Comparison of Object References Instead of Object Contents| ID: 595 | Date: (C)2012-05-14 (M)2022-10-10 |
| Type: weakness | Status: INCOMPLETE |
| Abstraction Type: Base |
Description
The program compares object references instead of the contents
of the objects themselves, preventing it from detecting equivalent
objects.
Applicable PlatformsNone
Time Of Introduction
Common Consequences
| Scope | Technical Impact | Notes |
|---|
| Other | Other | This weakness can lead to erroneous results that can cause unexpected
application behaviors. |
Detection MethodsNone
Potential Mitigations
| Phase | Strategy | Description | Effectiveness | Notes |
|---|
| Implementation | | Use the equals() method to compare objects instead of the == operator.
If using ==, it is important for performance reasons that your objects
are created by a static factory, not by a constructor. | | |
Relationships
| Related CWE | Type | View | Chain |
|---|
| CWE-595 ChildOf CWE-907 | Category | CWE-888 | |
Demonstrative Examples (Details)
- In the example below, two Java String objects are declared and
initialized with the same string values and an if statement is used to
determine if the strings are equivalent. (Demonstrative Example Id DX-60)
- In the following Java example, two BankAccount objects are compared
in the isSameAccount method using the == operator.
White Box Definitions None
Black Box Definitions None
Taxynomy Mappings
| Taxynomy | Id | Name | Fit |
|---|
| CERT Java Secure Coding | EXP02-J | Use the two-argument Arrays.equals() method to compare the
contents of arrays | |
| CERT Java Secure Coding | EXP02-J | Use the two-argument Arrays.equals() method to compare the
contents of arrays | |
| CERT Java Secure Coding | EXP03-J | Do not use the equality operators when comparing values of
boxed primitives | |
References:None
