SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 9

changes.mady.by.user Justin Pincar

Saved on

compared with

New Version 10

changes.mady.by.user Fred Long

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
bgColor#FFcccc
import java.io.FileInputStream;
import java.io.FileNotFoundException;

class exceptionExceptionExample {
  public static void main(String[] args) throws FileNotFoundException {
    FileInputStream dis = new FileInputStream("c:\\" + args[1]);
  }
}

...

Code Block
bgColor#ccccff

import java.io.FileInputStream;
import java.io.FileNotFoundException;

class exceptionExceptionExample {
  public static void main(String[] args) {
    try {
      FileInputStream dis = new FileInputStream("c:\\" + args[1]);
    }
    catch(FileNotFoundException fnf) { 
      System.out.println("Error: Operation could not be performed"); 
    } //sanitized message
  }
}

Risk Assessment

TODOExceptions may inadvertently reveal sensitive information unless care is taken to limit the information displayed as the result of an exception.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

SEC00-J

?? medium ??

probable

?? high

P??

L??

Automated Detection

...

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

References

Wiki Markup
\[[SCG 07|AA. Java References#SCG 07]\]
Secure coding in Java http://java.sun.com/security/seccodeguide.htmlImage Removed