...
Noncompliant Code Example
This noncompliant code example catches IOException but fails to handle the exception.
| Code Block | ||
|---|---|---|
| ||
try {
//...
} catch (IOException ioe) {
// Ignore
}
|
Noncompliant Code Example
Printing the exception's stack trace can be useful for debugging purposes but results in program execution that is equivalent to suppressing the exception. Printing the stack trace can also result in unintentionally leaking information about the structure and state of the process to an attacker. (See ERR06-J. Do not allow exceptions to expose sensitive information for more information.)
...
| Wiki Markup |
|---|
The {{report()}} method accepts a {{Throwable}} instance and consequently handles all errors, checked exceptions, and unchecked exceptions. The filtering mechanism is based on a _whitelisting_ approach wherein only non-sensitive exceptions are propagated to the user. Exceptions that are forbidden to appear in a log file can be filtered in the same fashion (see [FIO08-J. Do not log sensitive information outside a trust boundary)|FIO08-J. Do not log sensitive information outside a trust boundary]. This approach provides the benefits of exception chaining by reporting exceptions tailored to the abstraction while also logging the low level cause for later failure analysis \[[Bloch 2008|AA. Bibliography#Bloch 08]\]. |
Noncompliant Code Example
If a thread is interrupted while sleeping or waiting, it causes a java.lang.InterruptedException to be thrown. However, the run() method of interface Runnable cannot throw a checked exception and must handle InterruptedException. This noncompliant code example catches and suppresses InterruptedException.
...