[ https://issues.apache.org/jira/browse/DIRSERVER-2398?page=com.atlassian.jira.plugin.system.issuetabpanels:comment-tabpanel&focusedCommentId=17824647#comment-17824647 ]
e.bykhanova commented on DIRSERVER-2398: ---------------------------------------- Link to the source code of the function groupModified(Dn, List, Entry, SchemaManager): https://github.com/apache/directory-server/blob/8c9b56bdcc0703b04b8e2dbdc4f045ed5d83a064/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/GroupCache.java#L394-L438 > FB.ES_COMPARING_STRINGS_WITH_EQ in ../server/core/authz/GroupCache.java > ----------------------------------------------------------------------- > > Key: DIRSERVER-2398 > URL: https://issues.apache.org/jira/browse/DIRSERVER-2398 > Project: Directory ApacheDS > Issue Type: Bug > Affects Versions: 2.0.0.AM26 > Reporter: e.bykhanova > Priority: Major > Attachments: image-2024-03-08-10-35-42-632.png > > > The static analyzer has detected FB.ES_COMPARING_STRINGS_WITH_EQ: Comparison > of String objects using == or != in [groupModified(Dn, List, Entry, > SchemaManager)|[https://github.com/apache/directory-server/blob/8c9b56bdcc0703b04b8e2dbdc4f045ed5d83a064/interceptors/authz/src/main/java/org/apache/directory/server/core/authz/GroupCache.java#L394-L438].] > > !image-2024-03-08-10-35-42-632.png! > > _memberAttr.getOid()_ and _modification.getAttribute().getId()_ are _two > different instances_ of the class, so operator '{*}=='{*} will get > '{*}false'{*} at GroupCache.java:420 even if the string literals are > identical. Operator '{*}=='{*} {_}compares two pointers{_}, but for > _character-by-character comparison_ of strings, it is necessary to use method > {*}equals(){*}. > _To confirm_ or {_}refute the verdict{_}, we consider it necessary to clarify > with the developers if they expect _a comparison of string literals or > pointers_ at GroupCache.java:420. > > Found by Linux Verification Center (portal.linuxtesting.ru) with SVACE. > Author E. Bykhanova (e.bykhan...@fobos-nt.ru). -- This message was sent by Atlassian Jira (v8.20.10#820010) --------------------------------------------------------------------- To unsubscribe, e-mail: dev-unsubscr...@directory.apache.org For additional commands, e-mail: dev-h...@directory.apache.org