|
|
Status: Incomplete Weakness ID: 595 (Weakness Base)Description Summary The program compares object references instead of the contents of the objects themselves, preventing it from detecting equivalent objects. Potential Mitigations Use the equals() method to compare objects instead of the == operator. If using ==, it is important for performance reasons that your objects are created by a static factory, not by a constructor. Demonstrative Examples In the following example, two Truck objects are compared using the == operator (incorrect) as opposed to calling the equals() method (correct). Java Example: public boolean compareTrucks(Truck a, Truck b) { return a == b; }
Other Notes This problem can cause unexpected application behavior. Comparing objects using == usually produces deceptive results, since the == operator compares object references rather than values. To use == on a string, the programmer has to make sure that these objects are unique in the program, that is, that they don't have the equals method defined or have a static factory that produces unique objects. Relationships
Time of Introduction  ImplementationContent History Modifications Sean Eidemiller. Cigital. 2008-07-01. (External) added/updated demonstrative examples Eric Dalci. Cigital. 2008-07-01. (External) updated Time_of_Introduction CWE Content Team. MITRE. 2008-09-08. (Internal) updated Description, Relationships, Other_Notes Previous Entry Names Incorrect Object Comparison: Syntactic (changed 2008-04-11) |
|
|
|||
