# Comparison Using Wrong Factors (CWE-1024) The code performs a comparison between two entities, but the comparison is done using the wrong factors or criteria. - Prevalence: Medium 1 language covered - Impact: Medium Review recommended - Prevention: Documented 1 fix examples **OWASP:** Injection (A03:2021-Injection) - #3 ## Description When comparisons use incorrect criteria, security checks may not work as intended. For example, comparing objects by reference instead of by value, or using case-sensitive comparison when case-insensitive is required. ## Prevention Prevention strategies for Comparison of Incompatible Types based on 1 Shoulder detection rules. ### Node.js Use strict equality (===) and explicit type checking for security comparisons ## Warning Signs - [MEDIUM] Loose equality operator ... used in security-critical context: ... - [MEDIUM] unsafe use of loose equality operators (==, !=) and type coercion patterns that can lead to security ## Consequences - Bypass Protection Mechanism - Gain Privileges ## Mitigations - Carefully review comparison logic in security-sensitive code - Use appropriate comparison methods for the data type - Test comparison logic with edge cases ## Detection - Total rules: 1 - Languages: javascript, typescript ## Rules by Language ### Javascript (1 rules) - **Type Coercion Security Bugs** [MEDIUM]: Detects unsafe use of loose equality operators (==, !=) and type coercion patterns that can lead to security vulnerabilities. JavaScript's type coercion can cause unexpected behavior in security-critical code. Common security issues from type coercion: 1. Authentication bypass: password == null matches both null AND undefined 2. Authorization bypass: role == "admin" can be bypassed with role = true 3. Input validation bypass: value == 0 matches "", [], false, "0" 4. SQL/NoSQL injection: params == {} doesn't check for actual object properties Type coercion rules in JavaScript: - null == undefined (true) - 0 == "" == false == [] (all true) - "0" == 0 (true) - " \t\n" == 0 (true) - But: "0" != false (because string vs boolean) Security implications are severe when used in: - Authentication/authorization checks - Input validation - Null/undefined checks - Role/permission comparisons - Remediation: Use strict equality (===, !==) to avoid type coercion bugs. ### Typescript (1 rules) - **Type Coercion Security Bugs** [MEDIUM]: Detects unsafe use of loose equality operators (==, !=) and type coercion patterns that can lead to security vulnerabilities. JavaScript's type coercion can cause unexpected behavior in security-critical code. Common security issues from type coercion: 1. Authentication bypass: password == null matches both null AND undefined 2. Authorization bypass: role == "admin" can be bypassed with role = true 3. Input validation bypass: value == 0 matches "", [], false, "0" 4. SQL/NoSQL injection: params == {} doesn't check for actual object properties Type coercion rules in JavaScript: - null == undefined (true) - 0 == "" == false == [] (all true) - "0" == 0 (true) - " \t\n" == 0 (true) - But: "0" != false (because string vs boolean) Security implications are severe when used in: - Authentication/authorization checks - Input validation - Null/undefined checks - Role/permission comparisons - Remediation: Use strict equality (===, !==) to avoid type coercion bugs.