The analyzer has detected class comparison by name. Such comparison is considered incorrect since, as stated by the JVM specification, classes have unique names only inside a package.
In addition to logical errors, such code may sometimes get exposed to various vulnerabilities due to unknown behavior of an untrusted class.
Consider the following example:
if (obj.getClass().getSimpleName().equals("Plane"))
{
....
}This code should be rewritten as follows:
if(obj.getClass().equals(ArrayList.class))
{
....
}or:
if (obj instanceof Plane)
{
....
}or:
if (obj.getClass().isAssignableFrom(Plane.class))
{
....
}This diagnostic is classified as:
|
You can look at examples of errors detected by the V6054 diagnostic. |