Implicit conversion from array to string¶
ID: java/print-arrayKind: problemSecurity severity: Severity: recommendationPrecision: very-highTags: - quality - reliability - correctnessQuery suites: - java-security-and-quality.qls
Click to see the query in the CodeQL repository
Printing an array is likely to produce unintended results. That is, the result does not contain the contents of the array. This is because the array is implicitly converted to aString usingObject.toString, which just returns the following value:
getClass().getName()+'@'+Integer.toHexString(hashCode())
Recommendation¶
When converting an array to a readable string, useArrays.toString for one-dimensional arrays, orArrays.deepToString for multi-dimensional arrays. These functions iterate over the contents of the array and produce human-readable output.
Example¶
In the following example, the contents of the arraywords are printed out only ifArrays.toString is called on the array first. Similarly, the contents of the multi-dimensional arraywordMatrix are printed out only ifArrays.deepToString is called on the array first.
publicstaticvoidmain(Stringargs[]){String[]words={"Who","is","John","Galt"};String[][]wordMatrix={{"There","is"},{"no","spoon"}};// BAD: This implicitly uses 'Object.toString' to convert the contents// of 'words[]', and prints out something similar to:// [Ljava.lang.String;@459189e1System.out.println(words);// GOOD: 'Arrays.toString' calls 'toString' on// each of the array's elements. The statement prints out:// [Who, is, John, Galt]System.out.println(Arrays.toString(words));// ALMOST RIGHT: This calls 'toString' on each of the multi-dimensional// array's elements. However, because the elements are arrays, the statement// prints out something similar to:// [[Ljava.lang.String;@55f33675, [Ljava.lang.String;@527c6768]]System.out.println(Arrays.toString(wordMatrix));// GOOD: This properly prints out the contents of the multi-dimensional array:// [[There, is], [no, spoon]]System.out.println(Arrays.deepToString(wordMatrix));}
References¶
Java API Specification:Arrays.toString(),Arrays.deepToString(),Object.toString().