Reference equality test on System.Object — CodeQL query help documentation CodeQL docs

CodeQL resources

Reference equality test on System.Object¶

ID: cs/reference-equality-with-object
Kind: problem
Security severity: 
Severity: warning
Precision: medium
Tags:
   - quality
   - reliability
   - correctness
   - external/cwe/cwe-595
Query suites:
   - csharp-security-and-quality.qls

Click to see the query in the CodeQL repository

If one or both operands of a comparison have the compile type System.Object or interface type, a reference comparison will be performed. This is often not what is wanted, especially when the runtime type of one of the operands declares operator==.

It should be noted that an exception is made for comparisons to read-only constants - a reference comparison is more likely to be intentional in such cases.

Recommendation¶

Ensure a reference comparison is really the correct comparison to perform. If it is not then choose a more appropriate comparison. If reference comparison is intended, use ReferenceEquals instead for clarity.

Example¶

In this example the console will output “False” because a reference comparison is performed instead of using the == operator overloaded in AlwaysEqual.

class ObjectComparison
{
    class AlwaysEqual
    {
        public static bool operator ==(AlwaysEqual a, AlwaysEqual b)
        {
            return true;
        }
        public static bool operator !=(AlwaysEqual a, AlwaysEqual b)
        {
            return false;
        }
    }
    public static void Main(string[] args)
    {
        object a = new AlwaysEqual();
        AlwaysEqual b = new AlwaysEqual();
        Console.WriteLine(a == b);
    }
}

References¶

MSDN: == Operator
Common Weakness Enumeration: CWE-595.

© GitHub, Inc.
Terms
Privacy