== Why is this an issue? Using classes and methods that rely on the default system encoding can result in code that works fine in its "home" environment. But that code may break for customers who use different encodings in ways that are extremely difficult to diagnose and nearly, if not completely, impossible to reproduce when it's time to fix them. This rule detects uses of the following classes and methods: * ``++FileReader++`` * ``++FileWriter++`` * String constructors with a ``++byte[]++`` argument but no ``++Charset++`` argument ** ``++String(byte[] bytes)++`` ** ``++String(byte[] bytes, int offset, int length)++`` * ``++String.getBytes()++`` * ``++String.getBytes(int srcBegin, int srcEnd, byte[] dst, int dstBegin)++`` * ``++InputStreamReader(InputStream in)++`` * ``++OutputStreamWriter(OutputStream out)++`` * ``++ByteArrayOutputStream.toString()++`` * Some ``++Formatter++`` constructors ** ``++Formatter(String fileName)++`` ** ``++Formatter(File file)++`` ** ``++Formatter(OutputStream os)++`` * Some ``++Scanner++`` constructors ** ``++Scanner(File source)++`` ** ``++Scanner(Path source)++`` ** ``++Scanner(InputStream source)++`` * Some ``++PrintStream++`` constructors ** ``++PrintStream(File file)++`` ** ``++PrintStream(OutputStream out)++`` ** ``++PrintStream(OutputStream out, boolean autoFlush)++`` ** ``++PrintStream(String fileName)++`` * Some ``++PrintWriter++`` constructors ** ``++PrintWriter(File file)++`` ** ``++PrintWriter(OutputStream out)++`` ** ``++PrintWriter(OutputStream out, boolean autoFlush)++`` ** ``++PrintWriter(String fileName)++`` * methods from Apache commons-io library which accept an encoding argument when that argument is null, and overloads of those methods that omit the encoding argument ** ``++IOUtils.copy(InputStream, Writer)++`` ** ``++IOUtils.copy(Reader, OutputStream)++`` ** ``++IOUtils.readLines(InputStream)++`` ** ``++IOUtils.toByteArray(Reader)++`` ** ``++IOUtils.toByteArray(String)++`` ** ``++IOUtils.toCharArray(InputStream)++`` ** ``++IOUtils.toInputStream(TypeCriteria.subtypeOf(CharSequence))++`` ** ``++IOUtils.toString(byte[])++`` ** ``++IOUtils.toString(URI)++`` ** ``++IOUtils.toString(URL)++`` ** ``++IOUtils.write(char[], OutputStream)++`` ** ``++IOUtils.write(CharSequence, OutputStream)++`` ** ``++IOUtils.writeLines(Collection, String, OutputStream)++`` ** ``++FileUtils.readFileToString(File)++`` ** ``++FileUtils.readLines(File)++`` ** ``++FileUtils.write(File, CharSequence)++`` ** ``++FileUtils.write(File, CharSequence, boolean)++`` ** ``++FileUtils.writeStringToFile(File, String)++`` == Resources * https://wiki.sei.cmu.edu/confluence/x/pzdGBQ[CERT, STR04-J.] - Use compatible character encodings when communicating string data between JVMs * https://wiki.sei.cmu.edu/confluence/x/ujZGBQ[CERT, STR50-J.] - Use the appropriate method for counting characters in a string ifdef::env-github,rspecator-view[] ''' == Implementation Specification (visible only on this page) === Message Remove this use of "xxx" ''' == Comments And Links (visible only on this page) === on 25 Aug 2014, 06:42:54 Freddy Mallet wrote: Hi @Ann, did you get the idea of this rule from CWE or Findbugs ? === on 25 Aug 2014, 19:01:12 Ann Campbell wrote: Neither, [~freddy.mallet]. I believe it was [~dinesh.bolkensteyn] who requested this rule. I've just checked the CWE list, but I don't see one that we could tie this rule to without a stretch. === on 26 Aug 2014, 12:14:08 Freddy Mallet wrote: My only fear is to have this rule generating too many false-positives [~ann.campbell.2]. === on 26 Aug 2014, 13:59:35 Dinesh Bolkensteyn wrote: It's going to work [~freddy.mallet]. === on 30 Apr 2015, 13:21:31 David Gageot wrote: Hi all! lot's of defects will be raised but none will be false positive. Methods without charset/encoding should be deprecated altogether. They will fail. And they will wait production to do so! endif::env-github,rspecator-view[]