ishangsf/rspec
2
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
rspec/rules/S1181/cfamily/rule.adoc
Egon Okerman d1417e82f8
Modify CWE and OWASP Top 10 links to follow standard link format (APPSEC-1134) (#3529) 
* Fix all CWE references

* Fix all OWASP references

* Fix missing CWE prefixes
2024-01-15 17:15:56 +01:00

73 lines
2.3 KiB
Plaintext
Raw Permalink Blame History

== Why is this an issue?
Some exception classes are designed to be used only as base classes to more specific exceptions, for instance, ``++std::exception++`` (the base class of all standard {cpp} exceptions), ``++std::logic_error++`` or ``++std::runtime_error++``.
Catching such generic exception types is usually a bad idea because it implies that the "catch" block is clever enough to handle any type of exception.
=== Noncompliant code example
[source,cpp,diff-id=1,diff-type=noncompliant]
----
try {
/* code that may throw std::system_error */
} catch (const std::exception &ex) { // Noncompliant
/*...*/
}
----
=== Compliant solution
[source,cpp,diff-id=1,diff-type=compliant]
----
try {
/* code that may throw std::system_error */
} catch (const std::system_error &ex) {
/*...*/
}
----
=== Exceptions
There are cases, though, where you want to catch all exceptions because no exceptions should be allowed to escape the function, and generic ``++catch++`` handlers are excluded from the rule:
* In the main function
* In a class destructor
* In a ``++noexcept++`` function
* In an ``++extern "C"++`` function
Additionally, if the ``++catch++`` handler is throwing an exception (either the same as before, with ``++throw;++`` or a new one that may make more sense to the callers of the function) or is never exiting (because it calls a ``++noreturn++`` function, for instance ``++exit++``), then the accurate type of the exception usually does not matter any longer: this case is excluded too.
== Resources
* CWE - https://cwe.mitre.org/data/definitions/396[CWE-396 - Declaration of Catch for Generic Exception]
* {cpp} Core Guidelines - https://github.com/isocpp/CppCoreGuidelines/blob/e49158a/CppCoreGuidelines.md#e14-use-purpose-designed-user-defined-types-as-exceptions-not-built-in-types[E.14: Use purpose-designed user-defined types as exceptions (not built-in types)]
ifdef::env-github,rspecator-view[]
'''
== Implementation Specification
(visible only on this page)
=== Message
Catch a more specific exception instead of a generic one.
=== Highlighting
type of the variable in the catch clause
'''
== Comments And Links
(visible only on this page)
=== on 17 Aug 2016, 16:15:17 Ann Campbell wrote:
I made some tiny edits [~alban.auzeill]
include::../comments-and-links.adoc[]
endif::env-github,rspecator-view[]
Reference in New Issue View Git Blame Copy Permalink