In Java, byte arrays are often used to transmit raw binary data and as well as character encoded data. Do not attempt Attempts to read raw binary data as if it were character encoded data often fail, because some of the bytes may not represent valid characters in fall outside the default or specified encoding scheme and hence fail to denote valid characters. For example, converting a cryptographic key containing non-representable bytes to character encoded data for transmission may result in an error.
...
This noncompliant example attempts to convert the byte array representing a BigInteger into a String. Because some of the bytes do not denote valid characters, the resulting String representation loses information, and converting . Converting the String back to a BigInteger produces a different value.
...
Compliant Solution
This compliant solution first produces a String representation of the BigInteger, then converts the String to a byte array to a String object. The byte array has been generated from a BigInteger, and represents . This process is reversed on input. Because the textual representation in the String was generated by the BigInteger class, it contains valid characters.
| Code Block | ||
|---|---|---|
| ||
BigInteger x = new BigInteger ("530500452766");
String s = x.toString(); // valid character data
byte [] byteArray = s.getBytes("UTF8");
String ns = new String(byteArray, "UTF8"); // ns prints as "530500452766"
BigInteger x1 = new BigInteger(ns); // construct the original BigInteger
|
...
Guideline | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
FIO11-J | low | unlikely | medium | P2 | L3 |
Automated Detection
...
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this guideline on the CERT website.
...