...
Note that the read() methods return as soon as they find available input data. Ignoring the result returned by the read() methods is a violation of guideline EXP00-J. Do not ignore values returned by methods. Security issues can arise even when return values are considered, because the default behavior of the read() methods lacks any guarantee that the entire buffer array will be filled. The programmer must check the number of bytes actually read and call the read() method again as required.
Noncompliant Code Example (read())
This noncompliant code example attempts to read 1024 bytes encoded in UTF-8 from an InputStream and to return them as a String. It explicitly specifies the the encoding to build the string, in compliance with IDS17-J. Use compatible encodings on both sides of file or network IO.
...