What is Assigning instead of Comparing?

• Overview:

• CWE-481 (Assigning instead of Comparing) occurs when an assignment operator is mistakenly used in place of a comparison operator, often due to a typo, leading to logic errors in the code.

• Exploitation Methods:

• Attackers can exploit this vulnerability by manipulating the program's control flow, potentially bypassing security checks.
• Common attack patterns include causing unintended behavior in conditional statements, leading to incorrect program logic execution.

• Security Impact:

• Direct consequences include incorrect program behavior, which may result in unauthorized actions being performed.
• Potential cascading effects could involve security checks being bypassed, leading to data breaches or unauthorized access.
• Business impact might involve loss of data integrity, decreased application reliability, and potential regulatory compliance issues.

• Prevention Guidelines:

• Specific code-level fixes include using compiler warnings and static analysis tools to identify and correct assignment versus comparison errors.
• Security best practices involve regularly reviewing code for such typos, implementing code reviews and pair programming to catch mistakes.
• Recommended tools and frameworks include static code analysis tools like SonarQube, Coverity, or compiler warnings that highlight potential assignment errors in conditional statements.

Corgea can automatically detect and fix Assigning instead of Comparing in your codebase. [Try Corgea free today](https://corgea.app).

Technical Details

Likelihood of Exploit: Low

Affected Languages: C, C++, Java, C#

Affected Technologies: Not specified

Vulnerable Code Example

C Example

// Vulnerable code demonstrating CWE-481: Assigning instead of Comparing

#include <stdio.h>
#include <string.h>

void checkPassword(const char* inputPassword) {
    const char* correctPassword = "securePassword123";
    
    // Vulnerability: Assignment '=' instead of comparison '=='
    if (inputPassword = correctPassword) {  // {8}
        printf("Access Granted!\n");  // {9}
    } else {
        printf("Access Denied!\n");
    }
}

int main() {
    checkPassword("testPassword");
    return 0;
}

In this vulnerable code example, the use of the assignment operator '=' instead of the equality operator '==' leads to incorrect logic. The inputPassword pointer is assigned the value of correctPassword, resulting in the condition always evaluating to true, which can lead to unauthorized access.

How to fix Assigning instead of Comparing?

To fix this issue, always use the equality operator '==' for comparisons. Additionally, when comparing pointers or strings, use strcmp() to compare the actual content of the strings. Placing constants on the left side of the comparison can help catch such errors during compilation.

Fixed Code Example

// Fixed code with correct comparison using strcmp() and improved practice

#include <stdio.h>
#include <string.h>

void checkPassword(const char* inputPassword) {
    const char* correctPassword = "securePassword123";
    
    // Fix: Use 'strcmp()' for string comparison
    if (strcmp(correctPassword, inputPassword) == 0) {  // {8}
        printf("Access Granted!\n");  // {9}
    } else {
        printf("Access Denied!\n");  // {10}
    }
}

int main() {
    checkPassword("testPassword");
    return 0;
}

In the fixed code, strcmp() is used to compare inputPassword and correctPassword correctly. This ensures that the actual content of the strings is compared, not the pointers. Additionally, by placing the constant on the left side of the comparison, any accidental use of the assignment operator will result in a compilation error, thus preventing similar mistakes.