...
| Code Block |
|---|
|
boolean isCapitalized(String s) {
try {
if (s.equals("""")) {
return true;
}
String first = s.substring( 0, 1);
String rest = s.substring( 1);
return (first.equals (first.toUpperCase()) &&
rest.equals (rest.toLowerCase()));
} catch (RuntimeException exception) {
ExceptionReporter.report(exception);
}
return false;
}
|
...
| Code Block |
|---|
|
boolean isCapitalized(String s) {
try {
if (s.equals("""")) {
return true;
}
String first = s.substring( 0, 1);
String rest = s.substring( 1);
return (first.equals (first.toUpperCase()) &&
rest.equals (rest.toLowerCase()));
} catch (NullPointerException exception) {
ExceptionReporter.report (exception);
}
return false;
}
|
...
| Code Block |
|---|
|
public class DivideException {
public static void main(String[] args) {
try {
division(200,5);
division(200,0); //divide by zero
} catch (Exception e) { System.out.println(""Divide by zero exception : "" + e.getMessage()); }
}
public static void division(int totalSum, int totalNumber) throws ArithmeticException, IOException {
int average = totalSum/totalNumber;
// Additional operations that may throw IOException...
System.out.println(""Average: ""+ average);
}
}
|
Noncompliant Code Example
...
| Code Block |
|---|
|
try {
division(200,5);
division(200,0); // Divide by zero
} catch (ArithmeticException ae) {
throw new DivideByZeroException();
}
// DivideByZeroException extends Exception so is checked
catch (Exception e) {
System.out.println(""Exception occurred :"" + e.getMessage());
}
|
Compliant Solution
...
| Code Block |
|---|
|
import java.io.IOException;
public class DivideException {
public static void main(String[] args) {
try {
division(200,5);
division(200,0); // Divide by zero
} catch (ArithmeticException ae) {
throw new DivideByZeroException(); }
// DivideByZeroException extends Exception so is checked
catch (IOException ie) {
System.out.println(""I/O Exception occurred :"" + ie.getMessage());
}
}
public static void division(int totalSum, int totalNumber) throws ArithmeticException, IOException {
int average = totalSum/totalNumber;
// Additional operations that may throw IOException...
System.out.println(""Average: ""+ average);
}
}
|
Exceptions
...
Search for vulnerabilities resulting from the violation of this rule on the CERT website.
References
| Wiki Markup |
|---|
\[[MITRE 09|AA. Java References#MITRE 09]\] [CWE ID 396|http://cwe.mitre.org/data/definitions/396.html] ""Declaration of Catch for Generic Exception"", [CWE ID 7|http://cwe.mitre.org/data/definitions/7.html] ""J2EE Misconfiguration: Missing Error Handling"", [CWE ID 537|http://cwe.mitre.org/data/definitions/537.html] ""Information Leak Through Java Runtime Error Message"", [CWE ID 536|http://cwe.mitre.org/data/definitions/536.html] ""Information Leak Through Servlet Runtime Error Message""
\[[Schweisguth 03|AA. Java References#Schweisguth 03]\]
\[[JLS 05|AA. Java References#JLS 05]\] [Chapter 11, Exceptions|http://java.sun.com/docs/books/jls/third_edition/html/exceptions.html]
\[[Tutorials 08|AA. Java References#tutorials 08]\] [Exceptions|http://java.sun.com/docs/books/tutorial/essential/exceptions/index.html]
\[[Doshi 03|AA. Java References#Doshi 03]\]
\[[Muller 02|AA. Java References#Muller 02]\] |
...
EXC31-J. Handle checked exceptions that can be thrown within a finally block 13. Exceptional Behavior (EXC) EXC33-J. Throw specific exceptions as opposed to the more general RuntimeException or Exception
