forked from github/codeql
-
Notifications
You must be signed in to change notification settings - Fork 0
Expand file tree
/
Copy pathRefEqBoxed.ql
More file actions
22 lines (20 loc) · 726 Bytes
/
RefEqBoxed.ql
File metadata and controls
22 lines (20 loc) · 726 Bytes
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
/**
* @name Reference equality test of boxed types
* @description Comparing two boxed primitive values using the == or != operator
* compares object identity, which may not be intended.
* @kind problem
* @problem.severity error
* @precision very-high
* @id java/reference-equality-of-boxed-types
* @tags reliability
* correctness
* quality
* external/cwe/cwe-595
*/
import java
from ReferenceEqualityTest c
where
c.getLeftOperand().getType() instanceof BoxedType and
c.getRightOperand().getType() instanceof BoxedType and
not c.getAnOperand().getType().(RefType).hasQualifiedName("java.lang", "Boolean")
select c, "Suspicious reference comparison of boxed numerical values."