Comparison of Object References Instead of Object Contents
CWE-595
Per technology (GHSA, All time)
100%-Go
Short description
The product compares object references instead of the contents of the objects themselves, preventing it from detecting equivalent objects.
Extended description
For example, in Java, comparing objects using == usually produces deceptive results, since the == operator compares object references rather than values; often, this means that using == for strings is actually comparing the strings' references, not their values.
Best practices to prevent this CWE
Phase: Implementation
In Java, use the equals() method to compare objects instead of the == operator. If using ==, it is important for performance reasons that your objects are created by a static factory, not by a constructor.