Code Correctness: Erroneous String Compare

From OWASP

This page was marked to be reviewed for deletion.

#REDIRECT Failure to follow guideline/specification

Last revision (mm/dd/yy): 5/27/2009

Contents 1 Description 2 Risk Factors 3 Examples 4 Related Attacks 5 Related Vulnerabilities 6 Related Controls 7 Related Technical Impacts 8 References

Description

Strings should be compared with the equals() method, not == or !=.

This program uses == or != to compare two strings for equality, which compares two objects for equality, not their values. Chances are good that the two references will never be equal.

Risk Factors

TBD

Examples

The following branch will never be taken.

	  if (args[0] == STRING_CONSTANT) {
		  logger.info("miracle");
	  }

Related Attacks

• Attack 1
• Attack 2

Related Vulnerabilities

• Vulnerability 1
• Vulnerabiltiy 2

Related Controls

• Control 1
• Control 2

Related Technical Impacts

• Technical Impact 1
• Technical Impact 2

References

Note: A reference to related CWE or CAPEC article should be added when exists. Eg:

• CWE 79.
• http://www.link1.com
• Title for the link2