This repository has been archived by the owner on Jan 12, 2019. It is now read-only.
Flaw detected by Veracode static scan #219
Comments
Sign up for free
to subscribe to this conversation on GitHub.
Already have an account?
Sign in.
General information
The following flaw is detected by a Veracode static scan:
Severity: Low
Exploitability: Unlikely
Use of Wrong Operator in String Comparison
OverlayView.java: 358
Attack Vector: span.neq
Description: Using '!=' to compare two strings for inequality actually compares the object references rather than their values. It is unlikely that this reflects the intended application logic.
Remediation: Use the equals() method to compare strings, not the '!=' operator.
Issue description
Change OverlayView.java line 353 to:
if (scanInstructions != null && !scanInstructions.equals("")) {
(instead of scanInstructions != "")
I tried pushing the code changes to a separate branch in order to do a PR, but kept getting 403 permission denied errors.
The text was updated successfully, but these errors were encountered: