You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@directory.apache.org by "Emmanuel Lécharny (Jira)" <ji...@apache.org> on 2024/03/31 22:44:00 UTC

[jira] [Resolved] (DIRSERVER-2398) FB.ES_COMPARING_STRINGS_WITH_EQ in ../server/core/authz/GroupCache.java

     [ https://issues.apache.org/jira/browse/DIRSERVER-2398?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]

Emmanuel Lécharny resolved DIRSERVER-2398.
------------------------------------------
    Fix Version/s: 2.0.0.AM28
       Resolution: Fixed

Thanks, good catch again!

Fixed in master.

> FB.ES_COMPARING_STRINGS_WITH_EQ in ../server/core/authz/GroupCache.java
> -----------------------------------------------------------------------
>
>                 Key: DIRSERVER-2398
>                 URL: https://issues.apache.org/jira/browse/DIRSERVER-2398
>             Project: Directory ApacheDS
>          Issue Type: Bug
>    Affects Versions: 2.0.0.AM26
>            Reporter: e.bykhanova
>            Priority: Major
>             Fix For: 2.0.0.AM28
>
>         Attachments: image-2024-03-08-10-35-42-632.png
>
>
> The static analyzer has detected FB.ES_COMPARING_STRINGS_WITH_EQ: Comparison of String objects using == or != in [groupModified(Dn, List, Entry, SchemaManager)|[https://github.com/apache/directory-server/blob/8c9b56bdcc0703b04b8e2dbdc4f045ed5d83a064/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/GroupCache.java#L394-L438].]
>  
> !image-2024-03-08-10-35-42-632.png!
>  
> _memberAttr.getOid()_ and _modification.getAttribute().getId()_ are _two different instances_ of the class, so operator '{*}=='{*} will get '{*}false'{*} at GroupCache.java:420 even if the string literals are identical. Operator '{*}=='{*} {_}compares two pointers{_}, but for _character-by-character comparison_ of strings, it is necessary to use method {*}equals(){*}. 
> _To confirm_ or {_}refute the verdict{_}, we consider it necessary to clarify with the developers if they expect _a comparison of string literals or pointers_ at GroupCache.java:420.
>  
> Found by Linux Verification Center (portal.linuxtesting.ru) with SVACE.
> Author E. Bykhanova (e.bykhanova@fobos-nt.ru).



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

---------------------------------------------------------------------
To unsubscribe, e-mail: dev-unsubscribe@directory.apache.org
For additional commands, e-mail: dev-help@directory.apache.org