VeraCode flagging an issue in JSON Smart JStylerObj - string comparison
Issue #378
invalid
I'm not sure if this is a bug (or a question).
Several projects include nimbus-jose-jwt-9.0.jar (I think Spring Framework includes it).
VeraCode is flagging two errors in com.nimbusds.jose.shaded.JStylerObj.java. The errors are 'Use of Wrong Operator in String Comparison' at lines 58 & 93.
When I searched your JavaDoc, the maven jar file and the source code, I could not find this class (or the 'shaded' package), yet it is in the jar file in project.
Is this class part of your project? If not, do you have any idea how it is being included in the jar file?
If so, can the error be corrected or rationalized.
Comments (6)
-
-
Thanks Vernon for the report. This class comes from the shaded JSON Smart dependency (v2.3).
I think we should switch to JSON Smart 1.3.1, which is lighter and its features suffice.
-
It turns out that this
==string comparison is also present in JSON Smart 1.3.1.Fortunately the
s.trim() != sreference comparison in this particular instance is identical to an! s.trim().equals(s)comparison and the tests in the JSON Smart lib also capture this.(if the trim method modified the string it will return a new reference, hence the original and trimmed string are not equal; if the trim method didn’t modify the string it will return the original string and the references will match)
-
- changed title to VeraCode flagging an issue in JSON Smart JStyle - string comparison
-
-
- changed status to invalid
- Log in to comment
Since I asked a question, I thought that I would leave my email.
vernon.adams@nuance.com