...
This compliant solution executes several statements that can possibly throw exceptions prior to performing any security critical operations and uses the thread and exception safe java.util.logging.Logger class to implement logging. (see See guideline EXC03-J. Use a logging API to log critical security exceptions for more information on the use of logging libraries.) .
| Code Block | ||
|---|---|---|
| ||
public class ExceptionLog implements Runnable {
Logger logger;
Integer id;
public ExceptionLog(Integer i, Logger log) {
logger = log;
id = i;
}
public void logMessage(String message) {
// Note that the Java Logger class does not throw exceptions
// while logging a message.
logger.log(Level.WARNING, "From " + id + ": " + message);
}
public void run() {
try {
// Some security exception occurs here.
} catch(SecurityException se) {
logMessage("Security Exception has occurred!");
}
}
public static void main(String[] args) {
try {
// Set up the shared logger for use by the multiple threads
Logger logger = Logger.getLogger("MyLog");
FileHandler fh = new FileHandler("log_file.txt", true);
logger.addHandler(fh);
logger.setLevel(Level.ALL);
SimpleFormatter formatter = new SimpleFormatter();
fh.setFormatter(formatter);
// Start multiple threads for logging messages
for (int x = 1; x <= 20; x++) {
(new Thread(new ExceptionLog(x, logger))).start();
}
} catch (SecurityException e) {
// This is unexpected.
throw new RuntimeException(e);
} catch (IOException e) {
// This is unexpected.
throw new RuntimeException(e);
}
}
}
|
...
If an exception is thrown while data is being logged, the data may be lost or security problems may be concealed.
Rule Guideline | Severity | Likelihood | Remediation Cost | Priority | Level |
|---|---|---|---|---|---|
EXC07-J | medium | likely | high | P6 | L2 |
...