e.bykhanova created DIRSERVER-2398:
--------------------------------------
Summary: FB.ES_COMPARING_STRINGS_WITH_EQ in
../server/core/authz/GroupCache.java
Key: DIRSERVER-2398
URL: https://issues.apache.org/jira/browse/DIRSERVER-2398
Project: Directory ApacheDS
Issue Type: Bug
Affects Versions: 2.0.0.AM26
Reporter: e.bykhanova
Attachments: image-2024-03-08-10-35-42-632.png
The static analyzer has detected FB.ES_COMPARING_STRINGS_WITH_EQ: Comparison of
String objects using == or != in [groupModified(Dn, List, Entry,
SchemaManager)|[https://github.com/apache/directory-server/blob/8c9b56bdcc0703b04b8e2dbdc4f045ed5d83a064/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/GroupCache.java#L394-L438].]
!image-2024-03-08-10-35-42-632.png!
_memberAttr.getOid()_ and _modification.getAttribute().getId()_ are _two
different instances_ of the class, so operator '{*}=='{*} will get
'{*}false'{*} at GroupCache.java:420 even if the string literals are identical.
Operator '{*}=='{*} {_}compares two pointers{_}, but for
_character-by-character comparison_ of strings, it is necessary to use method
{*}equals(){*}.
_To confirm_ or {_}refute the verdict{_}, we consider it necessary to clarify
with the developers if they expect _a comparison of string literals or
pointers_ at GroupCache.java:420.
Found by Linux Verification Center (portal.linuxtesting.ru) with SVACE.
Author E. Bykhanova ([email protected]).
--
This message was sent by Atlassian Jira
(v8.20.10#820010)
---------------------------------------------------------------------
To unsubscribe, e-mail: [email protected]
For additional commands, e-mail: [email protected]
