Category: Comprehensive Categorization: Comparison
Incomplete
Summary
Weaknesses in this category are related to comparison.
Membership
| ID | Name | Description |
|---|---|---|
| CWE-1023 | Incomplete Comparison with Missing Factors | The product performs a comparison between entities that must consider multiple factors or characteristics of each entity, but the comparison does not include one or more of these factors. |
| CWE-1024 | Comparison of Incompatible Types | The product performs a comparison between two entities, but the entities are of different, incompatible types that cannot be guaranteed to provide correct results when they are directly compared. |
| CWE-1025 | Comparison Using Wrong Factors | The code performs a comparison between two entities, but the comparison examines the wrong factors or characteristics of the entities, which can lead to incorrect results and resultant weaknesses. |
| CWE-1077 | Floating Point Comparison with Incorrect Operator | The code performs a comparison such as an equality test between two float (floating point) values, but it uses comparison operators that do not account for the possibility of loss of precision. |
| CWE-183 | Permissive List of Allowed Inputs | The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are explicitly allowed by policy because the inputs are assumed to be safe, but the list is too permissive - that is, it allows an input that is unsafe, leading to resultant weaknesses. |
| CWE-185 | Incorrect Regular Expression | The product specifies a regular expression in a way that causes data to be improperly matched or compared. |
| CWE-186 | Overly Restrictive Regular Expression | A regular expression is overly restrictive, which prevents dangerous values from being detected. |
| CWE-187 | Partial String Comparison | The product performs a comparison that only examines a portion of a factor before determining whether there is a match, such as a substring, leading to resultant weaknesses. |
| CWE-478 | Missing Default Case in Multiple Condition Expression | The code does not have a default case in an expression with multiple conditions, such as a switch statement. |
| CWE-486 | Comparison of Classes by Name | The product compares classes by name, which can cause it to use the wrong class when multiple classes can have the same name. |
| CWE-595 | Comparison of Object References Instead of Object Contents | The product compares object references instead of the contents of the objects themselves, preventing it from detecting equivalent objects. |
| CWE-597 | Use of Wrong Operator in String Comparison | The product uses the wrong operator when comparing a string, such as using "==" when the .equals() method should be used instead. |
| CWE-625 | Permissive Regular Expression | The product uses a regular expression that does not sufficiently restrict the set of allowed values. |
| CWE-697 | Incorrect Comparison | The product compares two entities in a security-relevant context, but the comparison is incorrect, which may lead to resultant weaknesses. |
| CWE-777 | Regular Expression without Anchors | The product uses a regular expression to perform neutralization, but the regular expression is not anchored and may allow malicious or malformed data to slip through. |
| CWE-839 | Numeric Range Comparison Without Minimum Check | The product checks a value to ensure that it is less than or equal to a maximum, but it does not also verify that the value is greater than or equal to the minimum. |
| CWE-1400 | Comprehensive Categorization for Software Assurance Trends |
Vulnerability Mapping Notes
Usage: Prohibited
Reasons: Category
Rationale:
This entry is a Category. Using categories for mapping has been discouraged since 2019. Categories are informal organizational groupings of weaknesses that can help CWE users with data aggregation, navigation, and browsing. However, they are not weaknesses in themselves [REF-1330].
Comment:
See member weaknesses of this category.