card-io / card.io-Android-SDK

card.io provides fast, easy credit card scanning in mobile apps

Geek Repo:Geek Repo

Github PK Tool:Github PK Tool

Flaw detected by Veracode static scan

MitekDev-AWood opened this issue · comments

General information

The following flaw is detected by a Veracode static scan:
Severity: Low
Exploitability: Unlikely
Use of Wrong Operator in String Comparison
OverlayView.java: 358
Attack Vector: span.neq

Description: Using '!=' to compare two strings for inequality actually compares the object references rather than their values. It is unlikely that this reflects the intended application logic.

Remediation: Use the equals() method to compare strings, not the '!=' operator.

Issue description

Change OverlayView.java line 353 to:
if (scanInstructions != null && !scanInstructions.equals("")) {
(instead of scanInstructions != "")

I tried pushing the code changes to a separate branch in order to do a PR, but kept getting 403 permission denied errors.