logo

Persistent Storable Data Element without Associated Comparison Control Element

Incomplete Base
Structure: Simple
Description

This weakness occurs when a persistent data object lacks the necessary methods to be properly compared, which can lead to inconsistent or incorrect behavior when the system checks for equality or manages collections.

Extended Description

For reliable operation, objects designed for long-term storage (like those saved to a database or cached) must have explicit comparison logic. In Java, for instance, a persistent class requires both an `equals()` method to define what makes two instances identical and a `hashCode()` method to ensure consistent behavior in hash-based collections like `HashMap` or `HashSet`. Without these, the object's comparisons become unreliable. This inconsistency can cause subtle bugs, such as duplicate entries in a set, failed lookups, or corrupted data structures, degrading the application's reliability. If an attacker can trigger or exploit this flawed comparison logic, these reliability issues may escalate into security vulnerabilities, such as data corruption, denial of service, or unexpected access control bypasses.
Common Consequences 1
Scope: Other

Impact: Reduce Reliability
References 1
Automated Source Code Reliability Measure (ASCRM)
Object Management Group (OMG)
01-2016
http://www.omg.org/spec/ASCRM/1.0/
ID: REF-961
Related Weaknesses
ChildOf: Insufficient Adherence to Expected Conventions (CWE-1076)
ChildOf: Comparison of Object References Instead of Object Contents (CWE-595)
Taxonomy Mapping
  • OMG ASCRM