Comprehensive Categorization: Comparison

A category in the Common Weakness Enumeration published by The MITRE Corporation.


Categories in the Common Weakness Enumeration (CWE) group entries based on some common characteristic or attribute.

Weaknesses in this category are related to comparison.


Comparison of Classes by Name

The product compares classes by name, which can cause it to use the wrong class when multiple classes can have the same name.

Comparison of Incompatible Types

The product performs a comparison between two entities, but the entities are of different, incompatible types that cannot be guaranteed to provide correct results when...

Comparison of Object References Instead of Object Contents

The product compares object references instead of the contents of the objects themselves, preventing it from detecting equivalent objects.

Comparison Using Wrong Factors

The code performs a comparison between two entities, but the comparison examines the wrong factors or characteristics of the entities, which can lead to incorrect resu...

Floating Point Comparison with Incorrect Operator

The code performs a comparison such as an equality test between two float (floating point) values, but it uses comparison operators that do not account...

Incomplete Comparison with Missing Factors

The product performs a comparison between entities that must consider multiple factors or characteristics of each entity, but the comparison does not include one or mo...

Incorrect Comparison

The product compares two entities in a security-relevant context, but the comparison is incorrect, which may lead to resultant weaknesses.

Incorrect Regular Expression

The product specifies a regular expression in a way that causes data to be improperly matched or compared.

Missing Default Case in Multiple Condition Expression

The code does not have a default case in an expression with multiple conditions, such as a switch statement.

Numeric Range Comparison Without Minimum Check

The product checks a value to ensure that it is less than or equal to a maximum, but it does not also verify that the value is greater than or equal to the minimum.

Overly Restrictive Regular Expression

A regular expression is overly restrictive, which prevents dangerous values from being detected.

Partial String Comparison

The product performs a comparison that only examines a portion of a factor before determining whether there is a match, such as a substring, leading to resultant weakn...

Permissive List of Allowed Inputs

The product implements a protection mechanism that relies on a list of inputs (or properties of inputs) that are explicitly allowed by policy because the inputs are as...

Permissive Regular Expression

The product uses a regular expression that does not sufficiently restrict the set of allowed values.

Regular Expression without Anchors

The product uses a regular expression to perform neutralization, but the regular expression is not anchored and may allow malicious or malformed data to slip through.

Use of Wrong Operator in String Comparison

The product uses the wrong operator when comparing a string, such as using "==" when the .equals() method should be used instead.


Comprehensive Categorization for Software Assurance Trends

This view organizes weaknesses around categories that are of interest to large-scale software assurance research to support the elimination of weaknesses using ta...

See Also

  1. CVE --> CWE Mapping Guidance - Quick Tips


Common Weakness Enumeration content on this website is copyright of The MITRE Corporation unless otherwise specified. Use of the Common Weakness Enumeration and the associated references on this website are subject to the Terms of Use as specified by The MITRE Corporation.