Flaw detected by Veracode static scan
MitekDev-AWood opened this issue · 0 comments
General information
The following flaw is detected by a Veracode static scan:
Severity: Low
Exploitability: Unlikely
Use of Wrong Operator in String Comparison
OverlayView.java: 358
Attack Vector: span.neq
Description: Using '!=' to compare two strings for inequality actually compares the object references rather than their values. It is unlikely that this reflects the intended application logic.
Remediation: Use the equals() method to compare strings, not the '!=' operator.
Issue description
Change OverlayView.java line 353 to:
if (scanInstructions != null && !scanInstructions.equals("")) {
(instead of scanInstructions != "")
I tried pushing the code changes to a separate branch in order to do a PR, but kept getting 403 permission denied errors.