security - How to prevent the finding "Validation.EncodingRequired" in Java -

security - How to prevent the finding "Validation.EncodingRequired" in Java -

recently, used appscan source scan coding, , found out 1 of finding don't know how prepare , pass scanner or false alarm?

here's code.

public static void copyfileusingfilestreams(file source, file dest) throws ioexception { inputstream input = null; outputstream output = null; seek { input = new fileinputstream(source); output = new fileoutputstream(dest); byte[] buf = new byte[1024]; int bytesread; while ((bytesread = input.read(buf)) > 0) { output.write(buf, 0, bytesread); //scanner reported that's vulnerability in api outputstream.write() } } { input.close(); output.close(); } }

looks fine me. there's no need encoding if you're writing bytes. if writing characters, different matter.

that said, ought wrapping streams in buffered versions:

output = new bufferedoutputstream(new fileoutputstream(dest));

and input. doesn't impact encodings, create file i/o more efficient.

you should alter finally block:

finally { if (input!=null) input.close(); if (output!=null) output.close(); }

when start grab , deal ioexceptions, ought doing, you'll risking nullpointerexception if goes wrong while streams beingness created.

java security