Comparison Using Wrong Factors
This weakness occurs when a program compares two items but checks the wrong properties or attributes. This flawed comparison leads to incorrect decisions, creating security and logic errors.
At its core, this bug happens because the comparison logic doesn't align with the developer's actual intent. For instance, you might intend to compare the data inside two objects, but the code accidentally compares their memory addresses instead. This causes two objects with identical content to be seen as different, breaking the program's expected flow. To prevent this, always verify that your comparison operators or custom equality methods are evaluating the correct, relevant characteristics. In object-oriented languages, this often means overriding the standard equality method to compare internal state, not object references. For primitive data, ensure you're not mistakenly comparing metadata (like string lengths as a proxy for content) instead of the values themselves.
Impact: Varies by Context
ID : DX-60
In the example below, two Java String objects are declared and initialized with the same string values. An if statement is used to determine if the strings are equivalent.Code Example:
javaCode Example:
java