Equals method does not inspect argument type¶
ID: java/unchecked-cast-in-equalsKind: problemSecurity severity: Severity: errorPrecision: highTags: - quality - reliability - correctnessQuery suites: - java-security-and-quality.qls
Click to see the query in the CodeQL repository
An implementation ofequals must be able to handle an argument of any type, to avoid failing casts. Therefore, the implementation should inspect the type of its argument to see if the argument can be safely cast to the class in which theequals method is declared.
Recommendation¶
Usually, an implementation ofequals should check the type of its argument usinginstanceof, following the general pattern below.
classA{// ...publicfinalbooleanequals(Objectobj){if(!(objinstanceofA)){returnfalse;}Aa=(A)obj;// ...further checks...}// ...}
Usinginstanceof in this way has the added benefit that it includes a guard against null pointer exceptions: ifobj isnull, the check fails andfalse is returned. Therefore, after the check, it is guaranteed thatobj is notnull, and its fields can be safely accessed.
Whenever you useinstanceof to check the type of the argument, you should declare theequals methodfinal, so that subclasses are unable to cause a violation of the symmetry requirement of theequals contract by further overridingequals.
If you want subclasses to redefine the notion of equality by overridingequals, usegetClass instead ofinstanceof to check the type of the argument. However, note that the use ofgetClass prevents any equality relationship between instances of a class and its subclasses, even when no additional state is added in a subclass.
References¶
J. Bloch,Effective Java (second edition), Item 8. Addison-Wesley, 2008.
Java API Specification:Object.equals().
Java Language Specification:Type Comparison Operator instanceof.