SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 67

changes.mady.by.user Shannon Haas

Saved on

compared with

New Version 68

changes.mady.by.user Shannon Haas

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Migrated to Confluence 4.0

Wiki Markup Every Java platform has a default character encoding. The available encodings are listed in the _Supported Encodings_ document \[ [Encodings 2006|AA. References#Encodings 06]\]. A conversion between characters and sequences of bytes requires a character encoding to specify the details of the conversion. Such conversions use the system default encoding in the absence of an explicitly specified encoding. When characters are converted into an array of bytes to be sent as output, transmitted across some communication channel, input, and converted back into characters, compatible encodings must be used on both sides of the conversation. Disagreement over character encodings can cause data corruption.

According to the Java API [API 2006] for the String class:

...

Sound automated detection of this vulnerability is not feasible.

Bibliography

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="b96a0940-b995-41c7-88ff-0b7a08ebd14c"><ac:plain-text-body><![CDATA [ [[Encodings 2006AA. References#Encodings 06] ] ]]></ac:plain-text-body></ac:structured-macro>

...

IDS12-J. Perform lossless conversion of String data between differing character encodings            01. Declarations and Initialization (DCL)