Our website uses cookies to enhance your browsing experience.

Accept

Home

>

Documentation

>

Warnings

>

V6054. Classes should not be...

Introduction

How to enter the PVS-Studio license and what's the next move

PVS-Studio's trial mode

System requirements

Technologies used in PVS-Studio

Release history

Release history for previous versions (before 7.00)

Analyzing projects

On Windows

Getting acquainted with the PVS-Studio static code analyzer on Windows

Build-system independent analysis (C and C++)

Direct integration of the analyzer into build automation systems (C and C++)

On Linux and macOS

PVS-Studio C# installation on Linux and macOS

How to run PVS-Studio C# on Linux and macOS

Installing and updating PVS-Studio C++ on Linux

Installing and updating PVS-Studio C++ on macOS

How to run PVS-Studio C++ on Linux and macOS

Cross-platform

Direct use of Java analyzer from command line

Cross-platform analysis of C and C++ projects in PVS-Studio

PVS-Studio for embedded development

Analysis of C and C++ projects based on JSON Compilation Database

IDE

Get started with PVS-Studio in Visual Studio

Using PVS-Studio with JetBrains Rider and CLion

How to use the PVS-Studio extension for Qt Creator

How to integrate PVS-Studio in Qt Creator without the PVS-Studio plugin

Using the PVS-Studio extension for Visual Studio Code

Using PVS-Studio with IntelliJ IDEA and Android Studio

Build systems

Analyzing Visual Studio / MSBuild / .NET projects from the command line using PVS-Studio

Using PVS-Studio with the CMake module

Integrating PVS-Studio Java into the Gradle build system

Integrating PVS-Studio Java into the Maven build system

Game Engines

How to analyze Unity projects with PVS-Studio

Analysis of Unreal Engine projects

Continuous use of the analyzer in software development

Running PVS-Studio in Docker

Running PVS-Studio in Jenkins

Running PVS-Studio in TeamCity

How to upload analysis results to Jira

PVS-Studio and continuous integration

PVS-Studio's incremental analysis mode

Analyzing commits and pull requests

Unattended deployment of PVS-Studio

Speeding up the analysis of C and C++ code through distributed build systems (Incredibuild)

Integrating of PVS-Studio analysis results in code quality services (web dashboard)

Integration of PVS-Studio analysis results into DefectDojo

Integration of PVS-Studio analysis results into SonarQube

Integration of PVS-Studio analysis results into CodeChecker

Deploying the analyzer in cloud Continuous Integration services

Using with Travis CI

Using with CircleCI

Using with GitLab CI/CD

Using with GitHub Actions

Using with Azure DevOps

Using with AppVeyor

Using with Buddy

Managing analysis results

How to display the analyzer's most interesting warnings

How to use the OWASP diagnostic group in PVS-Studio

MISRA Coding Standards and Compliance

Baselining analysis results (suppressing warnings for existing code)

Handling the diagnostic messages list in Visual Studio

Suppression of false-positive warnings

How to view and convert analyzer's results

Relative paths in PVS-Studio log files

Viewing analysis results with C and C++ Compiler Monitoring UI

Notifying the developer teams (blame-notifier utility)

Filtering and handling the analyzer output through diagnostic configuration files (.pvsconfig)

Excluding files and directories from analysis

Additional configuration and resolving issues

Tips on speeding up PVS-Studio

PVS-Studio: troubleshooting

Additional diagnostics configuration

User annotation mechanism in JSON format

Annotating C and C++ entities in JSON format

Annotating C# entities in JSON format

Annotating Java entities in JSON format

Predefined PVS_STUDIO macro

Analysis configuration file (Settings.xml)

Settings: general

Settings: Common Analyzer Settings

Settings: Detectable Errors

Settings: Don't Check Files

Settings: Keyword Message Filtering

Settings: Registration

Settings: Specific Analyzer Settings

Analyzer diagnostics

PVS-Studio Messages

General Analysis (C++)

General Analysis (C#)

General Analysis (Java)

Micro-Optimizations (C++)

Micro-Optimizations (C#)

Diagnosis of 64-bit errors (Viva64, C++)

Customer specific requests (C++)

MISRA errors

AUTOSAR errors

OWASP errors (C++)

OWASP errors (C#)

OWASP errors (Java)

Problems related to code analyzer

Additional information

Credits and acknowledgements

Jul 25 2018

V6054. Classes should not be compared by their name.

Jul 25 2018

The analyzer has detected class comparison by name. Such comparison is considered incorrect since, as stated by the JVM specification, classes have unique names only inside a package.

In addition to logical errors, such code may sometimes get exposed to various vulnerabilities due to unknown behavior of an untrusted class.

Consider the following example:

if (obj.getClass().getSimpleName().equals("Plane"))
{
  ....
}

This code should be rewritten as follows:

if(obj.getClass().equals(ArrayList.class))
{
  ....
}

or:

if (obj instanceof Plane)
{
  ....
}

or:

if (obj.getClass().isAssignableFrom(Plane.class))
{
  ....
}

This diagnostic is classified as:

CWE-486 CERT-OBJ09-J

You can look at examples of errors detected by the V6054 diagnostic.

Was this page helpful?

If you can’t find an answer to your question, fill in the form below and our developers will contact you

By clicking this button you agree to our Privacy Policy statement

Want to try PVS‑Studio for free?