SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 135

changes.mady.by.user Will Snavely

Saved on

compared with

New Version 136

changes.mady.by.user Alexandre GIGLEUX

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Ignoring or suppressing exceptions can result in inconsistent program state.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

ERR00-J

Low

Probable

Medium

P4

L3

Automated Detection

Detection of suppressed exceptions is straightforward. Sound determination of which specific cases represent violations of this rule and which represent permitted exceptions to the rule is infeasible. Heuristic approaches may be effective.

Tool
Version
Checker
Description
CodeSonar
Include Page
CodeSonar_V
CodeSonar_V
FB.BAD_PRACTICE.DE_MIGHT_IGNOREMethod might ignore exception
Coverity7.5MISSING_THROWImplemented
Parasoft Jtest
Include Page
Parasoft_V
Parasoft_V
SECURITY.UEHL.LGE, UC.UCATCHImplemented
SonarQube
Include Page
SonarQube_V
SonarQube_V
S1166
 
Exception handlers should preserve the original exceptions

Related Vulnerabilities

AMQ-1272 describes a vulnerability in the ActiveMQ service. When ActiveMQ receives an invalid username and password from a Stomp client, a security exception is generated but is subsequently ignored, leaving the client connected with full and unrestricted access to ActiveMQ.

Related Guidelines

MITRE CWE

CWE-390, Detection of Error Condition without Action

Bibliography

[Bloch 2008]

Item 62, "Document All Exceptions Thrown by Each Method"
Item 65, "Don't Ignore Exceptions"

[Goetz 2006]

Section 5.4, "Blocking and Interruptible Methods"

[JLS 2015]

Chapter 11, "Exceptions"

...


...