Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Programmers often fall into the trap of suppressing or ignoring checked exceptions. Unless there is a valid reason for ignoring exceptions, such as the client cannot be expected to stage a recovery, it is important to handle them appropriately. Because the exception disrupts the expected control flow of the application, care must be taken to ensure that all statements in the try block, before the catch block, execute as expected. Failure to take the actual system state into account when the exception is caught may result in security issues if the application continues to execute as if nothing has happened.

Noncompliant Code Example

This noncompliant code example adorns the catch block with an ignore comment and forgoes appropriate exception handling.

Code Block
bgColor#FFCCCC
try {
  //...
} catch(IOException ioe) { 
  // Ignore 
}

Noncompliant Code Example

Printing the exception's stack trace can be useful for debugging purposes but is equivalent to ignoring the exception, as this noncompliant code example demonstrates.

Code Block
bgColor#FFCCCC
try {
  //...
}catch(IOException ioe) { ioe.printStacktrace(); }

Note that even though the application reacts to the exception by printing out a stack trace, the application still proceeds as if the exception was not thrown, that is, the future long term behavior of the application does not change based on the throwing of the exception. Given that the resulting IOException indicates that an operation attempted by the application failed, it is unlikely that the application will be able to operate successfully in the future by assuming that the attempted operation succeeded.

Compliant Solution

This compliant solution attempts to recover from a FileNotFoundException by forcing the user to specify another file when a particular file does not exist in the user-specific directory.

Code Block
bgColor#ccccff
try {
  // Requested file does not exist
} catch(FileNotFoundException e) { 
  // Ask the user for a different filename 
}

Exceptions

EX1: It is reasonable to ignore handling an exception that occurs within a catch or finally block, such as when closing a FileInputStream object.

EX2: It is also permissible to ignore handling an exception when it is not possible to recover from the exceptional condition at that abstraction level. In such cases, the exception must be thrown so that higher level code can try recovering from the exceptional condition by catching and handling it.

Code Block
bgColor#ccccff
// When recovery is possible at higher levels
private void doSomething() throws FileNotFoundException {
  // Requested file does not exist; throws FileNotFoundException
  // Higher level code can handle it by displaying a dialog box and asking 
  // the user for the file name
}

If the higher level code is also incapable of staging a recovery, the checked exception may be wrapped in an unchecked exception and re-thrown.

Code Block
bgColor#ccccff
try {
  // Requested file does not exist
  // User is unable to supply the file name
}catch(FileNotFoundException e) { 
  throw new RuntimeException(e);
}

Risk Assessment

Ignoring or suppressing exceptions violates the fail-safe criteria of an application.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

EXC00- J

low

probable

medium

P4

L3

Automated Detection

TODO

Related Vulnerabilities

AMQ-1272

References

Wiki Markup
\[[JLS 05|AA. Java References#JLS 05]\] [Chapter 11, Exceptions|http://java.sun.com/docs/books/jls/third_edition/html/exceptions.html]
\[[Bloch 08|AA. Java References#Bloch 08]\] Item 65: "Don't ignore exceptions", Item 62: "Document all exceptions thrown by each method"
\[[MITRE 09|AA. Java References#MITRE 09]\]  [CWE ID 390|http://cwe.mitre.org/data/definitions/390.html] "Detection of Error Condition Without Action"


13. Exceptional Behavior (EXC)      13. Exceptional Behavior (EXC)      EXC01-J. Use a class dedicated to reporting exceptions