Use of Wrong Operator in String Comparison
Weakness ID: 597 (Weakness Variant)Status: Draft
+ Description

Description Summary

The product uses the wrong operator when comparing a string, such as using "==" when the equals() method should be used instead.

Extended Description

Using == or != to compare two strings for equality actually compares two objects for equality, not their values. Chances are good that the two references will never be equal.

+ Time of Introduction
  • Implementation
+ Demonstrative Examples

Example 1

The following branch will never be taken.

(Bad Code)
Example Language: Java 
if (args[0] == STRING_CONSTANT) {
logger.info("miracle");
}
+ Potential Mitigations

Phase: Implementation

Use equals() to compare strings.

+ Relationships
NatureTypeIDNameView(s) this relationship pertains toView(s)
ChildOfCategoryCategory133String Errors
Development Concepts699
ChildOfWeakness BaseWeakness Base480Use of Incorrect Operator
Development Concepts699
Research Concepts1000
ChildOfWeakness BaseWeakness Base595Comparison of Object References Instead of Object Contents
Development Concepts (primary)699
Research Concepts (primary)1000
+ Content History
Modifications
Modification DateModifierOrganizationSource
2008-07-01Eric DalciCigitalExternal
updated Potential Mitigations, Time of Introduction
2008-09-08CWE Content TeamMITREInternal
updated Description, Relationships
2008-10-14CWE Content TeamMITREInternal
updated Relationships
2009-05-27CWE Content TeamMITREInternal
updated Demonstrative Examples
Previous Entry Names
Change DatePrevious Entry Name
2008-04-11Erroneous String Compare
Back to top