...
Security vulnerabilities may arise if when an application expects input in a form that an adversary is capable of bypassing. This can happen when an application disregards supplementary characters or when it does not fails to use combining characters appropriately. Combining characters are characters that modify other characters. Refer to the Combining Diacritical Marks chart for more details on combining characters.
...
| Wiki Markup |
|---|
This noncompliant code example attempts to trim leading letters from the {{string}}. It fails to accomplish this task because {{Character.isLetter()}} doeslacks not worksupport for supplementary and combining characters \[[Hornig 2007|AA. Bibliography#Hornig 07]\]. |
...
| Wiki Markup |
|---|
This noncompliant code example attempts to amelioratesfix the problem by using the {{String.codePointAt()}} method, which accepts an {{int}} argument. This works for supplementary characters but notfails for combining characters \[[Hornig 2007|AA. Bibliography#Hornig 07]\]. |
...
| Wiki Markup |
|---|
This compliant solution works both for both supplementary and for combining characters \[[Hornig 2007|AA. Bibliography#Hornig 07]\]. According to the Java API \[[API 2006|AA. Bibliography#API 06]\], class {{java.text.BreakIterator}} documentation |
...
To perform locale-sensitive String comparisons for searching and sorting, use the java.text.Collator class.
Risk Assessment
Failing Failure to correctly account for supplementary and combining characters can lead to unexpected behavior.
Guideline | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
IDS13-J | low | unlikely | medium | P2 | L3 |
Automated Detection
...
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this guideline on the CERT website.
...