SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 39

changes.mady.by.user Dhruv Mohindra

Saved on

compared with

New Version 40

changes.mady.by.user Dhruv Mohindra

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.
Comment: general edit

...

In this noncompliant code example, the finally block completes abruptly because a return statement occurs within its body. As a result, when the IllegalStateException is thrown, it does not propagate all the way up through the call stack. This is because of the abrupt termination of the finally block that suppresses any useful exception information from being displayed as a result of overriding the exception thrown in the try block.

Code Block
bgColor#FFCCCC
class TryFinally {              
  private static boolean doLogic() {
    try {
      throw new IllegalStateException(); 
    } 
    finally {
      System.out.println("Uncaught Exception");
      return true;
    }
  }

  public static void main(String[] args) {
    doLogic();	
  }
}

Consequently, when the IllegalStateException is thrown, it does not propagate all the way up through the call stack. This is because of the abrupt termination of the finally block that suppresses any useful exception information from being displayed as a result of overriding the exception thrown in the try block.

Note that this example would not be insecure if only the try block were to return some value; the finally block always executesNote that even if the try block returns some value, the finally block is executed.

Compliant Solution

This compliant solution removes the return statement from the finally block. Any return statements must occur after this block. If this is adopted, the compiler throws an error as the return statement is unreachable because of the explicit, unavoidable throwing of IllegalStateException. If the exception is thrown conditionally, the return statement can be used without any compilation errors.

Code Block
bgColor#ccccff
class TryFinally {         
  private static boolean doLogic() {
    try {
      throw new IllegalStateException(); 
    }  
    finally {
      System.out.println("Caught Exception");
    }
    // anyAny return statements must go here; applicable only when exception is thrown conditionally
  }

  public static void main(String[] args) {
    doLogic();	
  }
}

If this is adopted, the compiler throws an error as the return statement is unreachable because of the explicit, unavoidable throwing of IllegalStateException. If the exception is thrown conditionally, the return statement can be used without any compilation errors.

Risk Assessment

Exiting abruptly from a finally block may result in the masking of thrown exceptions.

...