Question posted in 
Sonar is complaining my scala code need to use a different API to specify a charset name or Charset object explicitly.
class UpdatePartitionsFile(val sparkSession: SparkSession, val tableName:
String, val partitionsfilePath: String) {
....
def getPartitions: (String, String) = {
val partitionsFile = new File(partitionsfilePath);
// sonar is complaining that java/io/File.(Ljava/lang/String;)V reads a file whose location might be specified by user input
also sonar states “Use an alternative API and specify a charset name or Charset object explicitly”
val writer = new PrintWriter(partitionsfilePath);
what should I change from here?
appreciated any suggestions and helps
2
Answers
For the File input, Sonar believes you’re loading files from your file-system based on the user specifying (part of) the input path. Depending on what it is you’re doing with the file, you need to santise the input to ensure the user can’t do directory traversal (e.g.
../../../../../../etc/passwd) to read or over-write files based on input they provide.For the character encoding part, you need to use an
OuputStreamWriterto specify an encoding, and wrap it round aFileOutputStream:PrintWriter(File file)uses the default charset of the Java virtual machine. The default charset is determined during virtual machine startup and typically depends upon the locale and charset of the underlying operating system. To be deterministic you should usePrintWriter(File file, String csn)instead. For example, to ensure that UTF-8 is always used you can writenew PrintWriter(partitionsfilePath, StandardCharsets.UTF_8.name())