...
Printing the exception's stack trace can be useful for debugging purposes but results in program execution that is equivalent to suppressing the exception. Printing the stack trace can also result in unintentionally leaking information about the structure and state of the process to an attacker. (See ERR06ERR01-J. Do not allow exceptions to expose sensitive information for more information.)
...
| Code Block | ||
|---|---|---|
| ||
boolean volatile validFlag = false;
do {
try {
// If requested file does not exist, throws FileNotFoundException
// If requested file exists, sets a Boolean flag validFlag to true
validFlag = true;
} catch (FileNotFoundException e) {
// Ask the user for a different file name
}
} while (validFlag != true);
// Use the file
|
To comply with ERR06ERR01-J. Do not allow exceptions to expose sensitive information, the user is only allowed to access files in a user-specific directory. This prevents any other IOException that escapes the loop from leaking sensitive file system information.
...
Sometimes exceptions must be hidden from the user for security reasons (see ERR06ERR01-J. Do not allow exceptions to expose sensitive information). In such cases, one acceptable approach is to subclass the ExceptionReporter class and add a filter() method in addition to overriding the default report() method.
...
| Wiki Markup |
|---|
The {{report()}} method accepts a {{Throwable}} instance and consequently handles all errors, checked exceptions, and unchecked exceptions. The filtering mechanism is based on a _whitelisting_ approach wherein only non-sensitive exceptions are propagated to the user. Exceptions that are forbidden to appear in a log file can be filtered in the same fashion (see [FIO08-J. Do not log sensitive information outside a trust boundary)|FIO13-J. Do not log sensitive information outside a trust boundary]. This approach provides the benefits of exception chaining by reporting exceptions tailored to the abstraction while also logging the low level cause for later failure analysis \[[Bloch 2008|AA. Bibliography#Bloch 08]\]. |
...
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="e3bd3fcdb1ce85d9-bd7366a5-437a480e-a6b18cfc-11e40f3439822c95de78ceac"><ac:plain-text-body><![CDATA[ | [[Bloch 2008 | AA. Bibliography#Bloch 08]] | Item 65: "Don't ignore exceptions" and Item 62: "Document all exceptions thrown by each method" | ]]></ac:plain-text-body></ac:structured-macro> | |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="64880cf99e5d49c2-9d3be99e-4e084511-94459fab-eb8c283aec58d6c3c565acd8"><ac:plain-text-body><![CDATA[ | [[Goetz 2006 | AA. Bibliography#Goetz 06]] | 5.4 Blocking and interruptible methods | ]]></ac:plain-text-body></ac:structured-macro> | |
<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="d2980918c5d9d801-f8385e5d-442d45ff-9412beef-b56a8c946624c9d4b78e8b9b"><ac:plain-text-body><![CDATA[ | [[JLS 2005 | AA. Bibliography#JLS 05]] | [Chapter 11, Exceptions | http://java.sun.com/docs/books/jls/third_edition/html/exceptions.html] | ]]></ac:plain-text-body></ac:structured-macro> |
...