16f6c0aecf
Inline adoc files when they are included exactly once. Also fix language tags because this inlining gives us better information on what language the code is written in.
47 lines
1.5 KiB
Plaintext
47 lines
1.5 KiB
Plaintext
== Why is this an issue?
|
|
|
|
It's almost always a mistake to compare two instances of ``++java.lang.String++`` or boxed types like ``++java.lang.Integer++`` using reference equality ``++==++`` or ``++!=++``, because it is not comparing actual value but locations in memory.
|
|
|
|
|
|
=== Noncompliant code example
|
|
|
|
[source,java]
|
|
----
|
|
String firstName = getFirstName(); // String overrides equals
|
|
String lastName = getLastName();
|
|
|
|
if (firstName == lastName) { ... }; // Non-compliant; false even if the strings have the same value
|
|
----
|
|
|
|
|
|
=== Compliant solution
|
|
|
|
[source,java]
|
|
----
|
|
String firstName = getFirstName();
|
|
String lastName = getLastName();
|
|
|
|
if (firstName != null && firstName.equals(lastName)) { ... };
|
|
----
|
|
|
|
|
|
== Resources
|
|
|
|
* https://cwe.mitre.org/data/definitions/595[MITRE, CWE-595] - Comparison of Object References Instead of Object Contents
|
|
* https://cwe.mitre.org/data/definitions/597[MITRE, CWE-597] - Use of Wrong Operator in String Comparison
|
|
* https://wiki.sei.cmu.edu/confluence/x/UjdGBQ[CERT, EXP03-J.] - Do not use the equality operators when comparing values of boxed primitives
|
|
* https://wiki.sei.cmu.edu/confluence/x/yDdGBQ[CERT, EXP50-J.] - Do not confuse abstract object equality with reference equality
|
|
|
|
|
|
ifdef::env-github,rspecator-view[]
|
|
'''
|
|
== Comments And Links
|
|
(visible only on this page)
|
|
|
|
=== relates to: S1698
|
|
|
|
=== on 31 Oct 2018, 17:41:57 Tibor Blenessy wrote:
|
|
RSPEC-1698 has to exclude ``++java.lang.String++`` and boxed types to not raise duplicate issues
|
|
|
|
endif::env-github,rspecator-view[]
|