Improper Handling of Unicode Encoding
Description
The code is vulnerable to improper handling of Unicode encoding, which can lead to security issues such as bypassing input validation or injecting malicious data.
Examples
Insecure Code
scala
String s = input.toLowerCase();
if (s.equals("expected")) {...}Secure Code
scala
String s = java.text.Normalizer.normalize(input, java.text.Normalizer.NFC);
if (s.equals("expected")) {...}Remediation
Properly handle Unicode encoding by using the correct encoding and normalization techniques, such as using the 'java.text.Normalizer' class or the 'java.net.IDN' class.
Rule Details
| Field | Value |
|---|---|
| ID | CODE-0071 |
| Category | Generic |
| Severity | MEDIUM |
| CWE | CWE-176 |
| Confidence | HIGH |
| Impact | MEDIUM |
| Likelihood | MEDIUM |
| Exploitability | MODERATE |
| Tags | unicode, encoding |
| OWASP | N/A |