Comprehensive Categorization: Comparison

The product compares classes by name, which can cause it to use the wrong class when multiple classes can have the same name.

The product performs a comparison between two entities, but the entities are of different, incompatible types that cannot be guaranteed to provide correct results when...

The product compares object references instead of the contents of the objects themselves, preventing it from detecting equivalent objects.

The code performs a comparison between two entities, but the comparison examines the wrong factors or characteristics of the entities, which can lead to incorrect resu...

The code performs a comparison such as an equality test between two float (floating point) values, but it uses comparison operators that do not account...

The product performs a comparison between entities that must consider multiple factors or characteristics of each entity, but the comparison does not include one or mo...

The product compares two entities in a security-relevant context, but the comparison is incorrect, which may lead to resultant weaknesses.

The product specifies a regular expression in a way that causes data to be improperly matched or compared.

The code does not have a default case in an expression with multiple conditions, such as a switch statement.

The product checks a value to ensure that it is less than or equal to a maximum, but it does not also verify that the value is greater than or equal to the minimum.

A regular expression is overly restrictive, which prevents dangerous values from being detected.

The product performs a comparison that only examines a portion of a factor before determining whether there is a match, such as a substring, leading to resultant weakn...

The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are explicitly allowed by policy because the inputs are as...

The product uses a regular expression that does not sufficiently restrict the set of allowed values.

The product uses a regular expression to perform neutralization, but the regular expression is not anchored and may allow malicious or malformed data to slip through.

The product uses the wrong operator when comparing a string, such as using "==" when the .equals() method should be used instead.

This view organizes weaknesses around categories that are of interest to large-scale software assurance research to support the elimination of weaknesses using ta...