SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

Versions Compared

Old Version 81

changes.mady.by.user Todd Nowacki

Saved on

compared with

New Version Current

changes.mady.by.user Jon O'Donnell

Saved on

Key

  • This line was added.
  • This line was removed.
  • Formatting was changed.

Methods must not throw RuntimeException, Exception, or Exception Throwable. Handling these exceptions requires catching RuntimeException, which is disallowed by rule ERR14ERR08-J. Do not catch NullPointerException or any of its ancestors. Moreover, throwing a RuntimeException can lead to subtle errors; for example, a caller cannot examine the exception to determine why it was thrown and consequently cannot attempt recovery.

...

The isCapitalized() method in this noncompliant code example accepts a string and returns true when it the string consists of a capital letter followed by lowercase letters. The method also throws a RuntimeException when passed a null string argument.

Code Block
bgColor#ffcccc

boolean isCapitalized(String s) {
  if (s == null) {
    throw new RuntimeException("Null String");
  }
  if (s.equals("")) {
    return true;
  }
  String first = s.substring(0, 1);
  String rest = s.substring(1);
  return (first.equals(first.toUpperCase()) &&
          rest.equals(rest.toLowerCase()));
}

A calling method must also violate rule ERR14ERR08-J. Do not catch NullPointerException or any of its ancestors to determine if whether the RuntimeException was thrown.

...

This compliant solution throws the (NullPointerException) to denote the specific exceptional condition.:

Code Block
bgColor#ccccff

boolean isCapitalized(String s) {
  if (s == null) {
    throw new NullPointerException();
  }
  if (s.equals("")) {
    return true;
  }
  String first = s.substring(0, 1);
  String rest = s.substring(1);
  return (first.equals(first.toUpperCase()) &&
          rest.equals(rest.toLowerCase()));
}

Note that the null check is redundant; if it were removed, the next subsequent call (to s.equals("")) will would throw a NullPointerException when s is null. However, the explicit null check is a good form because it explicitly indicates the programmer's intent. More complex code may require explicit testing of invariants and appropriate throw statements.

Noncompliant Code Example

This noncompliant code example specifies the Exception class in the throws clause of the method declaration for the doSomething() method.:

Code Block
bgColor#ffcccc

private void doSomething() throws Exception {
  //...
}

...

This compliant solution declares a more specific exception class in the throws clause of the method declaration for the doSomething() method.:

Code Block
bgColor#ccccff

private void doSomething() throws IOException {
  //...
}

Exceptions

EXC13ERR07-J-EX0: Classes that sanitize exceptions to comply with a security policy are permitted to translate specific exceptions into more general exceptions. This translation could potentially result in throwing RuntimeException, Exception, or Exception Throwable in some cases, depending on the details requirements of the security policy.

Risk Assessment

Throwing RuntimeException and , Exception, or Throwable prevents classes from catching the intended exceptions without catching other unintended exceptions as well.

Recommendation

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

ERR13

ERR07-J

low

Low

likely

Likely

medium

Medium

P6

L2

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Related Guidelines

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="ace64fda-909b-4d37-8157-2ef7252284fb"><ac:plain-text-body><![CDATA[

[[MITRE 2009

AA. Bibliography#MITRE 09]]

[CWE-397

http://cwe.mitre.org/data/definitions/397.html] "Declaration of Throws for Generic Exception"

]]></ac:plain-text-body></ac:structured-macro>

Bibliography

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="3237d0ed-17f6-4f76-a52e-9c93a07b2182"><ac:plain-text-body><![CDATA[

[[Goetz 2004b

AA. Bibliography#Goetz 04b]]

 

]]></ac:plain-text-body></ac:structured-macro>

<ac:structured-macro ac:name="unmigrated-wiki-markup" ac:schema-version="1" ac:macro-id="46555a66-f0db-4ba9-acb3-9ff0c21cd9cc"><ac:plain-text-body><![CDATA[

[[Tutorials 2008

AA. Bibliography#Tutorials 08]]

[Unchecked Exceptions — The Controversy

http://java.sun.com/docs/books/tutorial/essential/exceptions/runtime.html]

]]></ac:plain-text-body></ac:structured-macro>

Automated Detection

ToolVersionCheckerDescription
CodeSonar
Include Page
CodeSonar_V
CodeSonar_V

JAVA.STRUCT.EXCP.BROAD

Broad Throws Clause (Java)

Parasoft Jtest
Include Page
Parasoft_V
Parasoft_V
CERT.ERR07.NTX
CERT.ERR07.NTERR		Avoid declaring methods to throw general or unchecked Exception types
Do not throw exception types which are too general or are unchecked exceptions
SonarQube
Include Page
SonarQube_V
SonarQube_V
S112Generic exceptions should never be thrown

Related Guidelines

MITRE CWE

CWE-397, Declaration of Throws for Generic Exception

Bibliography

[Goetz 2004b]


[Java Tutorials]

Unchecked Exceptions—The Controversy


...

Image Added Image Added ERR06-J. Do not let code throw undeclared checked exceptions      06. Exceptional Behavior (ERR)