CWE-597 - Use of Wrong Operator in String Comparison
- Abstraction:Variant
- Structure:Simple
- Status:Draft
- Release Date:2006-12-15
- Latest Modification Date:2023-06-29
Weakness Name
Use of Wrong Operator in String Comparison
Description
The product uses the wrong operator when comparing a string, such as using "==" when the .equals() method should be used instead.
In Java, using == or != to compare two strings for equality actually compares two objects for equality rather than their string values for equality. Chances are good that the two references will never be equal. While this weakness often only affects program correctness, if the equality is used for a security decision, the unintended comparison result could be leveraged to affect program security.
Common Consequences
Scope: Other
Impact: Other
Related Weaknesses
CWE-480Use of Incorrect OperatorLow
CWE-595Comparison of Object References Instead of Object Contents