...
| Code Block | ||
|---|---|---|
| ||
// Corrupts data on errors
public static void toFile(String charset, String filename,
String string) throws IOException {
FileOutputStream stream = new FileOutputStream(filename, true);
OutputStreamWriter writer = new OutputStreamWriter(stream, charset);
writer.write(string, 0, string.length());
writer.close();
}
|
...
Compliant Solution
This compliant solution uses the CharsetEncoder class to perform the required function.
...
STR03-EX0: Binary data that is expected to be a valid string may be read and converted to a string. How to perform this operation securely is explained in rule STR04-J. Use compatible character encodings on both sides of file or network IO. Also see rule STR01-J. Don't form strings containing partial charactersUnicode code points.
Risk Assessment
Attempting to read a byte array containing binary data as if it were character data can produce erroneous results.
...