...
| Code Block | ||
|---|---|---|
| ||
class ExceptionExample {
public static void main(String[] args) throws FileNotFoundException {
FileInputStream fis = new FileInputStream("c:\\" + args[0]);
}
}
|
Noncompliant Code Example
This noncompliant code example logs the exception and re-throws it without performing adequate message sanitization.
| Code Block | ||
|---|---|---|
| ||
try {
FileInputStream fis = new FileInputStream("c:\\" + args[0]);
} catch (FileNotFoundException e) {
// log the exception
throw e;
}
|
Compliant Solution
To overcome the problem, the exception must be caught while taking special care to sanitize the message before propagating it to the caller. In cases where the exception type itself can reveal too much information, consider throwing a different exception altogether (with a different message, or possibly a higher level exception, referred to as exception translation). The MyExceptionReporter class described in EXC05-J. Use a class dedicated to reporting exceptions is a good choice, as this compliant solution highlights.
...