...
| Code Block | ||
|---|---|---|
| ||
// Corrupts data on errors
public static void toFile(String charset, String filename,
String string) throws IOException {
FileOutputStream stream = new FileOutputStream(filename, true);
OutputStreamWriter writer = new OutputStreamWriter(stream, charset);
writer.write(string, 0, string.length());
writer.close();
}
|
Compliant Solution
This compliant solution uses the CharsetEncoder class to perform the required function.
| Code Block | ||
|---|---|---|
| ||
public static void toFile(String filename, String string,
String charset) throws IOException {
Charset cs = Charset.forName(charset);
CharsetEncoder coder = cs.newEncoder();
FileOutputStream stream = new FileOutputStream(filename, true);
OutputStreamWriter writer = new OutputStreamWriter(stream, coder);
writer.write(string, 0, string.length());
writer.close();
}
|
Use the FileInputStream and InputStreamReader objects to read back the data from the file. InputStreamReader accepts a optional CharsetDecoder argument, which must be the same as that previously used for writing to the file.
Exceptions
FIO11STR03-EX0: Binary data that is expected to be a valid string may be read and converted to a string. How to perform this operation securely is explained in rule STR04-J. Use compatible character encodings on both sides of file or network IO. Also see rule IDS10STR01-J. Don't form strings containing partial characters.
...