VariantIncomplete

CWE-595Comparison of Object References Instead of Object Contents

Category: other

Description

The product compares object references instead of the contents of the objects themselves, preventing it from detecting equivalent objects. For example, in Java, comparing objects using == usually produces deceptive results, since the == operator compares object references rather than values; often, this means that using == for strings is actually comparing the strings' references, not their values.

Common consequences· 1

  • Other — Varies by Context
    This weakness can lead to erroneous results that can cause unexpected application behaviors.

Potential mitigations· 1

  • [Implementation]In Java, use the equals() method to compare objects instead of the == operator. If using ==, it is important for performance reasons that your objects are created by a static factory, not by a constructor.

References

  1. https://cwe.mitre.org/data/definitions/595.html

Related by meaning· 6

Nearest entities by semantic similarity across the cs-graph corpus.

CWE
Use of Wrong Operator in String Comparison
CWE
Object Model Violation: Just One of Equals and Hashcode Defined
CWE
Comparing instead of Assigning
CWE
Assigning instead of Comparing
CWE
Comparison Using Wrong Factors
CWE
Untrusted Pointer Dereference
Sourced from MITRE CWE 4.20. Curated for EU compliance use cases by Adam Lundqvist, Founder at SQUR.