In Java, byte arrays are often used to transmit raw binary data as well as character encoded data. Attempts to read raw binary data as if it were character encoded data often fail, because some of the bytes fall outside the default or specified encoding scheme and hence fail to denote valid characters. For example, converting a cryptographic key containing non-representable bytes to character encoded data for transmission may result in an error.
Also see guidelines FIO02-J. Keep track of bytes read and account for character encoding while reading data and IDS17-J. Specify the character encoding while performing file or network IO.
Noncompliant Code Example
...
Do not try to convert the String object to a byte array to obtain the original BigInteger. Character encoded data may yield a byte array which when converted to a BigInteger, results in a completely different value.
Exceptions
FIO11-EX0: Untrusted binary data that is expected to be a valid string may be read and converted to a string. Doing so safely is explained in IDS17-J. Specify the character encoding while performing file or network IO. Also see guideline FIO02-J. Keep track of bytes read and account for character encoding while reading data.
Risk Assessment
Attempting to read a byte array containing raw character data as if it were character data may produce erroneous results.
...