This site is the archived OWASP Foundation Wiki and is no longer accepting Account Requests.
To view the new OWASP Foundation website, please visit https://owasp.org

Difference between revisions of "Code Correctness: null Argument to equals()"

From OWASP
Jump to: navigation, search
 
Line 2: Line 2:
 
{{Template:Fortify}}
 
{{Template:Fortify}}
  
==Abstract==
+
Last revision (mm/dd/yy): '''{{REVISIONMONTH}}/{{REVISIONDAY}}/{{REVISIONYEAR}}'''
 +
 
 +
[[ASDR_TOC_Vulnerabilities|Vulnerabilities Table of Contents]]
 +
 
 +
[[ASDR Table of Contents]]
 +
__TOC__
  
The expression obj.equals(null) should always be false.
 
  
 
==Description==
 
==Description==
 +
The expression obj.equals(null) should always be false.
  
 
The program uses the equals() method to compare an object with null. The contract of the equals() method requires this comparison to always return false[1].
 
The program uses the equals() method to compare an object with null. The contract of the equals() method requires this comparison to always return false[1].
 +
 +
==Risk Factors==
 +
TBD
  
 
==Examples ==
 
==Examples ==
 +
TBD
 +
 +
==Related [[Attacks]]==
 +
 +
* [[Attack 1]]
 +
* [[Attack 2]]
 +
 +
 +
==Related [[Vulnerabilities]]==
 +
 +
* [[Vulnerability 1]]
 +
* [[Vulnerabiltiy 2]]
 +
 +
 +
==Related [[Controls]]==
 +
 +
* [[Control 1]]
 +
* [[Control 2]]
 +
 +
 +
==Related [[Technical Impacts]]==
 +
 +
* [[Technical Impact 1]]
 +
* [[Technical Impact 2]]
 +
 +
 +
==References==
 +
* Sun JavaDoc for Object. http://java.sun.com/j2se/1.4.2/docs/api/java/lang/Object.html#equals(java.lang.Object)
 +
 +
[[Category:FIXME|add links
 +
 +
In addition, one should classify vulnerability based on the following subcategories: Ex:<nowiki>[[Category:Error Handling Vulnerability]]</nowiki>
 +
 +
Availability Vulnerability
 +
 +
Authorization Vulnerability
 +
 +
Authentication Vulnerability
 +
 +
Concurrency Vulnerability
  
==Related Threats==
+
Configuration Vulnerability
  
==Related Attacks==
+
Cryptographic Vulnerability
  
==Related Vulnerabilities==
+
Encoding Vulnerability
  
==Related Countermeasures==
+
Error Handling Vulnerability
  
==Reference==
+
Input Validation Vulnerability
  
[1] Sun JavaDoc for Object. http://java.sun.com/j2se/1.4.2/docs/api/java/lang/Object.html#equals(java.lang.Object)
+
Logging and Auditing Vulnerability
  
==Categories==
+
Session Management Vulnerability]]
  
 +
__NOTOC__
 +
 +
 +
[[Category:OWASP ASDR Project]]
 
[[Category:Code Quality Vulnerability]]
 
[[Category:Code Quality Vulnerability]]
 
 
[[Category:Implementation]]
 
[[Category:Implementation]]
 
 
[[Category:Java]]
 
[[Category:Java]]

Revision as of 11:54, 23 September 2008

This is a Vulnerability. To view all vulnerabilities, please see the Vulnerability Category page.

This article includes content generously donated to OWASP by MicroFocus Logo.png

Last revision (mm/dd/yy): 09/23/2008

Vulnerabilities Table of Contents

ASDR Table of Contents


Description

The expression obj.equals(null) should always be false.

The program uses the equals() method to compare an object with null. The contract of the equals() method requires this comparison to always return false[1].

Risk Factors

TBD

Examples

TBD

Related Attacks


Related Vulnerabilities


Related Controls


Related Technical Impacts


References