Page History

...

Exceptions disrupt the expected control flow of the application. For example, no part of any expression or statement that occurs in the try block after the point from which the exception is thrown is evaluated. Consequently, exceptions must be handled appropriately. There are few valid Many reasons for suppressing exceptions ; the most common is are invalid. For example, when the client cannot be expected to recover from the underlying problem. In these cases, it is good practice to allow the exception to propagate outwards rather than to catch and suppress the exception.

...

public interface Reporter {
  public void report(Throwable t);
}

public class ExceptionReporter {

  // Exception reporter that prints the exception 
  // to the console (used as default)
  private static final Reporter PrintException = new Reporter() {
    public void report(Throwable t) {
      System.err.println(t.toString());
    }
  };

  // Stores the default reporter.
  // The default reporter can be changed by the user.
  private static Reporter Default = PrintException;

  // Helps change the default reporter back to 
  // PrintException in the future
  public static Reporter getPrintException() {
    return PrintException;
  }

  public static Reporter getExceptionReporter() {
    return Default;
  }

  // May throw a SecurityException (which is unchecked)
public static void setExceptionReporter(Reporter reporter) {
    try {
      // Custom permission
      ExceptionReporterPermission perm = new 
          ExceptionReporterPermission("exc.reporter"); 
      SecurityManager sm = System.getSecurityManager();
      if (sm != null) {
        // Check whether the caller has appropriate permissions
        sm.checkPermission(perm);
      }
      // Change the default exception reporter
      Default = reporter; 
    } catch (SecurityException se) {
      System.out.println("Not allowed"); // or log
 Default = reporter; }
  }
}

The setExceptionReporter() method prevents hostile code from maliciously installing a more verbose reporter that leaks sensitive information or that directs exception reports to an inappropriate location, such as the attacker's computer, by limiting attempts to change the exception reporter to callers that have the custom permission ExceptionReporterPermission with target exc.reporter.

...

Any client code that possesses the required permissions can override the ExceptionReporter with a handler that logs the error or provides a dialog box, or both. For instanceexample, a GUI client using Swing may require exceptions to be reported using a dialog box:

...

The {{report()}} method accepts a {{Throwable}} instance and consequently handles all errors, checked exceptions, and unchecked exceptions. The filtering mechanism is based on a _whitelisting_ approach wherein only non-sensitive exceptions are propagated to the user. Exceptions that are forbidden to appear in a log file can be filtered in the same fashion (see rule [FIO13-J. Do not log sensitive information outside a trust boundary]. This approach provides the benefits of exception chaining by reporting exceptions tailored to the abstraction while also logging the low-level cause for laterfuture failure analysis \[[Bloch 2008|AA. Bibliography#Bloch 08]\].

...

ERR00-EX0: Exceptions that occur during the freeing of a resource may be suppressed in those cases where failure to free the resource cannot affect future program behavior. Examples of freeing resources include closing files, network sockets, shutting down threads, and so forth. Such resources are generally often freed in catch or finally blocks and are often never reused during subsequent execution. Consequently, the exception cannot influence future program behavior through any avenue other than resource exhaustion. When resource exhaustion is adequately handled, it is sufficient to sanitize and log the exception for future improvement; additional error handling is unnecessary in this case.

...

Ignoring or suppressing exceptions violates the fail-safe criteria of an applicationcan result in inconsistent program state.

...

AMQ-1272 describes a vulnerability in the ActiveMQ service. When ActiveMQ receives an invalid username and password from a Stomp client, a security exception is generated but is subsequently ignored, leaving the client connected , and with full and unrestricted access to ActiveMQ.

...

...