SEI CERT Oracle Coding Standard for Java

Space shortcuts

Page tree

You are viewing an old version of this page. View the current version.

Compare with Current View Page History

« Previous Version 20 Next »

According to the Java Language Specification [[JLS 05]] section 11.2 "Compile-Time Checking of Exceptions":

The unchecked exceptions classes are the class RuntimeException and its subclasses, and the class Error and its subclasses. All other exception classes are checked exception classes.

Unchecked exception classes such as Error and its subclasses do not undergo compile time checking as it is tedious to account for all cases and recovery is generally difficult. However, most often recovery is not impossible, or at least a graceful exit that logs the error is feasible.

Noncompliant Code Example

This noncompliant code example generates a StackOverflowError as a result of infinite recursion. This exhausts the available stack space and may result in a denial of service.

public class StackOverflow {
  public static void main(String[] args) {
    infiniteRun();
    System.out.println("Continuing...");
  }
    
  private static void infiniteRun() {
    infiniteRun();
  }
}

Compliant Solution

This compliant solution shows a try-catch block that can be used to capture java.lang.Error or java.lang.Throwable. A log entry can be made at this point followed by attempts to free system resources. 

public class StackOverflow {
  public static void main(String[] args) {
    try {
     infiniteRun();
    }catch(Throwable t) {
      System.out.println("Handling error...");
      //free cache, release resources and log error to file
    }
    System.out.println("Continuing...");
  }
    
  private static void infiniteRun() {
    infiniteRun();    
  }
}

Note that this solution is an exception to EXC32-J. Catch specific exceptions as opposed to the more general RuntimeException because it catches Throwable in an attempt to handle the error.

Risk Assessment

Allowing a system error to propagate out of a Java program may result in a denial of service attack.

Rule

Severity

Likelihood

Remediation Cost

Priority

Level

EXC03- J

low

unlikely

medium

P2

L3

Automated Detection

TODO

Related Vulnerabilities

Search for vulnerabilities resulting from the violation of this rule on the CERT website.

Other Languages

This rule appears in the C++ Secure Coding Standard as ERR30-CPP. Try to recover gracefully from unexpected errors.

References

[[JLS 05]] Section 11.2, Compile-Time Checking of Exceptions
[[Kalinovsky 04]] Chapter 16, Intercepting Control Flow - Intercepting System Errors

EXC02-J. Prevent exceptions while logging data      12. Exceptional Behavior (EXC)      EXC04-J. Prevent against inadvertent calls to System.exit() or forced shutdown

  • No labels