Type Confusion Anti-Pattern

Severity: High

Summary

Programs misinterpret data types through loose comparisons, implicit coercion, or improper input handling. Attackers exploit type confusion in weakly-typed languages (JavaScript, PHP) and dynamic data structures (JSON) to bypass security checks, manipulate logic, or achieve code execution.

The Anti-Pattern

The anti-pattern is using loose equality (==) or trusting incoming data types without explicit validation.

BAD Code Example

// VULNERABLE: Loose equality comparison in authentication.