CMP.OBJThis warning appears if object references are compared rather than the objects themselves. An error is reported only if the compared objects have different types, and none of them has the explicit Object type. Vulnerability and riskThis problem can cause unexpected application behavior. Comparing objects using == usually produces deceptive results, since the == operator compares object references rather than their values. To use == on a string, the programmer has to make sure that these objects are unique in the program, that is, that they don't have the equals method defined, or they have a static factory that produces unique objects. Mitigation and preventionUse the equals() method to compare objects instead of the == operator. If using ==, it is important for performance reasons that your objects are created by a static factory, not by a constructor. Example 1
9 /**
10 * Check that person is John 25 miner
11 */
12 Proffesional john = new Proffesional("John", 25, "miner");
13 public boolean checkJohn(Person p) {
14 return p == john;
15 }
CMP.OBJ is reported for line 14: Comparing objects 'p' and 'john' with == Security guidelines |