CWE-597Use of Wrong Operator in String Comparison

PUBLISHEDweakness record
released 2006-12-15 · last modified 2025-12-11

Metadata

CWE ID:
CWE-597
摘要:
Variant
结构:
Simple
状态:
Draft
发布日期:
2006-12-15
更新日期:
2025-12-11

名称

Use of Wrong Operator in String Comparison

描述

The product uses the wrong operator when comparing a string, such as using "==" when the .equals() method should be used instead.

In Java, using == or != to compare two strings for equality actually compares two objects for equality rather than their string values for equality. Chances are good that the two references will never be equal. While this weakness often only affects program correctness, if the equality is used for a security decision, the unintended comparison result could be leveraged to affect program security.

常见后果

范围:
Other
影响:
Other

相关 CWE