In Java, byte arrays are often used to transmit raw binary data and character encoded data. An Do not attempt to read raw binary data as if it were character encoded data fails because some of the bytes may not represent valid characters in the default or specified encoding scheme. For instanceexample, converting a cryptographic key containing non-representable bytes may be required to be converted to character encoded data for its suitable transmission . However, this may produce errorneous resultsmay result in an error.
Also see guidelines FIO02-J. Keep track of bytes read and account for character encoding while reading data and FIO03-J. Specify the character encoding while performing file or network IO.
...
This noncompliant example attempts to convert the byte array representing a BigInteger into a String. Unfortunately, Because some of the bytes do not denote valid characters, so the resulting String representation loses information. (Converting , and converting the String back to a BigInteger produces a different numbervalue.)
| Code Block | ||
|---|---|---|
| ||
BigInteger x = new BigInteger ("530500452766");
byte [] byteArray = x.toByteArray(); // convert to byte array
String s = new String(byteArray); // s prints as "{âJ?ž" -
// the fourth character is invalid
// convert s back to a BigInteger
byteArray = s.getBytes(); // convert to bytes
x = new BigInteger(byteArray); // now x = 530500435870
|
...
Guideline | Severity | Likelihood | Remediation Cost | Priority | Level | ||
|---|---|---|---|---|---|---|---|
FIO11-J | Low low | Unlikely unlikely | Medium | P??? | medium | P2 | L3 L??? |
Automated Detection
TODO
Related Vulnerabilities
...