Java Reference
In-Depth Information
Noncompliant Code Example (String Property)
This noncompliant code example uses the same method,
splitWords()
. This time the
WORDS
string is loaded from an external properties file.
public class Splitter {
private final String WORDS;
public Splitter() throws IOException {
Properties properties = new Properties();
properties.load(new FileInputStream("splitter.properties"));
WORDS = properties.getProperty("WORDS");
}
public String[] split(String input){
Pattern pattern = Pattern.compile(WORDS);
String[] input_array = pattern.split(input);
return input_array;
}
}
In the properties file, the
WORD
property is once again incorrectly specified as
\b
.
WORDS=\b
This is read by the
Properties.load()
method as a single character
b
, which causes
the
split()
method to split strings along the letter
b
. Although the string is interpreted
differently than if it were a string literal, as in the previous noncompliant code example,
the interpretation is incorrect.
Compliant Solution (String Property)
This compliant solution shows the correctly escaped value of the
WORDS
property:
WORDS=\\b
Applicability
Incorrect use of escape characters in string inputs can result in misinterpretation and po-
tential corruption of data.
