=== is related to: S2738

=== on 21 Nov 2014, 15:15:15 Freddy Mallet wrote:
My 2 cents [~ann.campbell.2]:

* For me this rule duplicates RSPEC-1181 in Java
* And catching an Exception in Java is not at all an issue. I would even say that this is a good practice at some levels when you want to be sure to catch all possible exceptions. this is only an issue if you catch Error or Throwable exception


=== on 24 Nov 2014, 13:53:02 Ann Campbell wrote:
\[~freddy.mallet] I specifically asked [~nicolas.peru] about that & he disagreed & saw this as separate from RSPEC-1181.

=== on 25 Nov 2014, 10:56:40 Freddy Mallet wrote:
I'm going to say it differently : as a Java developer I do believe that this rule is useless and even misleading. Indeed the best practice is the following one:

* Most of the time we should catch only specialized exceptions
* But as soon we are located at the boundary of a technical stack (SonarQube <-> Plugins, Web <-> EJB, ...), generic exceptions (but not Throwable and Error, see RSPEC-1181) should be caught.

So if we activate this rule on our own portfolio, we'll generate lot of false-positives.

=== on 4 Dec 2014, 19:04:12 Ann Campbell wrote:
\[~freddy.mallet] it sounds like you'd like to see this rule closed. Does the fact that it replaces a PMD rule change your mind?

=== on 5 Dec 2014, 08:21:50 Freddy Mallet wrote:
Let me think twice about this rule [~ann.campbell.2] :), thanks

=== on 2 Feb 2015, 20:31:14 Sébastien Gioria wrote:
Could be tag OWASP Top10 2013 A6


it 's CERT Secure Coding ERR53-J

=== on 3 Feb 2015, 20:19:01 Ann Campbell wrote:
Thanks [~sebastien.gioria]. 

I'm going to skip the CERT reference; it's about ``++throw++``-ing rather than ``++catch++``-ing. Also, I don't understand how this ties to OWASP A6.