SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 98

changes.mady.by.user Masaki Kubo

Saved on

compared with

New Version 99

changes.mady.by.user Masaki Kubo

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
bgColor#FFCCCC
try {
  //...
} catch (IOException ioe) {
  ioe.printStacktraceprintStackTrace();
}

Printing the exception's stack trace can be useful for debugging purposes, but the resulting program execution is equivalent to suppressing the exception. Printing the stack trace can also leak information about the structure and state of the process to an attacker. (See rule ERR01-J. Do not allow exceptions to expose sensitive information for more information.) Note that even though this noncompliant code example reacts to the exception by printing out a stack trace, it then proceeds as though the exception were not thrown. That is, the behavior of the application is unaffected by the exception being thrown, except that any expressions or statements that occur in the try block after the point from which the exception is thrown are not evaluated.

...

This compliant solution handles a FileNotFoundException by requesting that the user specify another file name.

Code Block
bgColor#ccccff
volatile boolean volatile validFlag = false;
do {
  try {
    // If requested file does not exist, throws FileNotFoundException
    // If requested file exists, sets validFlag to true
    validFlag = true;
  } catch (FileNotFoundException e) {
    // Ask the user for a different file name
  }
} while (validFlag != true);
// Use the file

...

Code Block
bgColor#ccccff
ExceptionReporter.setExceptionReporter(new ExceptionReporter() {
  public void report(Throwable exception) {
    JOptionPane.showMessageDialog(frame,
                                  exception.toString,
                                  exception.getClass().getName(),
                                  JOptionPane.ERROR_MESSAGE);
  }});
}

Compliant Solution (Subclass Exception Reporter and Filter Sensitive Exceptions)

...

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="0a0d45088ab26211-5bc23f08-465f4cb5-95f9be05-a37e9fced78096024f669813"><ac:plain-text-body><![CDATA[

[[Bloch 2008

AA. References#Bloch 08]]

Item 65. Don't ignore exceptions; Item 62. Document all exceptions thrown by each method

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="e08bf37c44036eb6-ee3f17f4-40454907-be64b45e-50eb86761bd1d3a371f67478"><ac:plain-text-body><![CDATA[

[[Goetz 2006

AA. References#Goetz 06]]

5.4, Blocking and interruptible methods

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="38808a5a9903c30a-fb2bd919-48bf403b-a1c084bf-d7ff93f4fb42aefe442515bb"><ac:plain-text-body><![CDATA[

[[JLS 2005

AA. References#JLS 05]]

[Chapter 11, Exceptions

http://java.sun.com/docs/books/jls/third_edition/html/exceptions.html]

]]></ac:plain-text-body></ac:structured-macro>

...