SECURITY.CMP

Don't compare classes by name

Description

This rule flags code that compares classes by name.

When you want to compare the classes of two objects to see whether they are the same or whether an object has a particular class, you should be aware that there can be multiple classes with the same name in a JVM. A better way is to compare class objects for equality directly.

Reference

Viaga, J., McGraw,G., Mutsdoch,T, Felten, E.. "Statically Scanning Java Code: Finding Security Vulnerabilities." IEEE Software, September/October 2000.