In Java, byte arrays are often used to transmit raw binary data as well as character encoded data. Attempts to read raw binary data as if it were character encoded data often fail , because some of the bytes fall outside the default or specified encoding scheme and for that reason fail to denote valid characters. For example, converting a cryptographic key containing non-representable bytes to character encoded data for transmission may result in an error.
...
This compliant solution first produces a String representation of the BigInteger object, and then converts the String object to a byte array. This process is reversed on input. Because the textual representation in the String object was generated by the BigInteger class, it contains valid characters.
...
Do not try to convert the String object to a byte array to obtain the original BigInteger. Character encoded data may yield a byte array which, when converted to a BigInteger, results in a completely different value.
...
FIO11-EX0: Untrusted binary data that is expected to be a valid string may be read and converted to a string. How to perform this operation securely is explained in IDS17-J. Use compatible encodings on both sides of file or network I/O[]. Also see rule IDS10-J. Do not assume every character in a string is the same size.
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="1f2c1c31277302fa-a929af32-4a2042eb-b3c3a362-a8ade13719c23fb6303828f2"><ac:plain-text-body><![CDATA[ | [[API 2006 | AA. Bibliography#API 06]] | class [String | http://java.sun.com/javase/6/docs/api/java/lang/String.html] | ]]></ac:plain-text-body></ac:structured-macro> |
...