SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 8

changes.mady.by.user David Svoboda

Saved on

compared with

New Version Current

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: REM cost reform

...

This noncompliant code example shows an example where the wrong type of character encoding is used with erroneous results.

Code Block
bgColor#FFCCCC
 

 


Compliant Solution
In this compliant solution ... 
 
 Code Block
bgColor#CCCCFF
Risk Assessment
If character data is not normalized before being passed to the NewStringUTF() function then erroneous results may be obtained.
Rule
Severity
Likelihood
Remediation Cost
Detectable
Repairable
Priority
Level
JNI04-J
Low
Probable
Medium
No
No
P4
P2
L3
Automated Detection
It may be possible to automatically detect whether character data from untrusted sources has been normalized before being passed to the NewStringUTF() function.
Bibliography
JNI TipsUTF-8 and UTF-16 Strings
API 2013Modified UTF-8
...

...