[jira] [Commented] (DIRSERVER-2398) FB.ES_COMPARING_STRINGS_WITH_EQ in ../server/core/authz/GroupCache.java

2024-03-07 Thread e.bykhanova (Jira) 


[ 
https://issues.apache.org/jira/browse/DIRSERVER-2398?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel=17824647#comment-17824647
 ] 

e.bykhanova commented on DIRSERVER-2398:


Link to the source code of the function groupModified(Dn, List, Entry, 
SchemaManager):

https://github.com/apache/directory-server/blob/8c9b56bdcc0703b04b8e2dbdc4f045ed5d83a064/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/GroupCache.java#L394-L438

> FB.ES_COMPARING_STRINGS_WITH_EQ in ../server/core/authz/GroupCache.java
> ---
>
> Key: DIRSERVER-2398
> URL: https://issues.apache.org/jira/browse/DIRSERVER-2398
> Project: Directory ApacheDS
>  Issue Type: Bug
>Affects Versions: 2.0.0.AM26
>Reporter: e.bykhanova
>Priority: Major
> Attachments: image-2024-03-08-10-35-42-632.png
>
>
> The static analyzer has detected FB.ES_COMPARING_STRINGS_WITH_EQ: Comparison 
> of String objects using == or != in [groupModified(Dn, List, Entry, 
> SchemaManager)|[https://github.com/apache/directory-server/blob/8c9b56bdcc0703b04b8e2dbdc4f045ed5d83a064/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/GroupCache.java#L394-L438].]
>  
> !image-2024-03-08-10-35-42-632.png!
>  
> _memberAttr.getOid()_ and _modification.getAttribute().getId()_ are _two 
> different instances_ of the class, so operator '{*}=='{*} will get 
> '{*}false'{*} at GroupCache.java:420 even if the string literals are 
> identical. Operator '{*}=='{*} {_}compares two pointers{_}, but for 
> _character-by-character comparison_ of strings, it is necessary to use method 
> {*}equals(){*}. 
> _To confirm_ or {_}refute the verdict{_}, we consider it necessary to clarify 
> with the developers if they expect _a comparison of string literals or 
> pointers_ at GroupCache.java:420.
>  
> Found by Linux Verification Center (portal.linuxtesting.ru) with SVACE.
> Author E. Bykhanova (e.bykhan...@fobos-nt.ru).



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

-
To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org
For additional commands, e-mail: dev-h...@directory.apache.org

[jira] [Created] (DIRSERVER-2398) FB.ES_COMPARING_STRINGS_WITH_EQ in ../server/core/authz/GroupCache.java

2024-03-07 Thread e.bykhanova (Jira) 
e.bykhanova created DIRSERVER-2398:
--

 Summary: FB.ES_COMPARING_STRINGS_WITH_EQ in 
../server/core/authz/GroupCache.java
 Key: DIRSERVER-2398
 URL: https://issues.apache.org/jira/browse/DIRSERVER-2398
 Project: Directory ApacheDS
  Issue Type: Bug
Affects Versions: 2.0.0.AM26
Reporter: e.bykhanova
 Attachments: image-2024-03-08-10-35-42-632.png

The static analyzer has detected FB.ES_COMPARING_STRINGS_WITH_EQ: Comparison of 
String objects using == or != in [groupModified(Dn, List, Entry, 
SchemaManager)|[https://github.com/apache/directory-server/blob/8c9b56bdcc0703b04b8e2dbdc4f045ed5d83a064/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/GroupCache.java#L394-L438].]

 

!image-2024-03-08-10-35-42-632.png!

 

_memberAttr.getOid()_ and _modification.getAttribute().getId()_ are _two 
different instances_ of the class, so operator '{*}=='{*} will get 
'{*}false'{*} at GroupCache.java:420 even if the string literals are identical. 
Operator '{*}=='{*} {_}compares two pointers{_}, but for 
_character-by-character comparison_ of strings, it is necessary to use method 
{*}equals(){*}. 

_To confirm_ or {_}refute the verdict{_}, we consider it necessary to clarify 
with the developers if they expect _a comparison of string literals or 
pointers_ at GroupCache.java:420.

 

Found by Linux Verification Center (portal.linuxtesting.ru) with SVACE.

Author E. Bykhanova (e.bykhan...@fobos-nt.ru).



--
This message was sent by Atlassian Jira
(v8.20.10#820010)

-
To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org
For additional commands, e-mail: dev-h...@directory.apache.org