SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 94

changes.mady.by.user Derek Leung

Saved on

compared with

New Version 95

changes.mady.by.user Derek Leung

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: formatting

...

This noncompliant code example takes a user input query string and build a URL. Because the URL is not properly encoded, the URL returned is not valid because it contains non-URL-safe characters RFC 1738

Code Block
languagebgColorjava#FFCCCC
String buildUrl(String q) {
  //user inputs the argument "#YOLO2018"
  String url = "https://example.com?query=" + q;
 
  return url;
}

The url returned is is "https://example.com?query=#YOLO2018" which is not a valid URL.

Compliant Solution

Code Block
languagebgColorjava#ccccff
String buildEncodedUrl(String q) {
    String origUrl = "https://example.com?query=" + q;
    String encodedUrl = Base64.getUrlEncoder().encodeToString(origUrl.getBytes());
 
    return encodedUrl;
}

The encodedUrl returned is "https%3A%2F%2Fexample.com%3Fquery%3D%23YOLO2018" which is a valid URL. Use java.util.Base64 to encode and decode when transferring binary data over mediums that only allow printable characters like URLs, filenames, and MIME.

...