SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 73

changes.mady.by.user David Svoboda

Saved on

compared with

New Version 74

changes.mady.by.user Robert Seacord

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

Code Block
bgColor#ccccff
boolean volatile validFlag = false;
do {
  try {
    // If requested file does not exist, throws FileNotFoundException
    // If requested file exists, sets a Boolean flag validFlag to true
    validFlag = true; 
  } catch (FileNotFoundException e) { 
    // Ask the user for a different file name 
  }
} while (validFlag != true);
// Use the file

In order to To comply with ERR06-J. Do not allow exceptions to expose sensitive information, the user is only allowed to access only files in a user-specific directory. This prevents any other IOException that escapes the loop from leaking potentially sensitive file system information.

Compliant Solution (

...

Exception Reporter)

Proper reporting of exceptional conditions is context-dependent. For example, GUI applications should report the exception in a graphical way, such as through error dialog boxes or status windows. To preserve modularity, most manner, for example, an error dialog box. Most library classes should be able to objectively determine how an exception should be reported to preserve modularity; they cannot rely on System.err, on any particular logger, or on the availability of the windowing environment. As a result, library classes that wish to report exceptions should specify the API they will use to report exceptions:

...

The setExceptionReporter method prevents hostile code from maliciously installing a more verbose reporter that leaks sensitive information or that directs exception reports to an inappropriate location, such as the attacker's computer, by limiting attempts to change the exception reporter to callers that have the custom permission ExceptionReporterPermission with target exc.reporter. Refer to guideline SEC10-J. Define custom security permissions for fine grained security for additional information regarding defining custom permissions. Note that it would be is inappropriate to use a default permission such as java.util.logging.LoggingPermission here because the logging permission's purpose is to control execution of specific logging methods (such as Logger.setLevel), rather than to control setting the exception reporter itself.

...

Any client code that possesses the required permissions can override the ExceptionReporter with a handler that logs the error, or provides a dialog box, or both. For instance a GUI client using Swing may require exceptions to be reported using a dialog box:

...

If a thread is interrupted while sleeping or waiting, it causes a java.lang.InterruptedException to be thrown. But However, the run() method of interface Runnable cannot throw a checked exception , and so it must handle InterruptedException. This noncompliant code example catches and suppresses InterruptedException.

...

Wiki Markup
This code prevents callerscalling higher up the call stack methods from determining that an interrupted exception occurred;. consequentlyConsequently, theythese methods are unable to act on the exception \[[Goetz 2006|AA. Bibliography#Goetz 06]\].  Likewise, if this code was called in its own thread, it prevents the calling thread from knowing that this thread was interrupted.

...

Code Block
bgColor#ccccff
class Foo implements Runnable {
  public void run() {
    try {
      Thread.sleep(1000);    
    } catch (InterruptedException e) {
      Thread.currentThread().interrupt(); // Reset interrupted status
    }
  }
}

Wiki Markup
Consequently, code that is higher up on the call stack calling methods (or code from a calling thread) can seedetermine that an interrupt was issued \[[Goetz 2006|AA. Bibliography#Goetz 06]\].

...