Code Correctness: Erroneous String Compare

Last revision (mm/dd/yy): //

Vulnerabilities Table of Contents

ASDR Table of Contents

Description
Strings should be compared with the equals method, not == or !=.

This program uses == or != to compare two strings for equality, which compares two objects for equality, not their values. Chances are good that the two references will never be equal.

Risk Factors
TBD

Examples
The following branch will never be taken.

if (args[0] == STRING_CONSTANT) { logger.info("miracle"); }

Related Attacks

 * Attack 1
 * Attack 2

Related Vulnerabilities

 * Vulnerability 1
 * Vulnerabiltiy 2

Note: the contents of "Related Problems" sections should be placed here

Related Controls

 * Control 1
 * Control 2

Note: contents of "Avoidance and Mitigation" and "Countermeasure" related Sections should be placed here

Related Technical Impacts

 * Technical Impact 1
 * Technical Impact 2