SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 129

changes.mady.by.user Amy Gale

Saved on

compared with

New Version 130

changes.mady.by.user David Svoboda

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: cleaned up MyExceptionReporter

...

Code Block
bgColor#ccccff
public interface Reporter {
  public void report(Throwable t);
}

class ExceptionReporterPermission extends Permission {
  // ...
}

public class ExceptionReporter {

  // Exception reporter that prints the exception 
  // to the console (used as default)
  private static final Reporter PrintException = new Reporter() {
    public void report(Throwable t) {
      System.err.println(t.toString());
    }
  };

  // Stores the default reporter
  // The default reporter can be changed by the user
  private static Reporter Default = PrintException;

  // Helps change the default reporter back to 
  // PrintException in the future
  public static Reporter getPrintException() {
    return PrintException;
  }

  public static Reporter getExceptionReporter() {
    return Default;
  }

  // May throw a SecurityException (which is unchecked)
public static void setExceptionReporter(Reporter reporter) {
    // Custom permission
    ExceptionReporterPermission perm = new 
        ExceptionReporterPermission("exc.reporter"); 
    SecurityManager sm = System.getSecurityManager();
    if (sm != null) {
      // Check whether the caller has appropriate permissions
      sm.checkPermission(perm);
    }
    // Change the default exception reporter
    Default = reporter; 
  }
}

...

Code Block
bgColor#ccccff
class MyExceptionReporter extends ExceptionReporter {
  private static final Logger logger =
      Logger.getLogger("com.organization.Log");

  public static void report(Throwable t) {
    t try {= filter(t);
    if (t final!= Throwable filteredException =null) {
      logger.log(Level.FINEST, "Loggable   (t instanceof NonSensitiveException_1) ? t : filter(exception occurred", t);
    } finally {
      // Do any necessary user reporting
      // (show dialog box or send to console)}

  public static Exception  if filter(filteredExceptionThrowable instanceof NonSensitiveCommonExceptiont) {
        logger.log(Level.FINEST, "Loggable exception occurred", t);    if (t instanceof SensitiveException1) {
      }
    }
  }

  public static Exception filter(Throwable t) {
    // Too sensitive, return nothing (so that no logging happens)
      return null;
    } else if (t instanceof SensitiveForLoggingException_1SensitiveException2) { 
      // DoReturn nota logdefault sensitiveinsensitive informationexception (whitelist)instead
      return SensitiveCommonExceptionnew FilteredSensitiveException(t);
    }
    // ...
    // Return for reporting to the user
    return new NonSensitiveCommonException()t; 
  }
}

 
// ...Definitions for SensitiveException1, SensitiveException2
// and FilteredSensitiveException...

The report() method accepts a Throwable instance and consequently handles all errors, checked exceptions, and unchecked exceptions. The filtering mechanism is based on a whitelisting approach wherein only nonsensitive exceptions are propagated to the user. Exceptions that are forbidden to appear in a log file can be filtered in the same fashion (see FIO13-J. Do not log sensitive information outside a trust boundary). This approach provides the benefits of exception chaining by reporting exceptions tailored to the abstraction while also logging the low-level cause for future failure analysis [Bloch 2008].

...