...
Binary data that is expected to be a valid string may be read and converted to a string by exception FIO11STR04-EX0.
Noncompliant Code Example
...
| Code Block | ||
|---|---|---|
| ||
FileInputStream fis = null;
try {
fis = new FileInputStream("SomeFile");
DataInputStream dis = new DataInputStream(fis);
byte[] data = new byte[1024];
dis.readFully(data);
String encoding = "SomeEncoding"; // for example, "UTF-16LE"
String result = new String(data, encoding);
} catch (IOException x) {
// handle error
} finally {
if (fis != null) {
try {
fis.close();
} catch (IOException x) {
// Forward to handler
}
}
}
|
Exceptions
IDS13STR04-EX0: An explicit character encoding may be omitted on the receiving side when the data is produced by a Java application that uses the same platform and default character encoding and is communicated over a secure communication channel (see see MSC00-J. Use SSLSocket rather than Socket for secure data exchange for more information).
Risk Assessment
...