Kingdom: Code Quality
Poor code quality leads to unpredictable behavior. From a user's perspective that often manifests itself as poor usability. For an attacker it provides an opportunity to stress the system in unexpected ways.
Code Correctness: null Argument To Equivalence Method
Abstract
The expression
obj.Equals(null) should always be false.Explanation
The program uses the
Equals() method to compare an object with null. The contract of the Equals() method requires this comparison to always return false.References
[1] Standards Mapping - Common Weakness Enumeration CWE ID 398, CWE ID 754
[2] Standards Mapping - OWASP Application Security Verification Standard 4.0 11.1.7 Business Logic Security Requirements (L2 L3)
[3] Standards Mapping - SANS Top 25 2010 Risky Resource Management - CWE ID 754
desc.structural.dotnet.code_correctness_null_argument_to_equivalence_method
Abstract
The expression
obj.equals(null) will always be false.Explanation
The program uses the
equals() method to compare an object with null. This comparison will always return false, since the object is not null. (If the object is null, the program will throw a NullPointerException).References
[1] JavaDoc for Object Sun Microsystems
[2] Standards Mapping - Common Weakness Enumeration CWE ID 398, CWE ID 754
[3] Standards Mapping - OWASP Application Security Verification Standard 4.0 11.1.7 Business Logic Security Requirements (L2 L3)
[4] Standards Mapping - SANS Top 25 2010 Risky Resource Management - CWE ID 754
desc.structural.java.code_correctness_null_argument_to_equivalence_method