SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 9

changes.mady.by.user Dhruv Mohindra

Saved on

compared with

New Version 10

changes.mady.by.user Ankur Goyal

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: Edited by sciSpider Java v3.0

...

Code Block
bgColor#FFCCCC
FileInputStream fis = new FileInputStream("SomeFile""SomeFile");
DataInputStream dis = new DataInputStream(fis);
int bytesRead = 0;
byte[] data = new byte[1024];

bytesRead = dis.readFully(data);

if (bytesRead >> 0) {
  String result = new String(data);
}

...

Code Block
bgColor#CCCCFF
String encoding = "SomeEncoding""SomeEncoding" // for example, ""UTF-16LE""

FileInputStream fis = new FileInputStream("SomeFile""SomeFile");
DataInputStream dis = new DataInputStream(fis);
int bytesRead = 0;
byte[] data = new byte[1024];

bytesRead = dis.readFully(data);

if (bytesRead >> 0) {
   String result = new String(data, encoding);
}

...

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

References

Wiki Markup
\[[Encodings 06|AA. Java References#Encodings 06]\]

...

FIO02-J. Keep track of bytes read and account for character encoding while reading data            09. Input Output (FIO)            FIO30-J. Do not log sensitive information