...
This compliant solution handles a FileNotFoundException
by requesting that the user specify another file name:
Code Block | ||
---|---|---|
| ||
volatile boolean validFlag = false; do { try { // ... // If requested file does not exist, throws FileNotFoundException // If requested file exists, sets validFlag to true validFlag = true; } catch (FileNotFoundException e) { // Ask the user for a different file name } } while (validFlag != true); // Use the file |
...
Ignoring or suppressing exceptions can result in inconsistent program state.
Rule | Severity | Likelihood | Remediation Cost | Priority | Level |
---|---|---|---|---|---|
ERR00-J | Low | Probable | Medium | P4 | L3 |
Automated Detection
Detection of suppressed exceptions is straightforward. Sound determination of which specific cases represent violations of this rule and which represent permitted exceptions to the rule is infeasible. Heuristic approaches may be effective.
Tool | Version | Checker | Description |
---|---|---|---|
CodeSonar |
| JAVA.STRUCT.EXCP.EEH | Empty Exception Handler (Java) | ||||||
Coverity | 7.5 | MISSING_THROW | Implemented | |||||
Parasoft Jtest |
| CERT.ERR00.LGE CERT.ERR00.UCATCH | Ensure all exceptions are either logged with a standard logger or rethrown Use a caught exception in the "catch" block | |||||||
PVS-Studio |
| V5301 | |||||||
SonarQube |
|
|
| S1166 |
Exception handlers should preserve the original exceptions |
Related Vulnerabilities
AMQ-1272 describes a vulnerability in the ActiveMQ service. When ActiveMQ receives an invalid username and password from a Stomp client, a security exception is generated but is subsequently ignored, leaving the client connected with full and unrestricted access to ActiveMQ.
Related Guidelines
Bibliography
Item 62, "Document All Exceptions Thrown by Each Method" | |
Section 5.4, "Blocking and Interruptible Methods" | |
[JLS 2015] |
...
...