Kingdom: Code Quality
Poor code quality leads to unpredictable behavior. From a user's perspective that often manifests itself as poor usability. For an attacker it provides an opportunity to stress the system in unexpected ways.
Code Correctness: String Comparison of Float
Abstract
Comparing a floating-point value with a
String object is unreliable and should not be done.Explanation
In order to compare a floating-point value to a
Example 1: The following compares a floating-point variable with a
String object, it must first be changed into a String object, typically via a function such as Double.toString(). Depending on the type and value of the floating-point variable, when converted to a String object, it could be "NaN", "Infinity", "-Infinity", have a certain amount of trailing decimal places containing zeroes, or may contain an exponent field. If converted to a hexadecimal String, the representation may differ greatly as well.Example 1: The following compares a floating-point variable with a
String.
...
int initialNum = 1;
...
String resultString = Double.valueOf(initialNum/10000.0).toString();
if (s.equals("0.0001")){
//do something
...
}
...
References
[1] NUM11-J. Do not compare or inspect the string representation of floating-point values CERT
[2] Standards Mapping - Common Weakness Enumeration CWE ID 398
desc.dataflow.java.code_correctness_string_comparison_of_float