Assigning instead of Comparing| ID: 481 | Date: (C)2012-05-14 (M)2022-10-10 |
| Type: weakness | Status: DRAFT |
| Abstraction Type: Variant |
Description
The code uses an operator for assignment when the intention was
to perform a comparison.
Extended DescriptionIn many languages the compare statement is very close in appearance to the
assignment statement and are often confused. This bug is generally the
result of a typo and usually causes obvious problems with program execution.
If the comparison is in an if statement, the if statement will usually
evaluate the value of the right-hand side of the predicate.
Likelihood of Exploit: Low
Applicable PlatformsLanguage: CLanguage: C++Language: JavaLanguage: .NET
Time Of Introduction
Common Consequences
| Scope | Technical Impact | Notes |
|---|
| Other | Alter execution
logic | |
Detection MethodsNone
Potential Mitigations
| Phase | Strategy | Description | Effectiveness | Notes |
|---|
| Testing | | Many IDEs and static analysis products will detect this
problem. | | |
| Implementation | | Place constants on the left. If one attempts to assign a constant with
a variable, the compiler will of course produce an error. | | |
Relationships
| Related CWE | Type | View | Chain |
|---|
| CWE-481 ChildOf CWE-885 | Category | CWE-888 | |
Demonstrative Examples (Details)
- In this example, we show how assigning instead of comparing can
impact code when values are being passed by reference instead of by value.
Consider a scenario in which a string is being processed from user input.
Assume the string has already been formatted such that different user inputs
are concatenated with the colon character. When the processString function
is called, the test for the colon character will result in an insertion of
the colon character instead, adding new input separators. Since the string
was passed by reference, the data sentinels will be inserted in the original
string (CWE-464), and further processing of the inputs will be altered,
possibly malformed..
- The following C/C++ and C# examples attempt to validate an int input
parameter against the integer value 100. (Demonstrative Example Id DX-102)
- The following Java example attempts to perform some processing based
on the boolean value of the input parameter. However, the expression to be
evaluated in the if statement uses the assignment operator "=" rather than
the comparison operator "==". As with the previous examples, the variable
will be reassigned locally and the expression in the if statement will
evaluate to true and unintended processing may occur.
White Box Definitions None
Black Box Definitions None
Taxynomy Mappings
| Taxynomy | Id | Name | Fit |
|---|
| CLASP | | Assigning instead of comparing | |
References:
- Mark Dowd John McDonald Justin Schuh .The Art of Software Security Assessment 1st Edition. Addison Wesley. Section:'Chapter 6, "Typos", Page 289.'. Published on 2006.
