|
Status: Draft Weakness ID: 597 (Weakness Variant)Description Summary The product uses the wrong operator when comparing a string, such as using "==" when the equals() method should be used instead. Extended Description Using == or != to compare two strings for equality actually compares two objects for equality, not their values. Chances are good that the two references will never be equal. Potential Mitigations Implementation Use equals() to compare strings. Demonstrative Examples The following branch will never be taken. if (args[0] == STRING_CONSTANT) { logger.info("miracle"); }
Relationships
Time of Introduction ImplementationContent History Modifications Eric Dalci. Cigital. 2008-07-01. (External) updated Potential_Mitigations, Time_of_Introduction CWE Content Team. MITRE. 2008-09-08. (Internal) updated Description, Relationships CWE Content Team. MITRE. 2008-10-14. (Internal) updated Relationships Previous Entry Names Erroneous String Compare (changed 2008-04-11) |
|
|
|||