Object Model Violation: Just One of equals() and hashCode() Defined
From OWASP
This is a Vulnerability. To view all vulnerabilities, please see the Vulnerability Category page.
- This article includes content generously donated to OWASP by
.
Last revision (mm/dd/yy): 2/21/2009
Vulnerabilities Table of Contents
Description
This class overrides only one of equals() and hashCode().
Java objects are expected to obey a number of invariants related to equality. One of these invariants is that equal objects must have equal hashcodes. In other words, if a.equals(b) == true then a.hashCode() == b.hashCode().
Failure to uphold this invariant is likely to cause trouble if objects of this class are stored in a collection. If the objects of the class in question are used as a key in a Hashtable or if they are inserted into a Map or Set, it is critical that equal objects have equal hashcodes.
Risk Factors
- Talk about the factors that make this vulnerability likely or unlikely to actually happen
- Discuss the technical impact of a successful exploit of this vulnerability
- Consider the likely [business impacts] of a successful attack
Examples
The following class overrides equals() but not hashCode().
public class halfway() {
public boolean equals(Object obj) {
...
}
}
Related Attacks
Related Vulnerabilities
Related Controls
Related Technical Impacts
References
Note: A reference to related CWE or CAPEC article should be added when exists. Eg:
