2020-06-30 12:47:33 +02:00
There is no requirement that class names be unique, only that they be unique within a package. Therefore trying to determine an object's type based on its class name is an exercise fraught with danger. One of those dangers is that a malicious user will send objects of the same name as the trusted class and thereby gain trusted access.
2021-02-02 15:02:10 +01:00
2021-01-27 13:42:22 +01:00
Instead, the ``++instanceof++`` operator or the ``++Class.isAssignableFrom()++`` method should be used to check the object's underlying type.
2020-06-30 12:47:33 +02:00
== Noncompliant Code Example
----
package computer;
class Pear extends Laptop { ... }
package food;
class Pear extends Fruit { ... }
class Store {
public boolean hasSellByDate(Object item) {
if ("Pear".equals(item.getClass().getSimpleName())) { // Noncompliant
return true; // Results in throwing away week-old computers
}
return false;
}
public boolean isList(Class<T> valueClass) {
if (List.class.getName().equals(valueClass.getName())) { // Noncompliant
return true;
}
return false;
}
}
----
== Compliant Solution
----
class Store {
public boolean hasSellByDate(Object item) {
if (item instanceof food.Pear) {
return true;
}
return false;
}
public boolean isList(Class<T> valueClass) {
if (valueClass.isAssignableFrom(List.class)) {
return true;
}
return false;
}
}
----
include::../see.adoc[]
