Java defines equality operators == and != and relational operators such as <=,>=,>,<. When it comes to string object reference comparisons, these manifest as traps that even an amateur programmer may unintentionally fall victim to.
...
The mentioned operators seemingly work while dealing with string literals that have constant values (such as in String one = "one" and String two = "two" or when the intern method has been used on both strings to compare pointer references. Note however, that the performance gains achieved by doing so may be meeker than the benefits of having more robust code that also takes non-constant and non-interned values. Moreover, such behavior encourages ambiguity that hinders selection of proper methods for comparing String objects.
References
.
Risk Assessment
Using the equality or realtional operators to compare objects may lead to unexpected results.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
EXP03-J | low | unlikely | medium | P?? | L?? |
Automated Detection
TODO
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
References
| Wiki Markup |
|---|
\[[FindBugs 08|AA. Java References#FindBugs 08]\] ES: Comparison of String objects using == or !=
\[[JLS 05|AA. Java References#JLS 05]\] Section |
JLS
3.10.5 String Literals |