Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

A character encoding or charset specifies the binary representation of the coded character set. Every instance of the Java Virtual Machine (JVM) has a default charset, which may or may not be one of the standard charsets. The default charset is determined during virtual-machine startup and typically depends on the locale and charset being used by the underlying operating system [API 2014]. The default character encoding can be set at startup, for example:

java -Dfile.encoding=UTF-8 ... com.x.Main

Java platform has a default character encoding. The available encodings are listed in the Supported Encodings document [Encodings 2014]. A conversion between characters and sequences of bytes requires a character encoding to specify the details of the conversion. Such In the absence of an explicitly specified encoding, conversions use the system default encoding in the absence of an explicitly specified encoding. When Compatible encodings must be used when characters are converted into output as an array of bytes to be sent as output, transmitted across some communication channel, input, and converted back into characters, compatible encodings must be used on both sides of the conversationthen input by another JVM and subsequently converted back to characters.

According to the Java API  API [API 2014] for the String class:

The behavior of this constructor when the given bytes are not valid in the given charset is unspecified.

Disagreement over character encodings can result in data corruption.

Noncompliant Code Example

This noncompliant code example reads a byte array and converts it into a String using the platform's default character encoding. When the default encoding differs from the encoding that was used to produce the byte arrayIf the byte array does not represent a string, or if it represents a string that was encoded using other than the default encoding, the resulting String is likely to be incorrect. Undefined behavior can occur when some of the input lacks a valid character representation in the default encodingThe behavior resulting from malformed-input and unmappable-character errors is unspecified.

Code Block
bgColor#FFCCCC
FileInputStream fis = null;
try {
  fis = new FileInputStream("SomeFile");
  DataInputStream dis = new DataInputStream(fis);
  byte[] data = new byte[1024];
  dis.readFully(data);
  String result = new String(data);
} catch (IOException x) {
  // handleHandle error
} finally {
  if (fis != null) {
    try {
      fis.close();
    } catch (IOException x) {
      // Forward to handler
    }
  }
}

Compliant Solution

This compliant solution explicitly specifies the character encoding used to create the output the string string (in this example, UTF-16LE) as the second argument to the String constructor. The LE form of UTF-16 uses little-endian byte serialization (least significant byte first). Provided that the character data was encoded in UTF-16LE, it will decode correctly.

Code Block
bgColor#ccccff
FileInputStream fis = null;
try {
  fis = new FileInputStream("SomeFile");
  DataInputStream dis = new DataInputStream(fis);
  byte[] data = new byte[1024];
  dis.readFully(data);
  String result = new String(data, "UTF-16LE");
} catch (IOException x) {
  // handleHandle error
} finally {
  if (fis != null) {
    try {
      fis.close();
    } catch (IOException x) {
      // Forward to handler
    }
  }
}

...

STR04-EX0: An explicit character encoding may be omitted on the receiving side when the data is produced by a Java application that uses the same platform and default character encoding and is communicated over a secure communication channel (see MSC00-J. Use SSLSocket rather than Socket for secure data exchange for more information).

Risk Assessment

Failure to specify the character encoding while performing file or network I/O Using incompatible encodings when communicating string data between JVMs can result in corrupted data.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

STR04-J

low

Low

unlikely

Unlikely

medium

Medium

P2

L3

Automated Detection

Sound automated detection of this vulnerability is not feasible.

ToolVersionCheckerDescription
The Checker Framework

Include Page
The Checker Framework_V
The Checker Framework_V

Tainting CheckerTrust and security errors (see Chapter 8)
SonarQube
Include Page
SonarQube_V
SonarQube_V
S1943Classes and methods that rely on the default system encoding should not be used


Bibliography


...

Image Modified Image Modified Image Modified