CWE-581
Object Model Violation: Just One of Equals and Hashcode Defined
Draft
2006-12-15
00h00 +00:00
00h00 +00:00
2025-12-11
00h00 +00:00
00h00 +00:00
Benachrichtigungen für ein CWE
Bleiben Sie über alle Änderungen zu einem bestimmten CWE informiert.
Name: Object Model Violation: Just One of Equals and Hashcode Defined
The product does not maintain equal hashcodes for equal objects.
CWE-Beschreibung
Java objects are expected to obey a number of invariants related to equality. One of these invariants is that equal objects must have equal hashcodes. In other words, if a.equals(b) == true then a.hashCode() == b.hashCode().
Allgemeine Informationen
Einführungsmodi
ImplementationAnwendbare Plattformen
Sprache
Name: Java (Undetermined)Häufige Konsequenzen
| Bereich | Auswirkung | Wahrscheinlichkeit |
|---|---|---|
| Integrity Other | Other Note: If this invariant is not upheld, it is likely to cause trouble if objects of this class are stored in a collection. If the objects of the class in question are used as a key in a Hashtable or if they are inserted into a Map or Set, it is critical that equal objects have equal hashcodes. |
Mögliche Gegenmaßnahmen
Phases : ImplementationBoth Equals() and Hashcode() should be defined.
Erkennungsmethoden
Automated Static Analysis
Automated static analysis, commonly referred to as Static Application Security Testing (SAST), can find some instances of this weakness by analyzing source code (or binary/compiled code) without having to execute it. Typically, this is done by building a model of data flow and control flow, then searching for potentially-vulnerable patterns that connect "sources" (origins of input) with "sinks" (destinations where the data interacts with external components, a lower layer such as the OS, etc.)Wirksamkeit : High
Hinweise zur Schwachstellen-Zuordnung
Begründung : This CWE entry is at the Base level of abstraction, which is a preferred level of abstraction for mapping to the root causes of vulnerabilities.Kommentar : Carefully read both the name and description to ensure that this mapping is an appropriate fit. Do not try to 'force' a mapping to a lower-level Base/Variant simply to comply with this preferred level of abstraction.
Einreichung
| Name | Organisation | Datum | Veröffentlichungsdatum | Version |
|---|---|---|---|---|
| CWE Community | Draft 5 |
Änderungen
| Name | Organisation | Datum | Kommentar |
|---|---|---|---|
| Eric Dalci | Cigital | updated Potential_Mitigations, Time_of_Introduction | |
| CWE Content Team | MITRE | updated Common_Consequences, Relationships, Other_Notes | |
| CWE Content Team | MITRE | updated Common_Consequences, Description, Other_Notes | |
| CWE Content Team | MITRE | updated Common_Consequences | |
| CWE Content Team | MITRE | updated Description | |
| CWE Content Team | MITRE | updated Common_Consequences, Relationships, Taxonomy_Mappings | |
| CWE Content Team | MITRE | updated Relationships, Taxonomy_Mappings | |
| CWE Content Team | MITRE | updated Potential_Mitigations | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Relationships, Taxonomy_Mappings | |
| CWE Content Team | MITRE | updated Relationships | |
| CWE Content Team | MITRE | updated Description | |
| CWE Content Team | MITRE | updated Detection_Factors, Relationships | |
| CWE Content Team | MITRE | updated Mapping_Notes | |
| CWE Content Team | MITRE | updated Type | |
| CWE Content Team | MITRE | updated Weakness_Ordinalities |
