Increasingly, programmers view strings as a portable means of storing and communicating arbitrary data, such as numeric values. For example, a real world system stored the binary values of encrypted passwords as strings in a database. Non-character data may not be representable as a string, because not all bit patterns represent valid characters in most character sets. Consequently, programmers must not convert non-character noncharacter data to a string.
Noncompliant Code Example
...
| Code Block | ||||
|---|---|---|---|---|
| ||||
BigInteger x = new BigInteger("530500452766");
byte[] byteArray = x.toByteArray();
String s = Base64.getEncoder().encodeToString(byteArray);
byteArray = Base64.getDecoder().decode(s);
x = new BigInteger(byteArray);
|
Risk Assessment
Encoding non-character noncharacter data as a string is likely to result in a loss of data integrity.
...