如何防止发现“Validation.EncodingRequired"在 Java 中 [英] How to prevent the finding "Validation.EncodingRequired" in Java
问题描述
最近,我使用 AppScan Source 扫描编码,它发现了一个我不知道如何修复并传递给扫描仪的发现,或者是误报?
Recently, I used the AppScan Source to scan the coding, and it found out one of the finding which I don't know how to fix and pass to the scanner or is it a false alarm?
这是我的代码.
public static void copyFileUsingFileStreams(File source, File dest)
throws IOException
{
InputStream input = null;
OutputStream output = null;
try
{
input = new FileInputStream(source);
output = new FileOutputStream(dest);
byte[] buf = new byte[1024];
int bytesRead;
while ((bytesRead = input.read(buf)) > 0) {
output.write(buf, 0, bytesRead); //Scanner reported that's a vulnerability in API OutputStream.write()
}
}
finally
{
input.close();
output.close();
}
}
推荐答案
我觉得不错.如果您正在写入字节,则不需要编码.如果你在写角色,那就另当别论了.
Looks fine to me. There's no need for an encoding if you're writing bytes. If you were writing characters, that would be a different matter.
也就是说,您确实应该将流包装在缓冲版本中:
That said, you really ought to be wrapping your streams in buffered versions:
output = new BufferedOutputStream(new FileOutputStream(dest));
和 input
类似.这不会影响与编码有关的任何事情,但会提高文件 I/O 的效率.
and similarly for input
. That doesn't affect anything to do with encodings, but it will make the file I/O more efficient.
您还应该更改 finally
块:
finally
{
if (input!=null)
input.close();
if (output!=null)
output.close();
}
当您开始捕获并处理 IOException
时,正如您应该做的那样,如果在您的流中出现任何问题,您将面临 NullPointerException
正在创建中.
When you start to catch and deal with IOException
s, as you ought to be doing, you'll be risking a NullPointerException
if anything goes wrong while your streams are being created.
这篇关于如何防止发现“Validation.EncodingRequired"在 Java 中的文章就介绍到这了,希望我们推荐的答案对大家有所帮助,也希望大家多多支持IT屋!