...
According to the Java API [API 2006] for the String class:
The length of the new
Stringis a function of the charset, and hence may not be equal to the length of the byte array. The behavior of this constructor when the given bytes are not valid in the given charset is unspecified.
...
| Code Block | ||
|---|---|---|
| ||
String encoding = "SomeEncoding" // for example, "UTF-16LE"
FileInputStream fis = new FileInputStream("SomeFile");
DataInputStream dis = new DataInputStream(fis);
int bytesRead = 0;
byte[] data = new byte[1024];
bytesRead = dis.readFully(data);
if (bytesRead > 0) {
String result = new String(data, encoding);
}
|
Exceptions
FIO03-EX1: If the data is coming from another Java application that uses the same platform and it is known that the application is using the default character encoding, an explicit character encoding is not required to be specified on the receiving side.
...
Failure to specify the character encoding while performing file or network IO can corrupt the data.
Recommendation Guideline | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
FIO03-J | low | unlikely | medium | P2 | L3 |
...