How to fix a Veracode warning: "Use of Wrong Operator in String Comparison (CWE ID 597)"

Question

Following a Veracode static scan, there is a warning of "Use of Wrong Operator in String Comparison (CWE ID 597)"

For the following code:

if (uid != null && uid != "") {
    // LOG.info("Inside deleteUser of Active directory");
    // HearsayLogger.message(HearsayLogger.TYPE_INFO, CLASSNAME, METHODNAME, "Inside deleteUser of Active directory");
}

How can I fix the warning?

score 1 · Answer 1 · answered Apr 15 '15 at 11:40

As described in the error message, this means that the wrong operator is used for a string comparison!

CWE-597 gives you more information about the error and what to do. All of the Veracode warnings have a similar page that explain what is happening and why.

For this - I think you should be using:

if (uid != null && !uid.equals(""))

The reason: "For Java objects, such as String objects, the "==" and "!=" operators compare object references, not object values."

How to fix a Veracode warning: "Use of Wrong Operator in String Comparison (CWE ID 597)"

1 Answers1