Security tool scan issue, Found reliance on default encoding: new String(byte[])

Question

I'm getting the "Found reliance on default encoding: new String(byte[])" for the following piece of code

InitAuth (Auth auth) {
        String jsonString =String(Base64.getDecoder().decode(token.split(".")[1]));
        context = JsonPath.parse(jsonString);
}

I've found solutions suggesting to use the string constructor in this format

new String(bytes, StandardCharsets.UTF_8)

But the problem is, in my code if I use a second parameter, It'll turn into this signature

new String(string, string)

And as you know this constructor is not defined for new String() . So can someone suggest how to resolve issue. Also please add if using Base64.getMimeDecoder() makes sense here.

Answer 1

String payloadUTF8 = new String(jsonString.getBytes(),StandardCharsets.UTF_8);
context = JsonPath.parse(payloadUTF8);

In order to call that String constructor, the first parameter must be a byte[]. Pass the result of .getBytes() as first parameter and then you can set StandardCharsets.UTF_8 as the second one.