Versions Compared

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

...

This compliant solution handles a FileNotFoundException by requesting that the user specify another file name:

Code Block
bgColor#ccccff
volatile boolean validFlag = false;
do {
  try {
    // ...
    // If requested file does not exist, throws FileNotFoundException
    // If requested file exists, sets validFlag to true
    validFlag = true;
  } catch (FileNotFoundException e) {
    // Ask the user for a different file name
  }
} while (validFlag != true);
// Use the file

...

Code Block
bgColor#ccccff
public interface Reporter {
  public void report(Throwable t);
}

class ExceptionReporterPermission extends Permission {
  // ...
}

public class ExceptionReporter {

  // Exception reporter that prints the exception 
  // to the console (used as default)
  private static final Reporter PrintException = new Reporter() {
    public void report(Throwable t) {
      System.err.println(t.toString());
    }
  };

  // Stores the default reporter
  // The default reporter can be changed by the user
  private static Reporter Default = PrintException;

  // Helps change the default reporter back to 
  // PrintException in the future
  public static Reporter getPrintException() {
    return PrintException;
  }

  public static Reporter getExceptionReporter() {
    return Default;
  }

  // May throw a SecurityException (which is unchecked)
public static void setExceptionReporter(Reporter reporter) {
    // Custom permission
    ExceptionReporterPermission perm = new 
        ExceptionReporterPermission("exc.reporter"); 
    SecurityManager sm = System.getSecurityManager();
    if (sm != null) {
      // Check whether the caller has appropriate permissions
      sm.checkPermission(perm);
    }
    // Change the default exception reporter
    Default = reporter; 
  }
}

...

Code Block
bgColor#ccccff
class MyExceptionReporter extends ExceptionReporter {
  private static final Logger logger =
      Logger.getLogger("com.organization.Log");

  public static void report(Throwable t) {
    t try {= filter(t);
    if (t final!= Throwablenull) filteredException{
 =
     logger.log(Level.FINEST, "Loggable exception occurred", t);
    }
 (t instanceof NonSensitiveException_1) ? t :}

  public static Exception filter(Throwable t); {
    if (t }instanceof finallySensitiveException1) {
      // DoToo anysensitive, necessaryreturn usernothing reporting
(so that no logging happens)
  // (show dialog box or send to console)return null;
    } else if (filteredExceptiont instanceof NonSensitiveCommonExceptionSensitiveException2) {
      //  logger.log(Level.FINEST, "Loggable exception occurred", t);Return a default insensitive exception instead
      }
return new FilteredSensitiveException(t);
  }
  }

  public static Exception filter(Throwable t) {
    if (t instanceof SensitiveForLoggingException_1) { // ...
    // Return for reporting to the user
      // Do not log sensitive information (whitelist)
      return SensitiveCommonException();
    }
    return t;
  }
}

 
// ...
Definitions for SensitiveException1,  SensitiveException2
// Return for reporting to the user
    return new NonSensitiveCommonException(); 
  }
}
and FilteredSensitiveException...

The report() method accepts a Throwable instance and consequently handles all errors, checked exceptions, and unchecked exceptions. The filtering mechanism is based on a whitelisting approach wherein only nonsensitive exceptions are propagated to the user. Exceptions that are forbidden to appear in a log file can be filtered in the same fashion (see FIO13-J. Do not log sensitive information outside a trust boundary). This approach provides the benefits of exception chaining by reporting exceptions tailored to the abstraction while also logging the low-level cause for future failure analysis [Bloch 2008].

...

Ignoring or suppressing exceptions can result in inconsistent program state.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

ERR00-J

Low

Probable

Medium

P4

L3

Automated Detection

Detection of suppressed exceptions is straightforward. Sound determination of which specific cases represent violations of this rule and which represent permitted exceptions to the rule is infeasible. Heuristic approaches may be effective.

Tool
Version
Checker
Description
Coverity7.5MISSING_THROWImplemented
Parasoft Jtest9.5SECURITY.UEHL.LGE, UC.UCATCHImplemented

Tool
Version
Checker
Description
CodeSonar
Include Page
CodeSonar_V
CodeSonar_V

JAVA.STRUCT.EXCP.EEH

Empty Exception Handler (Java)

Coverity7.5MISSING_THROWImplemented
Parasoft Jtest
Include Page
Parasoft_V
Parasoft_V
CERT.ERR00.LGE
CERT.ERR00.UCATCH
Ensure all exceptions are either logged with a standard logger or rethrown
Use a caught exception in the "catch" block
PVS-Studio

Include Page
PVS-Studio_V
PVS-Studio_V

V5301
SonarQube
Include Page
SonarQube_V
SonarQube_V
S1166Exception handlers should preserve the original exceptions

Related Vulnerabilities

AMQ-1272 describes a vulnerability in the ActiveMQ service. When ActiveMQ receives an invalid username and password from a Stomp client, a security exception is generated but is subsequently ignored, leaving the client connected with full and unrestricted access to ActiveMQ.

Related Guidelines

MITRE CWE

CWE-390, Detection of Error Condition without Action

Bibliography

[Bloch 2008]

Item 62, "Document All Exceptions Thrown by Each Method"
Item 65, "Don't Ignore Exceptions"

[Goetz 2006]

Section 5.4, "Blocking and Interruptible Methods"

[JLS 2015]

Chapter 11, "Exceptions"

...


...

Image Modified Image Modified Image Modified