Object Model Violation: Just One of equals() and hashCode() Defined

From OWASP
Revision as of 13:04, 18 July 2006 by Weilin Zhong (Talk | contribs)

Jump to: navigation, search
This article includes content generously donated to OWASP by Fortify.JPG.

This is a Vulnerability. To view all vulnerabilities, please see the Vulnerability Category page.


Abstract

This class overrides only one of equals() and hashCode().

Description

Java objects are expected to obey a number of invariants related to equality. One of these invariants is that equal objects must have equal hashcodes. In other words, if a.equals(b) == true then a.hashCode() == b.hashCode().

Failure to uphold this invariant is likely to cause trouble if objects of this class are stored in a collection. If the objects of the class in question are used as a key in a Hashtable or if they are inserted into a Map or Set, it is critical that equal objects have equal hashcodes.

Examples

The following class overrides equals() but not hashCode().

 public class halfway() {
   public boolean equals(Object obj) {
 	...
   }
 }

Related Threats

Related Attacks

Category:API Abuse Attack

Related Vulnerabilities

Related Countermeasures

Categories