JD.ST.POS

JD.ST.POS is found when the result of a String.indexOf(..) method is checked for greater than 0.

Vulnerability and risk

The method String.indexOf(..) returns the position of the found symbol, starting with 0, so a check for greater than 0 is most likely incorrect, because it misses any cases where a symbol is first in the string.

Mitigation and prevention

Replace a check for >0 with a check for ==-1, or >=0.

Example 1

Copy

9
10
11
12
13
14
      public boolean checkFile(String file) {
         if (file.indexOf("/")>0) {
             return true;
         }
         return false;
     }

JD.ST.POS is reported for call on line 10: Result of method 'indexOf' should be checked for >=0 or <0 instead of >0.