "type1");
    System.out.println(p1.equals(p2)); // Prints false
    System.out.println(p2.equals(p3)); // Prints false
    System.out.println(p1.equals(p3)); // Prints false
    System.out.println(p1.equals(p4)); // Prints true
  }
}

Noncompliant Code Example (Consistency)

Wiki Markup
A Uniform Resource Locator (URL) specifies both the location of a resource and also a method to access it.  According to the Java API documentation for Class URL \[[API 2006|AA. Bibliography#API 06]\],

...

Code Block
bgColor#FFCCCC
public class Filter {
  public static void main(String[] args) throws MalformedURLException {
    final URL allowed = new URL("http://mailwebsite.com");
    if (!allowed.equals(new URL(args[0]))) {
      throw new SecurityException("Access Denied");
    }
    // Else proceed
  }
}

Compliant Solution (strings)

This compliant solution compares two URLs' string representations, thereby avoiding the pitfalls of URL.equals().

...

This solution still has problems. Two URLs with different string representation can still refer to the same resource. However, the solution fails safe in this case because the equals() contract is preserved, and the system will never allow a malicious URL to be accepted by mistake.

Compliant Solution (URI.equals())

Wiki Markup
A Uniform Resource Identifier (URI) contains a string of characters used to identify a resource; this is a more general concept than an URL. The {{java.net.URI}} class provides string-based {{equals()}} and {{hashCode()}} methods that satisfy the general contracts for {{Object.equals()}} and {{Object.hashCode()}}; they do not invoke hostname resolution and are unaffected by network connectivity. {{URI}} also provides methods for normalization and canonicalization that {{URL}} lacks. Finally, the {{URL.toURI()}} and {{URI.toURL()}} methods provide easy conversion between the two classes. It is recommended to use URIs instead of URLs whenever possible. According to the Java API \[[API 2006|AA. Bibliography#API 06]\] {{URI}} class documentation,

...

Wiki Markup
Additionally, the {{URI}} class also performs normalization (removing extraneous path segments like '..') and relativization of paths \[[API 2006|AA. Bibliography#API 06]\] and \[[Darwin 2004|AA. Bibliography#Darwin 04]\].

Noncompliant Code Example (java.security.Key)

The method java.lang.Object.equals() by default, is unable to compare composite objects such as cryptographic keys. Most Key classes lack an equals() implementation that overrides Object's default implementation. In such cases, the components of the composite object must be compared individually to ensure correctness.

...

Code Block
bgColor#FFCCCC
private static boolean keysEqual(Key key1, Key key2) {
 if (key1.equals(key2)) {
   return true;
 }
}

Compliant Solution (java.security.Key)

Wiki Markup
This compliant solution uses the {{equals()}} method as a first test, then compares the encoded version of the keys to facilitate provider-independent behavior. For example, this code can determine whether a {{RSAPrivateKey}} and {{RSAPrivateCrtKey}} represent equivalent private keys \[[Sun 2006|AA. Bibliography#Sun 06]\].

Code Block
bgColor#ccccff
private static boolean keysEqual(Key key1, Key key2) {
  if (key1.equals(key2)) {
    return true;
  }

  if (Arrays.equals(key1.getEncoded(), key2.getEncoded())) {
    return true;
  }

  // More code for different types of keys here.
  // For example, the following code can check if
  // an RSAPrivateKey and an RSAPrivateCrtKey are equal:
  if ((key1 instanceof RSAPrivateKey) &&
      (key2 instanceof RSAPrivateKey)) {
  
    if ((((RSAKey) key1).getModulus().equals(((RSAKey) key2).getModulus())) &&
       (((RSAPrivateKey) key1).getPrivateExponent().equals(
         ((RSAPrivateKey) key2).getPrivateExponent()))) {
      return true;
    }
  }
  return false;
}

Exceptions

Wiki Markup
*MET12-EX0:* This rule may be violated provided that the incompatible types are never compared.  There are classes in the Java platform libraries (and elsewhere) that extend an instantiable class by adding a value component.  For example, {{java.sql.Timestamp}} extends {{java.util.Date}} and adds a nanoseconds field. The {{equals}} implementation for {{Timestamp}} violates symmetry and can cause erratic behavior if {{Timestamp}} and {{Date}} objects are used in the same collection or are otherwise intermixed \[[Bloch 2008|AA. Bibliography#Bloch 08]\].

Risk Assessment

Violating the general contract when overriding the equals() method can lead to unexpected results.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

MET12-J

low

unlikely

medium

P2

L3

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Bibliography

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="65dfd14dfa9e95fa-ea007804-427244b3-9107b9af-bc8122c085fd60ba3ca129c0"><ac:plain-text-body><![CDATA[

[[API 2006

AA. Bibliography#API 06]]

[method equals()

http://java.sun.com/j2se/1.4.2/docs/api/java/lang/Object.html#equals(java.lang.Object)]

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="543870eeb6d07231-b67a30c0-439a442a-9c579700-ddf300c468e5b64d417ee59a"><ac:plain-text-body><![CDATA[

[[Bloch 2008

AA. Bibliography#Bloch 08]]

Item 8: Obey the general contract when overriding equals

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="5ca9a557ae10e3d1-49108866-4e274580-afb58f6a-c5663c9d1251db8b963e5b4c"><ac:plain-text-body><![CDATA[

[[Darwin 2004

AA. Bibliography#Darwin 04]]

9.2 Overriding the equals method

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="1ea7dc0daf54690d-86bd6efb-492c475a-93ab9bc8-88430694d1c9b79eec27282f"><ac:plain-text-body><![CDATA[

[[Harold 1997

AA. Bibliography#Harold 97]]

Chapter 3: Classes, Strings, and Arrays, The Object Class (equality)

]]></ac:plain-text-body></ac:structured-macro>

...

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="5735cb869da9ddaa-0fad2580-4f0a4ebf-a23ba341-ac42315e8b92859dfbf3a04c"><ac:plain-text-body><![CDATA[

[[Techtalk 2007

AA. Bibliography#Techtalk 07]]

"More Joy of Sets"

]]></ac:plain-text-body></ac:structured-macro>

...