CWE-1025 使用错误要素进行比较
Comparison Using Wrong Factors
结构: Simple
Abstraction: Base
状态: Incomplete
被利用可能性: unkown
基本描述
The software performs a comparison between two entities, but the comparison examines the wrong factors or characteristics of the entities, which can lead to incorrect results and resultant weaknesses.
扩展描述
A common example of this weakness occurs when the code inadvertently extracts the reference to an object, instead of its relevant contents.
相关缺陷
-
cwe_Nature: ChildOf cwe_CWE_ID: 697 cwe_View_ID: 1000 cwe_Ordinal: Primary
-
cwe_Nature: ChildOf cwe_CWE_ID: 697 cwe_View_ID: 699 cwe_Ordinal: Primary
适用平台
Language: {'cwe_Class': 'Language-Independent', 'cwe_Prevalence': 'Undetermined'}
常见的影响
| 范围 | 影响 | 注释 |
|---|---|---|
| Other | Varies by Context |
可能的缓解方案
Testing
策略:
Thoroughly test the comparison scheme before deploying code into production. Perform positive testing as well as negative testing.
示例代码
例
In the example below, two Java String objects are declared and initialized with the same string values and an if statement is used to determine if the strings are equivalent.
bad Java
String str2 = new String("Hello");
if (str1 == str2) {
}
However, the if statement will not be executed as the strings are compared using the "==" operator. For Java objects, such as String objects, the "==" operator compares object references, not object values. While the two String objects above contain the same string values, they refer to different object references, so the System.out.println statement will not be executed. To compare object values, the previous code could be modified to use the equals method:
good
}
文章来源于互联网:scap中文网
- 左青龙
- 微信扫一扫
-
- 右白虎
- 微信扫一扫
-
评论