SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 10

changes.mady.by.user Fred Long

Saved on

compared with

New Version 11

changes.mady.by.user Fred Long

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

The length of the new String is a function of the charset, and hence may not be equal to the length of the byte array. The behavior of this constructor when the given bytes are not valid in the given charset is unspecified.

Noncompliant Code Example

This noncompliant snippet intends to read a specific number of bytes from a FileInputStream but suffers from a few pitfalls. The objective is to read 1024 bytes and return them as a String. Unfortunately, this won't happen because of the general contract of the read methods.

...

Code Block
bgColor#FFcccc
public static String readBytes(FileInputStream in) throws IOException {
  String str = "";
  byte[] data = new byte[1024];
  while (in.read(data) > -1) {
    str += new String(data);
  }
  return str;
}

Compliant Solution (1)

This compliant solution takes into account the total number of bytes read (and adjusts the remaining bytes' offset) so that the required data is fully read.

...

Code Block
bgColor#ccccff
public static String readBytes(FileInputStream in) throws IOException {
  int offset = 0;
  int bytesRead = 0;
  byte[] data = new byte[1024];
  while(true) { 
    bytesRead += in.read(data, offset, data.length - offset);
    if(bytesRead == -1 || offset >= data.length)
      break;
    offset += bytesRead;
  }
  String str = new String(data, "UTF-8");
  return str;
}

Compliant Solution (2)

The no argument and one argument readFully() methods of the DataInputStream class can be used to read all the requested data. An IOException gets thrown if the byte array overflows or during the absence of incoming data. How to proceed is left to the exception handler to decide.

Code Block
bgColor#ccccff
public static String readBytes(DataInputStream dis) throws IOException {    	      	  
  byte[] data = new byte[1024];
  dis.readFully(data);
  String str = new String(data,"UTF-8");
  return str;
}

Risk Assessment

Non compliance can lead to the wrong number of bytes being read or character sequences being interpreted incorrectly.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

FIO03 FIO02-J

low

unlikely

medium

P2

L3

Automated Detection

TODO

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

References

Wiki Markup
[[API 06|AA. Java References#API 06]\] Class {{InputStream}}, {{DataInputStream}}
[[Phillips 05|AA. Java References#Phillips 05]\] 
[[Harold 99|AA. Java References#Harold 99]\] Chapter 7: Data Streams, Reading Byte Arrays
[[Chess 07|AA. Java References#Chess 07]\] 8.1 Handling Errors with Return Codes
\[[MITRE 09|AA. Java References#MITRE 09]\] [CWE ID 135|http://cwe.mitre.org/data/definitions/135.html] "Incorrect Calculation of Multi-Byte String Length"

...