...
The character and string escape sequences allow for the representation of some nongraphic characters as well as the single quote, double quote, and backslash characters in character literals (§3§3.10.4) and string literals (§3§3.10.5).
In order to correctly use escape sequences pertaining to String literals, an understanding of how they are interpreted is essential. For example, SQL statements written in Java, sometimes require certain special escape characters or sequences (for instance, sequences containing \t, \n, \r). In SQL queries, all escape sequences must be preceded by an extra backslash for correct interpretation.
...
In the following example, a method splitWords() finds matches between the String literal and the input sequence. Since '\b' is the escape sequence for a word boundary, the misleading notion that String literals can be used as is, can convince the implementer that the pattern matches to word boundaries and thus as a result splits a given string into individual words. Instead, the string WORDS silently compiles to a backspace character.
...
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
MSC36- J | low | unlikely | high | P1 | L3 |
Related Vulnerabilities
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
...