== Why is this an issue?

It's almost always a mistake to compare two instances of ``++java.lang.String++`` or boxed types like ``++java.lang.Integer++`` using reference equality ``++==++`` or ``++!=++``, because it is not comparing actual value but locations in memory.


=== Noncompliant code example

[source,java]
----
String firstName = getFirstName(); // String overrides equals 
String lastName = getLastName();

if (firstName == lastName) { ... }; // Non-compliant; false even if the strings have the same value
----


=== Compliant solution

[source,java]
----
String firstName = getFirstName();
String lastName = getLastName();

if (firstName != null && firstName.equals(lastName)) { ... };
----


== Resources

* CWE - https://cwe.mitre.org/data/definitions/595[CWE-595 - Comparison of Object References Instead of Object Contents]
* CWE - https://cwe.mitre.org/data/definitions/597[CWE-597 - Use of Wrong Operator in String Comparison]
* https://wiki.sei.cmu.edu/confluence/x/UjdGBQ[CERT, EXP03-J.] - Do not use the equality operators when comparing values of boxed primitives
* https://wiki.sei.cmu.edu/confluence/x/yDdGBQ[CERT, EXP50-J.] - Do not confuse abstract object equality with reference equality


ifdef::env-github,rspecator-view[]
'''
== Comments And Links
(visible only on this page)

=== relates to: S1698

=== on 31 Oct 2018, 17:41:57 Tibor Blenessy wrote:
RSPEC-1698 has to exclude ``++java.lang.String++`` and boxed types to not raise duplicate issues

endif::env-github,rspecator-view[]