-
Notifications
You must be signed in to change notification settings - Fork 2k
Expand file tree
/
Copy pathObjectComparison.ql
More file actions
41 lines (37 loc) · 1.48 KB
/
ObjectComparison.ql
File metadata and controls
41 lines (37 loc) · 1.48 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
/**
* @name Reference equality test on java.lang.Object
* @description Reference comparisons (== or !=) with operands where the static type is 'Object' may
* not work as intended.
* @kind problem
* @problem.severity warning
* @precision low
* @id java/reference-equality-with-object
* @tags reliability
* correctness
* external/cwe/cwe-595
*/
import semmle.code.java.Member
import semmle.code.java.JDK
/** An expression that accesses a field declared `final`. */
class FinalFieldAccess extends VarAccess {
FinalFieldAccess() { this.getVariable().(Field).isFinal() }
}
class ReferenceEqualityTestOnObject extends ReferenceEqualityTest {
ReferenceEqualityTestOnObject() {
this.getLeftOperand().getType() instanceof TypeObject and
this.getRightOperand().getType() instanceof TypeObject and
not this.getLeftOperand() instanceof FinalFieldAccess and
not this.getRightOperand() instanceof FinalFieldAccess
}
}
from ReferenceEqualityTestOnObject scw
where
not exists(Variable left, Variable right, MethodCall equals |
left = scw.getLeftOperand().(VarAccess).getVariable() and
right = scw.getRightOperand().(VarAccess).getVariable() and
scw.getEnclosingCallable() = equals.getEnclosingCallable() and
equals.getMethod() instanceof EqualsMethod and
equals.getQualifier().(VarAccess).getVariable() = left and
equals.getAnArgument().(VarAccess).getVariable() = right
)
select scw, "Avoid reference equality for java.lang.Object comparisons."